Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys file changed


  • This topic is locked This topic is locked
20 replies to this topic

#1 bandera

bandera

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 17 March 2010 - 01:37 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/302600/infected-with-malware/ ~ OB

Hi:

I have some sort of malware/spyware on my conputer. It started with antivirusplus program that downloaded on my system and after that the IE kept redirecting all my search results. I used malawarebytes and SAS to get rid of it but the computer is still slow and I have about 8 run32.dll files running in the background. I also have AVG9.0 and resident shield comes up with the following message.


Resident Shield alert
c:\windows\system32\drivers\atapi.sys object is white-listed(Critical/system file that should not be removed)

Virus identified win32/patched.ch

Also another virus notification:
win32/alureon.g

I know since it is a system file I can't remove it...so what to do next. The logs for DDS and GMer(which hung up after running for 3 hours.. so I just have partial log)are posted here.


Thanks.

-----------------------DDS LOG---------------------------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 21:37:07.10 on Fri 04/16/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637.110 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet 7100 series\bin\hpogrp07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.lyric.tzo.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Filter: text/html - {80bc75b1-c57b-4fb8-b156-6165c55d5d7a} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\wutakizu.dll voseruyi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\hvxtnoyt.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-4-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 66632]
R2 LLCPORT;LapLink.com Serial Port Driver;c:\windows\system32\drivers\llcport.sys [2007-1-24 93440]
R2 LLCSER;LapLink.com Serial Comm Driver;c:\windows\system32\drivers\llcser.sys [2007-1-24 31708]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-9 47640]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-12 126392]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 12872]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-7-1 69692]
S3 LLCMINI;LapLink.com Serial Cable Network Adapter;c:\windows\system32\drivers\LLCMINI5.SYS [2007-1-24 47520]
S3 NET1080;LapLink Inc. USB Cable Network Adapter;c:\windows\system32\drivers\NETTC.SYS [2007-1-24 12536]
S3 USBTC;USBTC;c:\windows\system32\drivers\usbtc.sys [2007-1-24 13672]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-12 103280]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]

=============== Created Last 30 ================

2010-04-17 01:29:52 0 -c--a-w- c:\documents and settings\owner\defogger_reenable

==================== Find3M ====================

2010-04-17 01:18:23 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-06 14:19:21 163 -c--a-w- c:\program files\em_175612296.bat
2009-04-08 22:14:12 1433409 --sh--w- c:\windows\system32\upedeyib.ini2
2007-03-08 23:40:57 4263 --sh--w- c:\windows\system32\winguj.sys
2009-12-08 20:47:34 0 --sh--w- c:\windows\system32\wunibuhi.exe

============= FINISH: 21:39:05.96 ===============

Attached Files


Edited by Orange Blossom, 17 March 2010 - 06:43 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 20 March 2010 - 11:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 20 March 2010 - 08:02 PM

Here are the logs...

Thanks.


��OTL Extras logfile created on: 3/20/201
0 7:56:35 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 F
older = C:\Documents and Settings\Owner\
Desktop

Windows XP Home Edition Service Pack 2 (
Version = 5.1.2600) - Type = NTWorkstati
on

Internet Explorer (Version = 7.0.5730.11
)

Locale: 00000409 | Country: United State
s | Language: ENU | Date Format: M/d/yyy
y



637.00 Mb Total Physical Memory | 174.00
Mb Available Physical Memory | 27.00% M
emory free

1.00 Gb Paging File | 0.00 Gb Available
in Paging File | 39.00% Paging File free


Paging file location(s): C:\pagefile.sys
576 1152 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\W
INDOWS | %ProgramFiles% = C:\Program Fil
es

Drive C: | 107.34 Gb Total Space | 70.65
Gb Free Space | 65.82% Space Free | Par
tition Type: NTFS

Drive D: | 4.44 Gb Total Space | 2.34 Gb
Free Space | 52.64% Space Free | Partit
ion Type: FAT32

E: Drive not present or media not loaded


F: Drive not present or media not loaded


G: Drive not present or media not loaded


H: Drive not present or media not loaded


I: Drive not present or media not loaded




Computer Name: SARITA

Current User Name: Owner

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Extra Registry
(SafeList) ==========






========== File Associati
ons ==========




[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<ex
tension>]



========== Shell Spawning
==========




[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<ke
y>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Mic
rosoft Office\Office\msohtmed.exe" %1 (M
icrosoft Corporation)

htmlfile [print] -- "C:\Program Files\Mi
crosoft Office\Office\msohtmed.exe" /p %
1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.


scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.c
pl,InstallScreenSaver %l (Microsoft Corp
oration)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system3
2\rundll32.exe %SystemRoot%\system32\she
ll32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explore
r.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.e
xe /idlist,%I,%L (Microsoft Corporation)


Folder [explore] -- %SystemRoot%\Explore
r.exe /e,/idlist,%I,%L (Microsoft Corpor
ation)

Drive [find] -- %SystemRoot%\Explorer.ex
e (Microsoft Corporation)



========== Security Cente
r Settings ==========




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\AhnlabAntiViru
s]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\ComputerAssoci
atesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\KasperskyAntiV
irus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\McAfeeAntiViru
s]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\McAfeeFirewall
]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\PandaAntiVirus
]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\PandaFirewall]




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\SophosAntiViru
s]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\SymantecAntiVi
rus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\SymantecFirewa
ll]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\TinyFirewall]




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\TrendAntiVirus
]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\TrendFirewall]




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\S
ecurity Center\Monitoring\ZoneLabsFirewa
ll]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro
lSet\Services\SharedAccess\Parameters\Fi
rewallPolicy\DomainProfile]

"EnableFirewall" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro
lSet\Services\SharedAccess\Parameters\Fi
rewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro
lSet\Services\SharedAccess\Parameters\Fi
rewallPolicy\StandardProfile\GloballyOpe
nPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabl
ed:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabl
ed:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled
:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled
:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled
:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled
:@xpsp2res.dll,-22002



========== Authorized App
lications List ==========




[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro
lSet\Services\SharedAccess\Parameters\Fi
rewallPolicy\DomainProfile\AuthorizedApp
lications\List]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro
lSet\Services\SharedAccess\Parameters\Fi
rewallPolicy\StandardProfile\AuthorizedA
pplications\List]

"C:\Program Files\PCsync\PCsync.exe" = C
:\Program Files\PCsync\PCsync.exe:*:Disa
bled:PCsync component -- (LapLink.com, I
nc.)

"C:\Program Files\Grisoft\AVG7\avginet.e
xe" = C:\Program Files\Grisoft\AVG7\avgi
net.exe:*:Enabled:avginet.exe -- File no
t found

"C:\Program Files\Grisoft\AVG7\avgamsvr.
exe" = C:\Program Files\Grisoft\AVG7\avg
amsvr.exe:*:Enabled:avgamsvr.exe -- File
not found

"C:\Program Files\Grisoft\AVG7\avgcc.exe
" = C:\Program Files\Grisoft\AVG7\avgcc.
exe:*:Enabled:avgcc.exe -- File not foun
d

"C:\Program Files\Pando Networks\Pando\p
ando.exe" = C:\Program Files\Pando Netwo
rks\Pando\pando.exe:*:Enabled:pando -- (
Pando Networks)

"C:\Program Files\BitTornado\btdownloadg
ui.exe" = C:\Program Files\BitTornado\bt
downloadgui.exe:*:Enabled:btdownloadgui
-- ()

"C:\Program Files\Crystal Decisions\Crys
tal Reports 9\crw32.exe" = C:\Program Fi
les\Crystal Decisions\Crystal Reports 9\
crw32.exe:*:Disabled:Crystal Reports --
(Crystal Decisions)

"C:\Program Files\Yahoo!\Messenger\Yahoo
Messenger.exe" = C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe:*:Enabled:
Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServ
er.exe" = C:\Program Files\Yahoo!\Messen
ger\YServer.exe:*:Enabled:Yahoo! FT Serv
er -- (Yahoo! Inc.)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDO
WS\system32\mmc.exe:*:Enabled:Microsoft
Management Console -- (Microsoft Corpora
tion)

"C:\Program Files\Common Files\SafeNet S
entinel\Sentinel Protection Server\WinNT
\spnsrvnt.exe" = C:\Program Files\Common
Files\SafeNet Sentinel\Sentinel Protect
ion Server\WinNT\spnsrvnt.exe:*:Disabled
:Sentinel Protection Server -- (SafeNet,
Inc)

"C:\Program Files\Common Files\SafeNet S
entinel\Sentinel Keys Server\sntlkeyssrv
r.exe" = C:\Program Files\Common Files\S
afeNet Sentinel\Sentinel Keys Server\snt
lkeyssrvr.exe:*:Disabled:Sentinel Keys S
erver -- (SafeNet, Inc.)

"C:\Program Files\CrossLoop\CrossLoopCon
nect.exe" = C:\Program Files\CrossLoop\C
rossLoopConnect.exe:*:Enabled:CrossLoop
- Simple Secure Screen Sharing -- (Cross
Loop)

"C:\Program Files\LimeWire\LimeWire.exe"
= C:\Program Files\LimeWire\LimeWire.ex
e:*:Enabled:LimeWire -- (Lime Wire, LLC)


"C:\Program Files\iTunes\iTunes.exe" = C
:\Program Files\iTunes\iTunes.exe:*:Enab
led:iTunes -- (Apple Inc.)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\
WINDOWS\system32\dpvsetup.exe:*:Enabled:
Microsoft DirectPlay Voice Test -- (Micr
osoft Corporation)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\e
xplorer.exe:*:Enabled:Explorer -- (Micro
soft Corporation)

"C:\Program Files\AVG\AVG8\avgtray.exe"
= C:\Program Files\AVG\AVG8\avgtray.exe:
*:Enabled:avgtray -- File not found

"C:\Program Files\America Online 9.0\wao
l.exe" = C:\Program Files\America Online
9.0\waol.exe:*:Disabled:AOL -- (America
Online, Inc.)

"C:\Program Files\Common Files\AOL\Loade
r\aolload.exe" = C:\Program Files\Common
Files\AOL\Loader\aolload.exe:*:Disabled
:AOL Application Loader -- (America Onli
ne, Inc.)

"C:\Program Files\Common Files\AOL\TopSp
eed\2.0\aoltpspd.exe" = C:\Program Files
\Common Files\AOL\TopSpeed\2.0\aoltpspd.
exe:*:Disabled:AOLTopSpeed -- (America O
nline Inc)

"C:\Program Files\Common Files\AOL\TopSp
eed\2.0\aoltsmon.exe" = C:\Program Files
\Common Files\AOL\TopSpeed\2.0\aoltsmon.
exe:*:Disabled:AOLTsMon -- (America Onli
ne, Inc)

"C:\Program Files\IncrediMail\bin\IncMai
l.exe" = C:\Program Files\IncrediMail\bi
n\IncMail.exe:*:Disabled:IncrediMail --
File not found

"C:\Program Files\IncrediMail\bin\ImpCnt
.exe" = C:\Program Files\IncrediMail\bin
\ImpCnt.exe:*:Disabled:IncrediMail -- (I
ncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImApp.
exe" = C:\Program Files\IncrediMail\bin\
ImApp.exe:*:Disabled:IncrediMail -- File
not found

"C:\Documents and Settings\Owner\Local S
ettings\Temporary Internet Files\Content
.IE5\ASP9M1A2\incredimail_install[1].exe
" = C:\Documents and Settings\Owner\Loca
l Settings\Temporary Internet Files\Cont
ent.IE5\ASP9M1A2\incredimail_install[1].
exe:*:Disabled:IncrediMail Installer --
File not found

"C:\Program Files\Common Files\AOL\11543
65368\EE\AOLServiceHost.exe" = C:\Progra
m Files\Common Files\AOL\1154365368\EE\A
OLServiceHost.exe:*:Disabled:AOL -- (Ame
rica Online, Inc.)





========== HKEY_LOCAL_MAC
HINE Uninstall List ==========




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W
indows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}"
= Microsoft Office 2000 Professional

"{04AF207D-9A77-465A-8B76-991F6AB66245}"
= Adobe Help Viewer CS3

"{0650BB10-BCF4-400A-85EE-04097E3046C6}"
= Adobe Setup

"{07EC522A-5AC5-4CC9-BD3D-3CEFA831E159}"
= Fastgrind 7.30c

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"
= Adobe Bridge Start Meeting

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"
= Recovery Software Suite eMachines

"{18455581-E099-4BA8-BC6B-F34B2F06600C}"
= Google Toolbar for Internet Explorer


"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"
= DVD Solution

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
= Google Toolbar for Internet Explorer


"{26A24AE4-039D-4CA4-87B4-2F83216016FF}"
= Java™ 6 Update 16

"{318AB667-3230-41B5-A617-CB3BF748D371}"
= iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150020}"
= J2SE Runtime Environment 5.0 Update 2


"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"
= WebFldrs XP

"{40BF1E83-20EB-11D8-97C5-0009C5020658}"
= Power2Go 4.0

"{44A537A5-859C-43A6-8285-C0668142A090}"
= iPod for Windows 2005-03-23

"{488E26CF-6FD8-46A3-ACB8-B4C2CFCBCFDF}"
= Fastg7.30

"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}"
= Sentinel Protection Installer 7.4.0

"{5A9D3314-26CD-45CD-BFFB-3DBC7251FFBA}"
= Fastgrind7.42c

"{5D95AD35-368F-47D5-B63A-A082DDF00111}"
= Microsoft Digital Image Starter Editi
on 2006 Editor

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"
= PowerDVD

"{68A35043-C55A-4237-88C9-37EE1C63ED71}"
= Microsoft Visual J# 2.0 Redistributab
le Package

"{691F4068-81BF-49E3-B32E-FE3E16400111}"
= Microsoft Digital Image Starter Editi
on 2006 Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"
= Apple Software Update

"{6D52C408-B09A-4520-9B18-475B81D393F1}"
= Microsoft Works

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"
= Adobe Asset Services CS3

"{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}"
= Crystal Reports 9

"{74AC5E96-72CF-4338-9699-C391A0AA48C3}"
= Math Resource Studio

"{7583D2F8-8E7D-40C5-9862-4D218006FB84}"
= AVG Identity Protection

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"
= Windows Backup Utility

"{792FD312-F299-4DBF-8C70-BE53DDC153A4}"
= Fastgrind7.42c

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"
= Adobe Dreamweaver CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}"
= Microsoft Visual C++ 2005 Redistribut
able

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"
= Adobe Device Central CS3

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"
= Napster Burn Engine

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"
= Adobe Type Support

"{90120000-0020-0409-0000-0000000FF1CE}"
= Compatibility Pack for the 2007 Offic
e system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"
= Adobe Anchor Service CS3

"{91120409-6000-11D3-8CFE-0150048383C9}"
= Microsoft Office Standard Edition 200
3

"{95120000-00B9-0409-0000-0000000FF1CE}"
= Microsoft Application Error Reporting


"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"
= Adobe Bridge CS3

"{9F7FC79B-3059-4264-9450-39EB368E3225}"
= Microsoft Digital Image Library 9 - B
locker

"{A06275F4-324B-4E85-95E6-87B2CD729401}"
= Windows Defender

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"
= Adobe CMaps

"{A83C6C34-3007-422A-9E56-A74996BCCDBD}"
= LogMeIn

"{AC76BA86-7AD7-1033-7B44-A70000000000}"
= Adobe Reader 7.0

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"
= REALTEK GbE & FE Ethernet PCI NIC Dri
ver

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"
= Adobe Camera Raw 4.0

"{B508B3F1-A24A-32C0-B310-85786919EF28}"
= Microsoft .NET Framework 2.0 Service
Pack 1

"{B88C4012-F72A-48F2-BF8B-33D5CCA066AF}"
= InstallShield 12 Express Edition

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"
= Adobe Default Language CS3

"{BBBCAE4B-B416-4182-A6F2-438180894A81}"
= Napster

"{BE5F3842-8309-4754-92D5-83E02E6077A3}"
= Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"
= Adobe ExtendScript Toolkit 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"
= Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"
= SUPERAntiSpyware Free Edition

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"
= Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"
= Adobe PDF Library Files

"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}"
= Microsoft Antimalware

"{E5F7BAD8-38DB-11D5-87BF-00105A17A56B}"
= LapLink USB Network cable adapter

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"
= Adobe Update Manager CS3

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"
= Apple Mobile Device Support

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}"
= PL-2303 USB-to-Serial

"{ED327CF1-61A5-11D4-8794-00105A17A56B}"
= PCsync

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}"
= Microsoft Security Essentials

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"
= Realtek High Definition Audio Driver


"{F958CA02-BB40-4007-894B-258729456EE4}"
= QuickTime

"Adobe Flash Player ActiveX" = Adobe Fla
sh Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwa
ve Player 11

"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"
= Adobe Dreamweaver CS3

"America Online us" = America Online (Ch
oose which version to remove)

"ATI Display Driver" = ATI Display Drive
r

"Audacity_is1" = Audacity 1.2.6

"BigFix" = BigFix

"Clickster1632" = Clickster

"Client Activator Wizard - Version 2.0 E
nglish" = Client Activator Wizard - Vers
ion 2.0 English

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS
_200014F1" = Soft Data Fax Modem with Sm
artCP

"Coupon Printer for Windows4.0" = Coupon
Printer for Windows

"CrossLoop_is1" = CrossLoop 2.20

"DropIn.EXE" = DropIn Activation Utiliti
es

"FTDICOMM" = FTDI USB Serial Converter D
rivers

"Gateway Game Console" = Gateway Game Co
nsole

"HijackThis" = HijackThis 2.0.2

"hp officejet 7100 series 1169843132" =
hp officejet 7100 series

"IDNMitigationAPIs" = Microsoft Internat
ionalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{44A537A5-859C-43A6-8285-
C0668142A090}" = iPod for Windows 2005-0
3-23

"LimeWire" = LimeWire 4.18.8

"Malwarebytes' Anti-Malware_is1" = Malwa
rebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" =
Microsoft .NET Framework 1.1

"Microsoft Developer Network - Visual St
udio 6.0a" = MSDN Library - Visual Studi
o 6.0a

"Microsoft Security Essentials" = Micros
oft Security Essentials

"Microsoft Visual J# 2.0 Redistributable
Package" = Microsoft Visual J# 2.0 Redi
stributable Package

"MIDI Converter Studio_is1" = MIDI Conve
rter Studio 5.8

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox (2.0.0.14)" = Mozilla F
irefox (2.0.0.14)

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft Nation
al Language Support Downlevel APIs

"NortonPCCheckup" = Norton PC Checkup

"Photags Music Express" = iConcepts Musi
c Express

"PictureItSuiteTrial_v11" = Microsoft Di
gital Image Starter Edition 2006

"Port Magic" = Pure Networks Port Magic

"Rainbow Client Activator 2.0 English" =
Client Activator 2.0 - English

"RealPlayer 6.0" = RealPlayer Basic

"UnintallSAFE" = SAFE

"UnintallSMU" = SuperPro Manufacturing U
tility

"UnintallSX" = Sentinel SuperPro

"ViewpointMediaPlayer" = Viewpoint Media
Player

"Visual Basic 6.0 Professional Edition"
= Microsoft Visual Basic 6.0 Professiona
l Edition

"VLC media player" = VideoLAN VLC media
player 0.8.2

"WebPost" = Microsoft Web Publishing Wiz
ard 1.53

"WGA" = Windows Genuine Advantage Valida
tion Tool

"WildTangent CDA" = WildTangent Web Driv
er

"Windows Media Format Runtime" = Windows
Media Format Runtime

"Windows Media Player" = Windows Media P
layer 10

"WT010651" = Penguins!

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Extras" = Yahoo! Browser Service
s

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Toolbar" = Yahoo! Toolbar

"YInstHelper" = Yahoo! Install Manager



========== HKEY_USERS Uni
nstall List ==========




[HKEY_USERS\S-1-5-21-1246549450-30555002
51-3571665829-1003\SOFTWARE\Microsoft\Wi
ndows\CurrentVersion\Uninstall]

"09f9e4673154e7b6" = Innobate Product Ke
y Recovery

"uTorrent" = �Torrent



========== Last 10 Event
Log Errors ==========




[ Application Events ]

Error - 3/16/2010 11:14:25 AM | Computer
Name = SARITA | Source = MPSampleSubmis
sion | ID = 5000

Description = EventType mptelemetry, P1
8007043c, P2 beginsearch, P3 search, P4


2.1.6519.0, P5 mpsigdwn.dll, P6 2.1.6519
.0, P7 microsoft antimalware (bcf43643-a
118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.



Error - 4/16/2010 5:05:41 PM | Computer
Name = SARITA | Source = MPSampleSubmiss
ion | ID = 5000

Description = EventType mptelemetry, P1
80072efe, P2 endsearch, P3 search, P4 2.
1.6519.0,

P5 mpsigdwn.dll, P6 2.1.6519.0, P7 micr
osoft antimalware (bcf43643-a118-4432-ae
de-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.



Error - 4/16/2010 5:05:52 PM | Computer
Name = SARITA | Source = MSSecurityEssen
tials | ID = 5000

Description =



Error - 4/16/2010 6:02:03 PM | Computer
Name = SARITA | Source = crypt32 | ID =
131080

Description = Failed auto update retriev
al of third-party root list sequence num
ber

from: <http://www.download.windowsupdat
e.com/msdownload/update/v3/static/truste
dr/en/authrootseq.txt>

with error: The connection with the ser
ver was terminated abnormally



Error - 4/16/2010 8:02:06 PM | Computer
Name = SARITA | Source = crypt32 | ID =
131080

Description = Failed auto update retriev
al of third-party root list sequence num
ber

from: <http://www.download.windowsupdat
e.com/msdownload/update/v3/static/truste
dr/en/authrootseq.txt>

with error: The connection with the ser
ver was terminated abnormally



Error - 4/16/2010 9:44:20 PM | Computer
Name = SARITA | Source = MPSampleSubmiss
ion | ID = 5000

Description = EventType mptelemetry, P1
80072efe, P2 endsearch, P3 search, P4 1.
1.1593.0,

P5 mpsigdwn.dll, P6 1.1.1593.0, P7 wind
ows defender, P8 NIL, P9 NIL, P10 NIL.



Error - 4/17/2010 8:27:34 AM | Computer
Name = SARITA | Source = Application Err
or | ID = 1000

Description = Faulting application gmer.
exe, version 1.0.15.15281, faulting modu
le

gmer.exe, version 1.0.15.15281, fault a
ddress 0x0005c887.



Error - 4/17/2010 10:27:40 AM | Computer
Name = SARITA | Source = MsiInstaller |
ID = 11704

Description = Product: Microsoft Office
Standard Edition 2003 -- Error 1704. An


installation for Microsoft Office 2000 P
rofessional is currently suspended. You


must undo the changes made by that inst
allation to continue. Do you want to un
do

those changes?



Error - 4/17/2010 11:14:26 AM | Computer
Name = SARITA | Source = MPSampleSubmis
sion | ID = 5000

Description = EventType mptelemetry, P1
80072efe, P2 endsearch, P3 search, P4 2.
1.6519.0,

P5 mpsigdwn.dll, P6 2.1.6519.0, P7 micr
osoft antimalware (bcf43643-a118-4432-ae
de-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.



Error - 4/17/2010 11:14:48 AM | Computer
Name = SARITA | Source = MSSecurityEsse
ntials | ID = 5000

Description =



[ System Events ]

Error - 4/17/2010 8:33:02 AM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7000

Description = The Sntnlusb service faile
d to start due to the following error:
%%2



Error - 4/17/2010 8:33:02 AM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7026

Description = The following boot-start o
r system-start driver(s) failed to load:


i8042prt



Error - 4/17/2010 11:14:13 AM | Computer
Name = SARITA | Source = Microsoft Anti
malware | ID = 2001

Description = %%861 has encountered an e
rror trying to update signatures. Ne
w Signature

Version: Previous Signature Versio
n: 1.77.750.0 Update Source: %%859
Update Stage:

%%852 Source Path: http://www.micro
soft.com Signature Type: %%800 U
pdate Type: %%803



User:

NT AUTHORITY\SYSTEM Current Engine
Version: Previous Engine Version: 1
.1.5502.0 Error

code: 0x80072efe Error description:
The connection with the server was term
inated

abnormally



Error - 4/17/2010 2:08:26 PM | Computer
Name = SARITA | Source = Dhcp | ID = 100
2

Description = The IP address lease 192.1
68.1.103 for the Network Card with netwo
rk

address 001676BBB8C3 has been denied b
y the DHCP server 192.168.1.1 (The DHCP
Server

sent a DHCPNACK message).



Error - 4/17/2010 2:10:00 PM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7000

Description = The Sntnlusb service faile
d to start due to the following error:
%%2



Error - 4/17/2010 2:10:00 PM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7026

Description = The following boot-start o
r system-start driver(s) failed to load:


i8042prt



Error - 3/20/2010 7:46:38 PM | Computer
Name = SARITA | Source = Dhcp | ID = 100
2

Description = The IP address lease 192.1
68.1.102 for the Network Card with netwo
rk

address 001676BBB8C3 has been denied b
y the DHCP server 192.168.1.1 (The DHCP
Server

sent a DHCPNACK message).



Error - 3/20/2010 7:48:20 PM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7000

Description = The Sntnlusb service faile
d to start due to the following error:
%%2



Error - 3/20/2010 7:48:20 PM | Computer
Name = SARITA | Source = Service Control
Manager | ID = 7026

Description = The following boot-start o
r system-start driver(s) failed to load:


i8042prt



Error - 3/20/2010 7:52:15 PM | Computer
Name = SARITA | Source = Windows Update
Agent | ID = 16

Description = Unable to Connect: Windows
is unable to connect to the automatic u
pdates

service and therefore cannot download a
nd install updates according to the set


schedule. Windows will continue to try t
o establish a connection.





< End of report >





--------------------------------------------------------------------------------
��OTL logfile created on: 3/20/2010 7:56:
35 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 F
older = C:\Documents and Settings\Owner\
Desktop

Windows XP Home Edition Service Pack 2 (
Version = 5.1.2600) - Type = NTWorkstati
on

Internet Explorer (Version = 7.0.5730.11
)

Locale: 00000409 | Country: United State
s | Language: ENU | Date Format: M/d/yyy
y



637.00 Mb Total Physical Memory | 174.00
Mb Available Physical Memory | 27.00% M
emory free

1.00 Gb Paging File | 0.00 Gb Available
in Paging File | 39.00% Paging File free


Paging file location(s): C:\pagefile.sys
576 1152 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\W
INDOWS | %ProgramFiles% = C:\Program Fil
es

Drive C: | 107.34 Gb Total Space | 70.65
Gb Free Space | 65.82% Space Free | Par
tition Type: NTFS

Drive D: | 4.44 Gb Total Space | 2.34 Gb
Free Space | 52.64% Space Free | Partit
ion Type: FAT32

E: Drive not present or media not loaded


F: Drive not present or media not loaded


G: Drive not present or media not loaded


H: Drive not present or media not loaded


I: Drive not present or media not loaded




Computer Name: SARITA

Current User Name: Owner

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Processes (Saf
eList) ==========




PRC - [2010/03/20 19:55:47 | 000,555,520
| ---- | M] (OldTimer Tools) -- C:\Docu
ments and Settings\Owner\Desktop\OTL.exe


PRC - [2010/02/28 15:11:03 | 002,012,912
| ---- | M] (SUPERAntiSpyware.com) -- C
:\Program Files\SUPERAntiSpyware\SUPERAN
TISPYWARE.EXE

PRC - [2010/02/21 06:03:12 | 001,093,208
| ---- | M] (Microsoft Corporation) --
C:\Program Files\Microsoft Security Esse
ntials\msseces.exe

PRC - [2009/12/09 19:02:38 | 000,017,904
| ---- | M] (Microsoft Corporation) --
c:\Program Files\Microsoft Security Esse
ntials\MsMpEng.exe

PRC - [2009/12/09 19:02:36 | 000,202,776
| ---- | M] (Microsoft Corporation) --
c:\Program Files\Microsoft Security Esse
ntials\MpCmdRun.exe

PRC - [2009/08/24 18:49:41 | 000,126,392
| R--- | M] (Symantec Corporation) -- C
:\Program Files\Norton PC Checkup\Norton
PC Checkup\Engine\2.0.2.506\ccSvcHst.ex
e

PRC - [2007/08/27 12:27:48 | 000,068,856
| ---- | M] (Google Inc.) -- C:\Program
Files\Google\GoogleToolbarNotifier\Goog
leToolbarNotifier.exe

PRC - [2007/06/13 06:23:07 | 001,033,216
| ---- | M] (Microsoft Corporation) --
C:\WINDOWS\explorer.exe

PRC - [2006/11/03 18:20:12 | 000,866,584
| ---- | M] (Microsoft Corporation) --
C:\Program Files\Windows Defender\MSASCu
i.exe

PRC - [2006/11/03 18:19:58 | 000,013,592
| ---- | M] (Microsoft Corporation) --
C:\Program Files\Windows Defender\MsMpEn
g.exe

PRC - [2005/12/28 07:21:37 | 000,270,336
| ---- | M] () -- C:\Program Files\iCon
cepts Music Express\MEAutoDetect.exe

PRC - [2003/06/25 02:19:18 | 000,188,416
| ---- | M] (Hewlett-Packard Co.) -- C:
\Program Files\Hewlett-Packard\AiO\Share
d\Bin\hpofxm07.exe

PRC - [2003/06/25 01:41:06 | 000,294,912
| ---- | M] (Hewlett-Packard Co.) -- C:
\Program Files\Hewlett-Packard\AiO\Share
d\Bin\hposts07.exe

PRC - [2003/06/25 00:59:16 | 000,299,008
| ---- | M] (Hewlett-Packard Co.) -- C:
\Program Files\Hewlett-Packard\AiO\Share
d\Bin\hpoevm07.exe

PRC - [2003/06/25 00:23:40 | 000,495,682
| ---- | M] (Hewlett-Packard Co.) -- C:
\Program Files\Hewlett-Packard\AiO\hp of
ficejet 7100 series\Bin\hpogrp07.exe





========== Modules (SafeL
ist) ==========




MOD - [2010/03/20 19:55:47 | 000,555,520
| ---- | M] (OldTimer Tools) -- C:\Docu
ments and Settings\Owner\Desktop\OTL.exe


MOD - [2006/08/25 11:45:55 | 001,054,208
| ---- | M] (Microsoft Corporation) --
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.
Common-Controls_6595b64144ccf1df_6.0.260
0.2982_x-ww_ac3f9c03\comctl32.dll





========== Win32 Services
(SafeList) ==========




SRV - [2009/12/09 19:02:38 | 000,017,904
| ---- | M] (Microsoft Corporation) [Au
to | Running] -- c:\Program Files\Micros
oft Security Essentials\MsMpEng.exe -- (
MsMpSvc)

SRV - [2009/12/04 16:16:40 | 000,103,280
| R--- | M] (Symantec Corporation) [Dis
abled | Stopped] -- C:\Program Files\Nor
ton PC Checkup\Norton PC Checkup\Engine\
2.0.2.506\SymcPCCULaunchSvc.exe -- (Nort
on PC Checkup Application Launcher)

SRV - [2009/08/24 18:49:41 | 000,126,392
| R--- | M] (Symantec Corporation) [Unk
nown | Running] -- C:\Program Files\Nort
on PC Checkup\Norton PC Checkup\Engine\2
.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2008/11/18 22:10:22 | 000,116,032
| ---- | M] (LogMeIn, Inc.) [Disabled |
Stopped] -- C:\Program Files\LogMeIn\x8
6\RaMaint.exe -- (LMIMaint)

SRV - [2008/01/22 12:43:28 | 000,654,848
| ---- | M] (Macrovision Europe Ltd.) [
Disabled | Stopped] -- C:\Program Files\
Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe -- (FL
EXnet Licensing Service)

SRV - [2007/09/12 11:20:58 | 000,063,040
| ---- | M] (LogMeIn, Inc.) [Disabled |
Stopped] -- C:\Program Files\LogMeIn\x8
6\LogMeIn.exe -- (LogMeIn)

SRV - [2007/04/27 07:40:00 | 000,206,400
| ---- | M] (SafeNet, Inc) [Disabled |
Stopped] -- C:\Program Files\Common File
s\SafeNet Sentinel\Sentinel Protection S
erver\WinNT\spnsrvnt.exe -- (SentinelPro
tectionServer)

SRV - [2007/04/27 01:00:04 | 000,316,992
| ---- | M] (SafeNet, Inc.) [Disabled |
Stopped] -- C:\Program Files\Common Fil
es\SafeNet Sentinel\Sentinel Keys Server
\sntlkeyssrvr.exe -- (SentinelKeysServer
)

SRV - [2007/02/19 15:42:03 | 000,078,536
| ---- | M] (Macrovision
) [
On_Demand | Stopped] -- C:\Program Files
\Common Files\InstallShield Shared\Servi
ce\InstallShield Licensing Service.exe -
- (InstallShield Licensing Service)

SRV - [2006/11/03 18:19:58 | 000,013,592
| ---- | M] (Microsoft Corporation) [Au
to | Running] -- C:\Program Files\Window
s Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/07/31 12:49:58 | 000,172,032
| ---- | M] (New Boundary Technologies,
Inc.) [Disabled | Stopped] -- C:\Progra
m Files\Common Files\New Boundary\PrismX
L\PRISMXL.SYS -- (PrismXL)

SRV - [2004/10/15 16:54:14 | 000,100,016
| ---- | M] (America Online, Inc) [Disa
bled | Stopped] -- C:\Program Files\Comm
on Files\AOL\TopSpeed\2.0\aoltsmon.exe -
- (AOL TopSpeedMonitor)





========== Driver Service
s (SafeList) ==========




DRV - [2010/04/17 14:09:29 | 000,028,880
| ---- | M] (Microsoft Corporation) [Ke
rnel | System | Running] -- C:\Documents
and Settings\All Users\Application Data
\Microsoft\Microsoft Antimalware\Definit
ion Updates\{A9C0020B-6B04-4B50-BD32-5FD
8CD640D23}\MpKsla970bdc2.sys -- (MpKsla9
70bdc2)

DRV - [2010/02/28 15:11:03 | 000,066,632
| ---- | M] (SUPERAdBlocker.com and SUP
ERAntiSpyware.com) [Kernel | System | Ru
nning] -- C:\Program Files\SUPERAntiSpyw
are\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/28 15:11:03 | 000,012,872
| ---- | M] (SUPERAdBlocker.com and SUP
ERAntiSpyware.com) [Kernel | System | Ru
nning] -- C:\Program Files\SUPERAntiSpyw
are\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/02/28 15:11:03 | 000,012,872
| ---- | M] ( SUPERAdBlocker.com and SU
PERAntiSpyware.com) [Kernel | On_Demand
| Running] -- C:\Program Files\SUPERAnti
Spyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/12/02 16:23:40 | 000,149,040
| ---- | M] (Microsoft Corporation) [Fi
le_System | System | Running] -- C:\WIND
OWS\system32\drivers\MpFilter.sys -- (Mp
Filter)

DRV - [2008/11/18 22:10:10 | 000,047,640
| ---- | M] (LogMeIn, Inc.) [File_Syste
m | Auto | Running] -- C:\WINDOWS\system
32\drivers\LMIRfsDriver.sys -- (LMIRfsDr
iver)

DRV - [2008/11/18 22:10:09 | 000,083,288
| ---- | M] (LogMeIn, Inc.) [File_Syste
m | Disabled | Stopped] -- C:\WINDOWS\sy
stem32\LMIRfsClientNP.dll -- (LMIRfsClie
ntNP)

DRV - [2008/02/28 15:31:50 | 000,012,856
| ---- | M] (LogMeIn, Inc.) [Kernel | A
uto | Running] -- C:\Program Files\LogMe
In\x86\rainfo.sys -- (LMIInfo)

DRV - [2007/04/27 07:40:00 | 000,090,688
| ---- | M] (SafeNet, Inc.) [Kernel | A
uto | Running] -- C:\WINDOWS\System32\Dr
ivers\SENTINEL.SYS -- (Sentinel)

DRV - [2006/07/31 13:03:30 | 000,008,552
| ---- | M] (Windows ® 2000 DDK provi
der) [Kernel | Auto | Running] -- C:\WIN
DOWS\system32\drivers\asctrm.sys -- (ASC
TRM)

DRV - [2006/05/17 21:49:02 | 000,061,067
| R--- | M] (FTDI Ltd.) [Kernel | On_De
mand | Stopped] -- C:\WINDOWS\system32\d
rivers\ftser2k.sys -- (FTSER2K)

DRV - [2006/05/17 21:48:50 | 000,047,249
| R--- | M] (FTDI Ltd.) [Kernel | On_De
mand | Stopped] -- C:\WINDOWS\system32\d
rivers\ftdibus.sys -- (FTDIBUS)

DRV - [2006/04/06 17:20:44 | 004,258,816
| ---- | M] (Realtek Semiconductor Corp
.) [Kernel | On_Demand | Running] -- C:\
WINDOWS\system32\drivers\RtkHDAud.Sys --
(IntcAzAudAddService) Service for Realt
ek HD Audio (WDM)

DRV - [2006/01/18 21:41:00 | 000,080,512
| ---- | M] (Realtek Semiconductor Corp
oration ) [Ker
nel | On_Demand | Running] -- C:\WINDOWS
\system32\drivers\Rtnicxp.sys -- (RTL802
3xp)

DRV - [2006/01/16 00:48:08 | 001,477,632
| ---- | M] (ATI Technologies Inc.) [Ke
rnel | On_Demand | Running] -- C:\WINDOW
S\system32\drivers\ati2mtag.sys -- (ati2
mtag)

DRV - [2005/03/17 12:51:16 | 001,033,600
| ---- | M] (Conexant Systems, Inc.) [K
ernel | On_Demand | Running] -- C:\WINDO
WS\system32\drivers\HSF_DPV.sys -- (HSF_
DPV)

DRV - [2005/03/17 12:50:36 | 000,221,440
| ---- | M] (Conexant Systems, Inc.) [K
ernel | On_Demand | Running] -- C:\WINDO
WS\system32\drivers\HSFHWBS2.sys -- (HSF
HWBS2)

DRV - [2005/03/17 12:50:32 | 000,705,280
| ---- | M] (Conexant Systems, Inc.) [K
ernel | On_Demand | Running] -- C:\WINDO
WS\system32\drivers\HSF_CNXT.sys -- (win
achsf)

DRV - [2005/01/07 20:07:18 | 000,138,752
| ---- | M] (Windows ® Server 2003 DD
K provider) [Kernel | On_Demand | Runnin
g] -- C:\WINDOWS\system32\drivers\Hdaudb
us.sys -- (HDAudBus)

DRV - [2004/11/10 20:30:18 | 000,024,832
| ---- | M] (Roxio) [Kernel | System |
Running] -- C:\WINDOWS\system32\drivers\
cdralw2k.sys -- (Cdralw2k)

DRV - [2004/11/10 20:27:34 | 000,044,288
| ---- | M] (Roxio) [Kernel | System |
Running] -- C:\WINDOWS\system32\drivers\
cdr4_xp.sys -- (Cdr4_xp)

DRV - [2004/08/04 09:07:44 | 000,043,008
| ---- | M] (Advanced Micro Devices, In
c.) [Kernel | Boot | Running] -- C:\WIND
OWS\system32\DRIVERS\amdagp.sys -- (amda
gp)

DRV - [2004/08/04 09:07:44 | 000,041,088
| ---- | M] (Silicon Integrated Systems
Corporation) [Kernel | Boot | Running]
-- C:\WINDOWS\system32\DRIVERS\sisagp.sy
s -- (sisagp)

DRV - [2004/08/04 01:31:34 | 000,020,992
| ---- | M] (Realtek Semiconductor Corp
oration) [Kernel | On_Demand | Stopped]
-- C:\WINDOWS\system32\drivers\RTL8139.s
ys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/28 12:08:56 | 000,042,752
| ---- | M] (Prolific Technology Inc.)
[Kernel | On_Demand | Stopped] -- C:\WIN
DOWS\system32\drivers\ser2pl.sys -- (Ser
2pl)

DRV - [2003/01/10 17:13:04 | 000,033,588
| ---- | M] (America Online, Inc.) [Ker
nel | On_Demand | Stopped] -- C:\WINDOWS
\system32\drivers\wanatw4.sys -- (wanatw
) WAN Miniport (ATW)

DRV - [2001/10/05 21:52:12 | 000,031,708
| ---- | M] (LapLink.com, Inc.) [Kernel
| Auto | Running] -- C:\WINDOWS\system3
2\drivers\llcser.sys -- (LLCSER)

DRV - [2001/10/05 21:51:40 | 000,093,440
| ---- | M] (LapLink.com, Inc.) [Kernel
| Auto | Running] -- C:\WINDOWS\system3
2\drivers\llcport.sys -- (LLCPORT)

DRV - [2001/10/05 21:51:20 | 000,047,520
| ---- | M] (LapLink.com, Inc.) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\sy
stem32\drivers\LLCMINI5.SYS -- (LLCMINI)


DRV - [2001/08/18 00:07:44 | 000,019,072
| ---- | M] (Adaptec, Inc.) [Kernel | B
oot | Running] -- C:\WINDOWS\system32\DR
IVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/18 00:07:42 | 000,030,688
| ---- | M] (LSI Logic) [Kernel | Boot
| Running] -- C:\WINDOWS\system32\DRIVER
S\sym_u3.sys -- (sym_u3)

DRV - [2001/08/18 00:07:40 | 000,028,384
| ---- | M] (LSI Logic) [Kernel | Boot
| Running] -- C:\WINDOWS\system32\DRIVER
S\sym_hi.sys -- (sym_hi)

DRV - [2001/08/18 00:07:36 | 000,032,640
| ---- | M] (LSI Logic) [Kernel | Boot
| Running] -- C:\WINDOWS\system32\DRIVER
S\symc8xx.sys -- (symc8xx)

DRV - [2001/08/18 00:07:34 | 000,016,256
| ---- | M] (Symbios Logic Inc.) [Kerne
l | Boot | Running] -- C:\WINDOWS\system
32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 23:52:22 | 000,036,736
| ---- | M] (Promise Technology, Inc.)
[Kernel | Boot | Running] -- C:\WINDOWS\
system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 23:52:20 | 000,045,312
| ---- | M] (QLogic Corporation) [Kerne
l | Boot | Running] -- C:\WINDOWS\system
32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 23:52:20 | 000,040,320
| ---- | M] (QLogic Corporation) [Kerne
l | Boot | Running] -- C:\WINDOWS\system
32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 23:52:18 | 000,049,024
| ---- | M] (QLogic Corporation) [Kerne
l | Boot | Running] -- C:\WINDOWS\system
32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 23:52:16 | 000,179,584
| ---- | M] (Mylex Corporation) [Kernel
| Boot | Running] -- C:\WINDOWS\system3
2\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 23:52:12 | 000,017,280
| ---- | M] (American Megatrends Inc.)
[Kernel | Boot | Running] -- C:\WINDOWS\
system32\DRIVERS\mraid35x.sys -- (mraid3
5x)

DRV - [2001/08/17 23:52:00 | 000,026,496
| ---- | M] (Advanced System Products,
Inc.) [Kernel | Boot | Running] -- C:\WI
NDOWS\system32\DRIVERS\asc.sys -- (asc)


DRV - [2001/08/17 23:51:58 | 000,014,848
| ---- | M] (Advanced System Products,
Inc.) [Kernel | Boot | Running] -- C:\WI
NDOWS\system32\DRIVERS\asc3550.sys -- (a
sc3550)

DRV - [2001/08/17 23:51:56 | 000,005,248
| ---- | M] (Acer Laboratories Inc.) [K
ernel | Boot | Running] -- C:\WINDOWS\sy
stem32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 23:51:54 | 000,006,656
| ---- | M] (CMD Technology, Inc.) [Ker
nel | Boot | Running] -- C:\WINDOWS\syst
em32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001/08/17 22:10:58 | 000,069,692
| ---- | M] (3Com Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\sys
tem32\drivers\el575ND5.sys -- (el575nd5)


DRV - [2000/09/05 11:12:26 | 000,013,672
| ---- | M] (NetChip Technology, Inc.)
[Kernel | On_Demand | Stopped] -- C:\WIN
DOWS\system32\drivers\usbtc.sys -- (USBT
C)

DRV - [2000/09/05 11:08:44 | 000,012,536
| ---- | M] (NetChip Technology, Inc.)
[Kernel | On_Demand | Stopped] -- C:\WIN
DOWS\system32\drivers\NETTC.SYS -- (NET1
080)





========== Standard Regis
try (SafeList) ==========






========== Internet Explo
rer ==========




IE - HKLM\SOFTWARE\Microsoft\Internet Ex
plorer\Main,Local Page = %SystemRoot%\sy
stem32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Ex
plorer\Main,Start Page = http://www.msn.
com/

IE - HKLM\SOFTWARE\Microsoft\Internet Ex
plorer\Search,Default_Search_URL = http:
//www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Ex
plorer\Search,SearchAssistant = http://w
ww.google.com/ie





IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Default_page_URL = h
ttp://www.gateway.com/g/startpage.html?C
h=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T351
6

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Search Page = http:/
/www.google.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Int
ernet Explorer\Main,SearchMigratedDefaul
tName = Google

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Int
ernet Explorer\Main,SearchMigratedDefaul
tURL = http://www.google.com/search?q={s
earchTerms}&sourceid=ie7&rls=com.microso
ft:en-US&ie=utf8&oe=utf8

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Start Page = http://
www.gateway.com/g/startpage.html?Ch=Reta
il&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516

IE - HKU\.DEFAULT\..\URLSearchHook: {A3B
C75A2-1F87-4686-AA43-5347D756017C} - Reg
Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Win
dows\CurrentVersion\Internet Settings: "
ProxyEnable" = 0



IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Default_page_URL = h
ttp://www.gateway.com/g/startpage.html?C
h=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T351
6

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Search Page = http:/
/www.google.com

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Int
ernet Explorer\Main,SearchMigratedDefaul
tName = Google

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Int
ernet Explorer\Main,SearchMigratedDefaul
tURL = http://www.google.com/search?q={s
earchTerms}&sourceid=ie7&rls=com.microso
ft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Int
ernet Explorer\Main,Start Page = http://
www.gateway.com/g/startpage.html?Ch=Reta
il&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516

IE - HKU\S-1-5-18\..\URLSearchHook: {A3B
C75A2-1F87-4686-AA43-5347D756017C} - Reg
Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Win
dows\CurrentVersion\Internet Settings: "
ProxyEnable" = 0





IE - HKU\S-1-5-20\Software\Microsoft\Win
dows\CurrentVersion\Internet Settings: "
ProxyEnable" = 0



IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Main,Search Page = http://w
ww.google.com

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Main,SearchMigratedDefaultN
ame = Google

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Main,SearchMigratedDefaultU
RL = http://www.google.com/search?q={sea
rchTerms}&sourceid=ie7&rls=com.microsoft
:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Main,Secondary Start Pages
= http://webmail.fuse.net/webedge [binar
y data]

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Main,Start Page = http://ww
w.yahoo.com/

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Inter
net Explorer\Search,SearchAssistant = ht
tp://www.google.com/ie

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\Software\Microsoft\Windo
ws\CurrentVersion\Internet Settings: "Pr
oxyEnable" = 0

IE - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\Software\Microsoft\Windo
ws\CurrentVersion\Internet Settings: "Pr
oxyOverride" = *.local



========== FireFox ======
====




FF - prefs.js..network.proxy.no_proxies_
on: "*.local"



FF - HKLM\software\mozilla\Mozilla Firef
ox 2.0.0.14\extensions\\Components: C:\P
rogram Files\Mozilla Firefox\components
[2009/12/17 18:05:12 | 000,000,000 | ---
D | M]

FF - HKLM\software\mozilla\Mozilla Firef
ox 2.0.0.14\extensions\\Plugins: C:\Prog
ram Files\Mozilla Firefox\plugins [2009/
09/01 13:27:22 | 000,000,000 | ---D | M]




[2008/05/01 15:35:05 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Owne
r\Application Data\Mozilla\Firefox\Profi
les\hvxtnoyt.default\extensions

[2009/12/17 18:07:11 | 000,000,000 | ---
D | M] -- C:\Program Files\Mozilla Firef
ox\extensions

[2008/05/01 15:34:55 | 000,000,000 | ---
D | M] -- C:\Program Files\Mozilla Firef
ox\extensions\talkback@mozilla.org

[2008/04/07 02:59:01 | 000,067,696 | ---
- | M] (Mozilla Foundation) -- C:\Progra
m Files\Mozilla Firefox\components\jar50
.dll

[2008/04/07 02:59:02 | 000,054,376 | ---
- | M] (Mozilla Foundation) -- C:\Progra
m Files\Mozilla Firefox\components\jsd32
50.dll

[2008/04/07 02:59:03 | 000,034,952 | ---
- | M] (Mozilla Foundation) -- C:\Progra
m Files\Mozilla Firefox\components\myspe
ll.dll

[2008/04/07 02:59:03 | 000,046,720 | ---
- | M] (Mozilla Foundation) -- C:\Progra
m Files\Mozilla Firefox\components\spell
chk.dll

[2008/04/07 02:59:04 | 000,172,144 | ---
- | M] (Mozilla Foundation) -- C:\Progra
m Files\Mozilla Firefox\components\xpins
tal.dll



O1 HOSTS File: ([2010/03/14 10:38:26 | 0
00,000,726 | ---- | M]) - C:\WINDOWS\sys
tem32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849
E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Pr
ogram Files\Adobe\Acrobat 7.0\ActiveX\Ac
roIEHelper.dll (Adobe Systems Incorporat
ed)

O2 - BHO: (Yahoo! IE Services Button) -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.
dll (Yahoo! Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser:
(Google Toolbar) - {2318C2B1-4965-11D4-
9B18-009027A5CD4F} - C:\Program Files\Go
ogle\Google Toolbar\GoogleToolbar.dll Fi
le not found

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser:
(Google Toolbar) - {2318C2B1-4965-11D4-
9B18-009027A5CD4F} - C:\Program Files\Go
ogle\Google Toolbar\GoogleToolbar.dll Fi
le not found

O3 - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\..\Toolbar\WebBrowser: (
Google Toolbar) - {2318C2B1-4965-11D4-9B
18-009027A5CD4F} - C:\Program Files\Goog
le\Google Toolbar\GoogleToolbar.dll File
not found

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alc
mtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [MSSE] c:\Program Files
\Microsoft Security Essentials\msseces.e
xe (Microsoft Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\S
MINST\Recguard.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\P
rogram Files\Windows Defender\MSASCui.ex
e (Microsoft Corporation)

O4 - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003..\Run: [SUPERAntiSpyware
] C:\Program Files\SUPERAntiSpyware\SUPE
RANTISPYWARE.EXE (SUPERAntiSpyware.com)


O4 - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\Googl
eToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003..\RunOnce: [FlashPlayerU
pdate] C:\WINDOWS\system32\Macromed\Flas
h\FlashUtil10a.exe (Adobe Systems, Inc.)


O4 - Startup: C:\Documents and Settings\
All Users\Start Menu\Programs\Startup\Au
to Detect.lnk = C:\Program Files\iConcep
ts Music Express\MEAutoDetect.exe ()

O4 - Startup: C:\Documents and Settings\
All Users\Start Menu\Programs\Startup\HP
AiODevice(hp officejet 7100 series) - 1.
lnk = C:\Program Files\Hewlett-Packard\A
iO\hp officejet 7100 series\Bin\hpogrp07
.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\
All Users\Start Menu\Programs\Startup\Mi
crosoft Office.lnk = C:\Program Files\Mi
crosoft Office\Office\OSA9.EXE (Microsof
t Corporation)

O6 - HKLM\Software\Policies\Microsoft\In
ternet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\In
ternet Explorer\PhishingFilter present

O6 - HKLM\SOFTWARE\Microsoft\Windows\Cur
rentVersion\policies\Explorer: HonorAuto
RunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: N
oDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: C
DRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: N
oDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: C
DRAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: N
oDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Win
dows\CurrentVersion\policies\Explorer: N
oDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1246549450-3055500251-
3571665829-1003\SOFTWARE\Microsoft\Windo
ws\CurrentVersion\policies\Explorer: NoD
riveTypeAutoRun = 145

O9 - Extra Button: Yahoo! Services - {5B
AB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:
\Program Files\Yahoo!\Common\yiesrvc.dll
(Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries
\000000000004 [] - C:\Program Files\Bonj
our\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1246549450-3055500251
-3571665829-1003\..Trusted Domains: //@i
nstall.mar@/ ([]msni in My Computer)

O15 - HKU\S-1-5-21-1246549450-3055500251
-3571665829-1003\..Trusted Domains: //@m
ail.mar@/ ([]msni in Local intranet)

O15 - HKU\S-1-5-21-1246549450-3055500251
-3571665829-1003\..Trusted Domains: aol.
com ([objects] * is out of zone range -
5)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FF
A846DF7E} http://www.musicnotes.com/down
load/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {17492023-C23A-453E-A040-C7C5
80BBF700} http://download.microsoft.com/
download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d
0d2d160e512/LegitCheckControl.cab (Windo
ws Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d
4f56a2ab} C:\Program Files\Yahoo!\Common
\Yinsthelper.dll (Installation Support)


O16 - DPF: {7584C670-2274-4EFB-B00B-D6AA
BA6D3850} https://www.lyric.tzo.com/Remo
te/msrdp.cab (Microsoft RDP Client Contr
ol (redist))

O16 - DPF: {8AD9C840-044E-11D1-B3E9-0080
5F499D93} http://java.sun.com/update/1.6
.0/jinstall-1_6_0_16-windows-i586.cab (J
ava Plug-in 1.6.0_16)

O16 - DPF: {A084A130-28AE-4B32-B51A-1C8C
E164BC88} http://www.convergysworkathome
.com/AppHardT.CAB (WNICheck2 Class)

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8AB
CA09EC09} https://h17000.www1.hp.com/ewf
rf-JAVA/Secure/HPGetDownloadManager.ocx
(Get_ActiveX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCD
EFFEDCBA} http://java.sun.com/update/1.6
.0/jinstall-1_6_0_16-windows-i586.cab (J
ava Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCD
EFFEDCBA} http://java.sun.com/update/1.6
.0/jinstall-1_6_0_16-windows-i586.cab (J
ava Plug-in 1.6.0_16)

O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.c
ab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Par
ameters: DhcpNameServer = 216.68.4.10 21
6.68.5.10

O20 - HKLM Winlogon: Shell - (Explorer.e
xe) - C:\WINDOWS\explorer.exe (Microsoft
Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllN
ame - C:\Program Files\SUPERAntiSpyware\
SASWINLO.DLL - C:\Program Files\SUPERAnt
iSpyware\SASWINLO.DLL (SUPERAntiSpyware.
com)

O20 - Winlogon\Notify\AtiExtEvent: DllNa
me - Ati2evxx.dll - C:\WINDOWS\System32\
ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LMIinit: DllName -
LMIinit.dll - C:\WINDOWS\System32\LMIin
it.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\
Wallpaper\emachines.bmp

O24 - Desktop BackupWallPaper: C:\WINDOW
S\Web\Wallpaper\emachines.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-
39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Progra
m Files\Windows Defender\MpShHook.dll (M
icrosoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-
9AFB-48E0-853A-EBB7F4A000DA} - C:\Progra
m Files\SUPERAntiSpyware\SASSEH.DLL (Sup
erAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:3
6 | 000,000,000 | ---- | M] () - C:\AUTO
EXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 12:15:2
4 | 000,000,053 | -HS- | M] () - D:\Auto
run.inf -- [ FAT32 ]

O32 - AutoRun File - [2003/08/08 17:24:2
6 | 000,000,045 | -HS- | M] () - D:\auto
run.inf.aug.8 -- [ FAT32 ]

O33 - MountPoints2\{09f816e9-20c0-11db-a
73d-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{09f816e9-20c0-11db-a
73d-806d6172696f}\Shell\AutoRun - "" = A
uto&Play

O33 - MountPoints2\{5a001031-20b3-11db-b
386-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{5a001031-20b3-11db-b
386-806d6172696f}\Shell\AutoRun - "" = A
uto&Play

O33 - MountPoints2\{88636a5e-20bc-11db-b
389-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{88636a5e-20bc-11db-b
389-00038a000015}\Shell\1\Command - "" =
.\RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{88636a5e-20bc-11db-b
389-00038a000015}\Shell\2\Command - "" =
.\RECYCLER\RECYCLER\autorun.exe

O33 - MountPoints2\{88636a5e-20bc-11db-b
389-00038a000015}\Shell\AutoRun - "" = A
uto&Play

O33 - MountPoints2\{bd33cdfb-ad78-11db-a
109-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{bd33cdfb-ad78-11db-a
109-00038a000015}\Shell\AutoRun - "" = A
uto&Play

O33 - MountPoints2\{bd33cdfb-ad78-11db-a
109-00038a000015}\Shell\AutoRun\command
- "" = F:\LaunchU3.exe -- File not found


O33 - MountPoints2\D\Shell - "" = AutoRu
n

O33 - MountPoints2\D\Shell\AutoRun - ""
= Auto&Play

O33 - MountPoints2\F\Shell - "" = AutoRu
n

O33 - MountPoints2\F\Shell\AutoRun - ""
= Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\comma
nd - "" = F:\LaunchU3.exe -- File not fo
und

O34 - HKLM BootExecute: (autocheck autoc
hk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1"
%*

O37 - HKLM\...exe [@ = exefile] -- "%1"
%*



NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [
2006/05/06 20:37:54 | 000,000,000 | ---D
| M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not foun
d

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.d
ll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found



MsConfig - Services: "SentinelProtection
Server"

MsConfig - Services: "SentinelKeysServer
"

MsConfig - Services: "Norton PC Checkup
Application Launcher"

MsConfig - Services: "JavaQuickStarterSe
rvice"

MsConfig - Services: "iPod Service"

MsConfig - Services: "InstallShield Lice
nsing Service"

MsConfig - Services: "gusvc"

MsConfig - Services: "FLEXnet Licensing
Service"

MsConfig - Services: "Ati HotKey Poller"


MsConfig - Services: "Apple Mobile Devic
e"

MsConfig - Services: "AOL TopSpeedMonito
r"

MsConfig - Services: "PrismXL"

MsConfig - Services: "PCCUJobMgr"

MsConfig - StartUpFolder: C:^Documents a
nd Settings^All Users^Start Menu^Program
s^Startup^AntiVirus Plus.lnk - - File n
ot found

MsConfig - StartUpFolder: C:^Documents a
nd Settings^All Users^Start Menu^Program
s^Startup^BigFix.lnk - C:\Program Files\
BigFix\bigfix.exe - (BigFix Inc.)

MsConfig - StartUpFolder: C:^Documents a
nd Settings^Owner^Start Menu^Programs^St
artup^AntiVirus Plus.lnk - - File not f
ound

MsConfig - StartUpFolder: C:^Documents a
nd Settings^Owner^Start Menu^Programs^St
artup^LimeWire On Startup.lnk - C:\Progr
am Files\LimeWire\LimeWire.exe - (Lime W
ire, LLC)

MsConfig - StartUpFolder: C:^Documents a
nd Settings^Owner^Start Menu^Programs^St
artup^mapdrvs.bat - C:\Documents and Set
tings\Owner\Start Menu\Programs\Startup\
mapdrvs.bat - File not found

MsConfig - StartUpFolder: C:^Documents a
nd Settings^SP^Start Menu^Programs^Start
up^AntiVirus Plus.lnk - - File not foun
d

MsConfig - StartUpReg: AVGIDS - h
key= - key= - C:\Program Files\AVG\AVG8\
IdentityProtection\agent\bin\AVGIDSUI.ex
e (AVG)

MsConfig - StartUpReg: ctfmon.exe
- hkey= - key= - File not found

MsConfig - StartUpReg: HostManager[/b
] - hkey= - key= - C:\Program Files\Comm
on Files\AOL\1154365368\EE\AOLHostManage
r.exe (America Online, Inc.)

MsConfig - StartUpReg: [b]ISUSPM
- h
key= - key= - C:\Program Files\Common Fi
les\InstallShield\UpdateService\ISUSPM.e
xe (Macrovision Corporation)

MsConfig - StartUpReg: iTunesHelper[/
b] - hkey= - key= - C:\Program Files\iTu
nes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: [b]LogMeIn GUI[/b
] - hkey= - key= - C:\Program Files\LogM
eIn\x86\LogMeInSystray.exe (LogMeIn, Inc
.)

MsConfig - StartUpReg: [b]MSMSGS
- h
key= - key= - C:\Program Files\Messenger
\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: nukihovur
- hkey= - key= - File not found

MsConfig - StartUpReg: Power2GoExpres
s
- hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task
- hkey= - key= - C:\Program Files\Q
uickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: Reminder -
hkey= - key= - C:\WINDOWS\creator\Remin
d_XP.exe (SoftThinks)

MsConfig - StartUpReg: SunJavaUpdateS
ched
- hkey= - key= - C:\Program Fil
es\Java\jre6\bin\jusched.exe (Sun Micros
ystems, Inc.)

MsConfig - StartUpReg: swg - hkey
= - key= - C:\Program Files\Google\Googl
eToolbarNotifier\GoogleToolbarNotifier.e
xe (Google Inc.)

MsConfig - StartUpReg: uTorrent -
hkey= - key= - C:\Program Files\uTorren
t\uTorrent.exe File not found

MsConfig - StartUpReg: Yahoo! Pager[/
b] - hkey= - key= - C:\Program Files\Yah
oo!\Messenger\YahooMessenger.exe (Yahoo!
Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2



SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver
Group

SafeBootMin: Boot file system - Driver G
roup

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Program Files\
Microsoft Security Essentials\MsMpEng.ex
e (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver
Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group


SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Drive
r Group

SafeBootMin: vga.sys - Driver

SafeBootMin: WinDefend - C:\Program File
s\Windows Defender\MsMpEng.exe (Microsof
t Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-44
4553540000} - Universal Serial Bus contr
ollers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08
002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08
002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08
002BE10318} - Standard floppy disk contr
oller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08
002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08
002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08
002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08
002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08
002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08
002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08
002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08
002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00
A0C90F57DA} - Human Interface Devices



SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver
Group

SafeBootNet: Boot file system - Driver G
roup

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: MsMpSvc - c:\Program Files\
Microsoft Security Essentials\MsMpEng.ex
e (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group


SafeBootNet: NetBIOSGroup - Driver Group


SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Gr
oup

SafeBootNet: PCI Configuration - Driver
Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group


SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Gr
oup

SafeBootNet: System Bus Extender - Drive
r Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: WinDefend - C:\Program File
s\Windows Defender\MsMpEng.exe (Microsof
t Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-44
4553540000} - Universal Serial Bus contr
ollers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08
002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08
002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08
002BE10318} - Standard floppy disk contr
oller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08
002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08
002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08
002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08
002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08
002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08
002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08
002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08
002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08
002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08
002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08
002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08
002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00
A0C90F57DA} - Human Interface Devices



ActiveX: {0291E591-EA41-4c82-8106-3DC6CE
7F7664} - Reg Error: Value error.

ActiveX: {03F998B2-0E00-11D3-A498-00104B
6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C
608500} - Microsoft VM

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C9
55B42F} - Vector Graphics Rendering (VML
)

ActiveX: {1325db73-d9f1-48f8-8895-6d814e
c58889} - Security Update for Windows XP
(KB913433)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540A
D427CD} - Viewpoint Media Player

ActiveX: {1E82E49D-FCFD-3D18-1683-9E1169
77EB16} - Outlook Express

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00
B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c7
4c7e95} - Microsoft Windows Media Player
6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F9
45D258} - Adobe Shockwave Director 11.0.
3

ActiveX: {283807B5-2C60-11D0-A31D-00AA00
B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AF
EECF20} - Adobe Shockwave Director 11.0.
3

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C
9228ED} - %SystemRoot%\system32\regsvr32
.exe /s /n /i:/UserInstall %SystemRoot%\
system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F
56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3B
ACAA31} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8
051515} - Dynamic HTML Data Binding for
Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8
051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8
051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD65
83F589} - Microsoft .NET Framework 1.1 S
ervice Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8
051515} - Advanced Authoring

ActiveX: {431AE017-35CD-72BE-8B9B-8CB162
4D740D} - IE7 Uninstall Stub

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00
B6015C} - "%ProgramFiles%\Outlook Expres
s\setup50.exe" /APP:OE /CALLER:WINNT /us
er /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00
B6015B} - rundll32.exe advpack.dll,Launc
hINFSection C:\WINDOWS\INF\msnetmtg.inf,
NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00
B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00
B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8
051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8
051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f
98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04f
d912be} - rundll32.exe advpack.dll,Launc
hINFSection C:\WINDOWS\INF\msmsgs.inf,BL
C.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553
540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f
98bbc9} - Internet Explorer Setup Tools


ActiveX: {630b1da0-b465-11d1-9948-00c04f
98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F
79FAA6} - Microsoft Windows Media Player


ActiveX: {6fab99d0-bab8-11d1-994a-00c04f
98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E
6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F
98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04F
A35D02} - "%ProgramFiles%\Outlook Expres
s\setup50.exe" /APP:WAB /CALLER:WINNT /u
ser /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA00
5B4340} - regsvr32.exe /s /n /i:U shell3
2.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA00
5B4383} - C:\WINDOWS\system32\ie4uinit.e
xe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DB
F70820} - c:\WINDOWS\system32\Rundll32.e
xe c:\WINDOWS\system32\mscories.dll,Inst
all

ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1
E66E43} - Microsoft .NET Framework 1.1 H
otfix (KB928366)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00
B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54
C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9
190FF4} - Reg Error: Value error.

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4
202C7E} -

ActiveX: {B508B3F1-A24A-32C0-B310-857869
19EF28} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553
540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EA
E172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553
540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D
6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553
540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f
98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-005004
5C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F8
7A369E} - Active Directory Service Inter
face

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cef
b8f4988} - C:\WINDOWS\system32\ieudinit.
exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c
74c7e95} - C:\WINDOWS\inf\unregmp2.exe /
ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460
746276c} - C:\WINDOWS\system32\ie4uinit.
exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C
90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE
4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88
e8be88a} - %systemroot%\system32\shmgrat
e.exe OCInstallUserConfigOE



Drivers32: msacm.clmp3enc - C:\Program F
iles\CyberLink\Power2Go\CLMP3Enc.ACM (Cy
berLink Corp.)

Drivers32: msacm.iac2 - C:\WINDOWS\syste
m32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\syst
em32\l3codeca.acm (Fraunhofer Institut I
ntegrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\Sy
stem32\sl_anet.acm (Sipro Lab Telecom In
c.)

Drivers32: msacm.trspch - C:\WINDOWS\Sys
tem32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System
32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System
32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System
32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System
32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System
32\ir50_32.dll (Intel Corporation)



========== Files/Folders
- Created Within 30 Days ==========[/col
or]



[2010/04/17 14:16:30 | 000,095,360 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\drivers\qkagpjiz.sys

[2010/04/16 21:13:01 | 000,000,000 | --S
D | M] -- C:\Documents and Settings\Netw
orkService\Application Data\Microsoft

[2010/04/16 21:13:01 | 000,000,000 | --S
D | M] -- C:\Documents and Settings\Loca
lService\Application Data\Microsoft

[2010/04/16 21:13:01 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Local Settings\Application Da
ta\Microsoft

[2010/04/16 21:13:01 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Local Settings\Application Data
\Microsoft

[2010/03/20 19:55:30 | 000,555,520 | ---
- | C] (OldTimer Tools) -- C:\Documents
and Settings\Owner\Desktop\OTL.exe

[2010/03/17 14:33:28 | 000,095,360 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\drivers\wknqxiwq.sys

[2010/03/15 09:27:51 | 000,050,688 | ---
- | C] (Atribune.org) -- C:\Documents an
d Settings\Owner\Desktop\ATF-Cleaner.exe


[2010/03/12 16:00:13 | 000,019,456 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\dllcache\mtsadmin.tlb

[2010/03/11 12:13:43 | 000,000,000 | ---
D | C] -- C:\Fastg7.63c

[2010/03/11 04:48:05 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Local Settings\Application Data
\PCHealth

[2010/03/09 15:55:03 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Application Data\AdobeUM

[2010/03/09 15:54:44 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Local Settings\Application Data
\Adobe

[2010/03/09 15:54:15 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Application Data\Adobe

[2010/03/03 21:28:10 | 000,181,632 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\MpSigStub.exe

[2010/03/03 21:10:43 | 000,000,000 | ---
D | C] -- C:\Program Files\Microsoft Sec
urity Essentials

[2010/03/03 21:09:08 | 000,274,288 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\mucltui.dll

[2010/03/03 21:09:08 | 000,016,736 | ---
- | C] (Microsoft Corporation) -- C:\WIN
DOWS\System32\mucltui.dll.mui

[2010/02/27 19:22:49 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Application Data\Macromedia

[2009/02/20 10:55:31 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Application Data\Macromedia

[2009/02/20 10:55:31 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Application Data\Adobe

[2007/11/14 16:33:03 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Local Settings\Application Da
ta\Apple

[2007/10/01 14:34:55 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Local Settings\Application Da
ta\PCHealth

[2007/02/27 14:28:29 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Netw
orkService\Application Data\McAfee.com P
ersonal Firewall

[2007/01/25 11:16:44 | 000,000,000 | ---
D | M] -- C:\Documents and Settings\Loca
lService\Application Data\McAfee.com Per
sonal Firewall

[1998/08/24 09:31:44 | 000,018,944 | ---
- | C] ( ) -- C:\WINDOWS\System32\IMPLOD
E.DLL

[14 C:\WINDOWS\System32\*.tmp files -> C
:\WINDOWS\System32\*.tmp -> ]



[color=#E56717]========== Files - Modifi
ed Within 30 Days ==========




[2010/04/17 14:16:30 | 000,095,360 | ---
- | M] (Microsoft Corporation) -- C:\WIN
DOWS\System32\drivers\qkagpjiz.sys

[2010/04/17 08:28:40 | 000,050,477 | ---
- | M] () -- C:\Documents and Settings\O
wner\Desktop\Defogger.exe

[2010/04/16 21:39:27 | 000,284,915 | ---
- | M] () -- C:\Documents and Settings\O
wner\Desktop\gmer.zip

[2010/04/16 21:33:52 | 000,524,288 | ---
- | M] () -- C:\Documents and Settings\O
wner\Desktop\dds.scr

[2010/04/16 21:29:52 | 000,000,000 | ---
- | M] () -- C:\Documents and Settings\O
wner\defogger_reenable

[2010/04/16 16:51:21 | 000,000,000 | ---
- | M] () -- C:\Documents and Settings\O
wner\Local Settings\Application Data\prv
lcl.dat

[2010/03/20 20:00:44 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\wrmabqhs.j
ob

[2010/03/20 20:00:41 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\ohrdzhnv.j
ob

[2010/03/20 20:00:39 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\kgtkszri.j
ob

[2010/03/20 20:00:36 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\hxzbvdye.j
ob

[2010/03/20 20:00:33 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\bbvaferv.j
ob

[2010/03/20 20:00:31 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\ghxrjddp.j
ob

[2010/03/20 20:00:29 | 000,000,294 | ---
- | M] () -- C:\WINDOWS\tasks\fcaqxpbb.j
ob

[2010/03/20 20:00:26 | 000,000,296 | ---
- | M] () -- C:\WINDOWS\tasks\ujrgwdqy.j
ob

[2010/03/20 19:55:47 | 000,555,520 | ---
- | M] (OldTimer Tools) -- C:\Documents
and Settings\Owner\Desktop\OTL.exe

[2010/03/20 19:53:25 | 000,000,374 | -H-
- | M] () -- C:\WINDOWS\tasks\MpIdleTask
.job

[2010/03/20 19:52:30 | 000,000,408 | -H-
- | M] () -- C:\WINDOWS\tasks\MP Schedul
ed Scan.job

[2010/03/20 19:46:41 | 000,000,006 | -H-
- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/20 19:46:37 | 000,001,158 | ---
- | M] () -- C:\WINDOWS\System32\wpa.dbl


[2010/03/20 19:46:35 | 000,002,048 | --S
- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/20 19:46:32 | 668,520,448 | -HS
- | M] () -- C:\hiberfil.sys

[2010/03/17 14:59:01 | 006,553,600 | ---
- | M] () -- C:\Documents and Settings\O
wner\ntuser.dat

[2010/03/17 14:58:58 | 000,000,278 | -HS
- | M] () -- C:\Documents and Settings\O
wner\ntuser.ini

[2010/03/17 14:35:41 | 000,001,017 | ---
- | M] () -- C:\WINDOWS\win.ini

[2010/03/17 14:33:28 | 000,095,360 | ---
- | M] (Microsoft Corporation) -- C:\WIN
DOWS\System32\drivers\wknqxiwq.sys

[2010/03/15 09:27:59 | 000,050,688 | ---
- | M] (Atribune.org) -- C:\Documents an
d Settings\Owner\Desktop\ATF-Cleaner.exe


[2010/03/14 18:51:10 | 000,000,282 | ---
- | M] () -- C:\WINDOWS\system.ini

[2010/03/14 18:51:10 | 000,000,211 | RHS
- | M] () -- C:\boot.ini

[2010/03/14 10:38:26 | 000,000,726 | ---
- | M] () -- C:\WINDOWS\System32\drivers
\etc\hosts

[2010/03/14 10:16:33 | 000,477,670 | ---
- | M] () -- C:\WINDOWS\System32\PerfStr
ingBackup.INI

[2010/03/14 10:16:33 | 000,406,658 | ---
- | M] () -- C:\WINDOWS\System32\perfh00
9.dat

[2010/03/14 10:16:33 | 000,063,732 | ---
- | M] () -- C:\WINDOWS\System32\perfc00
9.dat

[2010/03/12 00:43:16 | 000,000,696 | ---
- | M] () -- C:\Documents and Settings\A
ll Users\Desktop\Malwarebytes' Anti-Malw
are.lnk

[2010/03/11 12:44:39 | 000,015,360 | ---
- | M] () -- C:\Documents and Settings\O
wner\Local Settings\Application Data\DCB
C2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/07 16:23:59 | 000,095,360 | ---
- | M] (Microsoft Corporation) -- C:\WIN
DOWS\System32\dllcache\atapi.sys

[2010/03/04 10:35:09 | 000,006,456 | -H-
- | M] () -- C:\WINDOWS\System32\weligan
a

[2010/03/04 09:57:25 | 004,250,022 | -H-
- | M] () -- C:\Documents and Settings\O
wner\Local Settings\Application Data\Ico
nCache.db

[2010/03/03 21:10:56 | 000,000,820 | ---
- | M] () -- C:\Documents and Settings\A
ll Users\Desktop\Microsoft Security Esse
ntials.lnk

[2010/02/24 10:16:06 | 000,181,632 | ---
- | M] (Microsoft Corporation) -- C:\WIN
DOWS\System32\MpSigStub.exe

[2010/02/23 19:43:03 | 000,000,284 | ---
- | M] () -- C:\WINDOWS\tasks\AppleSoftw
areUpdate.job

[14 C:\WINDOWS\System32\*.tmp files -> C
:\WINDOWS\System32\*.tmp -> ]



========== Files Created
- No Company Name ==========




[2010/04/17 08:28:37 | 000,050,477 | ---
- | C] () -- C:\Documents and Settings\O
wner\Desktop\Defogger.exe

[2010/04/16 21:39:22 | 000,284,915 | ---
- | C] () -- C:\Documents and Settings\O
wner\Desktop\gmer.zip

[2010/04/16 21:33:46 | 000,524,288 | ---
- | C] () -- C:\Documents and Settings\O
wner\Desktop\dds.scr

[2010/04/16 21:29:52 | 000,000,000 | ---
- | C] () -- C:\Documents and Settings\O
wner\defogger_reenable

[2010/03/16 15:56:32 | 668,520,448 | -HS
- | C] () -- C:\hiberfil.sys

[2010/03/12 00:43:16 | 000,000,696 | ---
- | C] () -- C:\Documents and Settings\A
ll Users\Desktop\Malwarebytes' Anti-Malw
are.lnk

[2010/03/10 17:52:29 | 000,000,374 | -H-
- | C] () -- C:\WINDOWS\tasks\MpIdleTask
.job

[2010/03/04 09:20:48 | 000,000,296 | ---
- | C] () -- C:\WINDOWS\tasks\wrmabqhs.j
ob

[2010/03/03 21:16:22 | 000,000,408 | -H-
- | C] () -- C:\WINDOWS\tasks\MP Schedul
ed Scan.job

[2010/03/03 21:10:55 | 000,000,820 | ---
- | C] () -- C:\Documents and Settings\A
ll Users\Desktop\Microsoft Security Esse
ntials.lnk

[2010/02/27 13:33:20 | 000,000,296 | ---
- | C] () -- C:\WINDOWS\tasks\bbvaferv.j
ob

[2010/02/19 23:00:30 | 000,000,296 | ---
- | C] () -- C:\WINDOWS\tasks\ohrdzhnv.j
ob

[2010/02/06 10:19:21 | 000,000,163 | ---
- | C] () -- C:\Program Files\em_1756122
96.bat

[2009/10/08 08:04:23 | 000,000,000 | ---
- | C] () -- C:\Documents and Settings\O
wner\Local Settings\Application Data\prv
lcl.dat

[2009/04/08 20:37:36 | 001,434,342 | -HS
- | C] () -- C:\WINDOWS\System32\elokewa
t.ini

[2009/04/08 17:30:34 | 001,433,409 | -HS
- | C] () -- C:\WINDOWS\System32\upedeyi
b.ini2

[2009/04/07 20:31:44 | 001,433,378 | -HS
- | C] () -- C:\WINDOWS\System32\ozihatu
r.ini

[2009/04/07 08:31:58 | 001,434,337 | -HS
- | C] () -- C:\WINDOWS\System32\adabavi
y.ini

[2009/04/06 22:46:24 | 001,434,333 | -HS
- | C] () -- C:\WINDOWS\System32\akimaju
r.ini

[2009/04/05 09:28:27 | 001,434,346 | -HS
- | C] () -- C:\WINDOWS\System32\ezuloje
t.ini

[2009/04/04 19:40:09 | 001,407,033 | -HS
- | C] () -- C:\WINDOWS\System32\utemulu
s.ini

[2008/02/18 20:43:29 | 000,000,076 | ---
- | C] () -- C:\WINDOWS\SBW95.INI

[2008/02/06 19:39:01 | 000,000,121 | ---
- | C] () -- C:\WINDOWS\gkerde3d.INI

[2008/02/02 18:14:11 | 000,001,755 | ---
- | C] () -- C:\Documents and Settings\A
ll Users\Application Data\QTSBandwidthCa
che

[2008/01/15 11:04:13 | 000,000,095 | ---
- | C] () -- C:\WINDOWS\encore_launcher.
ini

[2007/09/14 10:45:25 | 000,000,133 | R--
- | C] () -- C:\WINDOWS\System32\ftdiun2
k.ini

[2007/09/12 11:19:56 | 000,008,784 | ---
- | C] () -- C:\WINDOWS\System32\ractrlk
eyhook.dll

[2007/04/10 17:45:15 | 000,015,360 | ---
- | C] () -- C:\Documents and Settings\O
wner\Local Settings\Application Data\DCB
C2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/04 11:41:05 | 000,001,124 | ---
- | C] () -- C:\WINDOWS\SYSWIN.INI

[2007/03/20 11:15:59 | 000,000,542 | ---
- | C] () -- C:\Documents and Settings\O
wner\Application Data\wklnhst.dat

[2007/03/08 19:40:57 | 000,004,263 | -HS
- | C] () -- C:\WINDOWS\System32\winguj.
sys

[2007/03/08 19:39:51 | 000,314,880 | ---
- | C] () -- C:\WINDOWS\System32\Tx32.dl
l

[2007/02/27 14:00:28 | 000,000,004 | -H-
- | C] () -- C:\WINDOWS\uccspecb.sys

[2007/01/26 16:25:43 | 000,002,723 | ---
- | C] () -- C:\WINDOWS\DevMgr.ini

[2007/01/26 16:03:28 | 000,000,020 | ---
- | C] () -- C:\WINDOWS\Hposcv07.INI

[2007/01/24 12:16:55 | 000,114,544 | ---
- | C] () -- C:\WINDOWS\System32\USAFE16
.DLL

[2007/01/24 12:15:36 | 000,065,536 | ---
- | C] () -- C:\WINDOWS\System32\MSRTEDI
T.DLL

[2006/07/31 13:00:18 | 000,135,168 | ---
- | C] () -- C:\WINDOWS\System32\RtlCPAP
I.dll

[2006/07/31 12:54:40 | 000,000,977 | ---
- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/01 02:01:25 | 000,000,061 | ---
- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/06 20:24:27 | 000,001,366 | ---
- | C] () -- C:\WINDOWS\System32\oeminfo
.ini

[2006/05/06 20:24:27 | 000,000,458 | ---
- | C] () -- C:\WINDOWS\System32\emver.i
ni

[2004/01/29 12:26:03 | 000,204,889 | ---
- | C] () -- C:\WINDOWS\byVbasic.dll

[2003/06/25 02:38:06 | 000,159,744 | ---
- | C] () -- C:\WINDOWS\System32\win2000
.dll

[2003/01/07 18:05:08 | 000,002,695 | ---
- | C] () -- C:\WINDOWS\System32\OUTLPER
F.INI

[2002/04/17 08:24:40 | 000,069,632 | ---
- | C] () -- C:\WINDOWS\System32\crdb218
s.dll

[2002/04/17 08:17:50 | 000,024,576 | ---
- | C] () -- C:\WINDOWS\System32\sock18i
v.dll

[2002/04/17 08:17:12 | 000,184,320 | ---
- | C] () -- C:\WINDOWS\System32\drda18i
v.dll

[2002/04/17 08:16:38 | 000,024,576 | ---
- | C] () -- C:\WINDOWS\System32\prot18i
v.dll

[2002/04/17 08:16:32 | 000,274,432 | ---
- | C] () -- C:\WINDOWS\System32\xcpg18i
v.dll

[2002/04/17 08:15:58 | 000,061,440 | ---
- | C] () -- C:\WINDOWS\System32\bind18i
v.dll

[2002/04/17 08:15:54 | 000,049,152 | ---
- | C] () -- C:\WINDOWS\System32\memr18i
v.dll

[2002/04/17 08:15:48 | 000,024,576 | ---
- | C] () -- C:\WINDOWS\System32\clrt18i
v.dll

[2002/04/17 08:15:46 | 000,053,248 | ---
- | C] () -- C:\WINDOWS\System32\cosi18i
v.dll

[2002/04/17 08:15:22 | 000,024,576 | ---
- | C] () -- C:\WINDOWS\System32\appc18i
v.dll

[2002/04/03 16:01:06 | 000,049,152 | ---
- | C] () -- C:\WINDOWS\System32\crinfdt
c18.dll

[2000/11/10 18:10:00 | 000,223,744 | ---
- | C] () -- C:\WINDOWS\System32\RBS32SP
.dll

[2000/11/10 18:10:00 | 000,100,864 | R--
- | C] () -- C:\WINDOWS\System32\Sx32w.d
ll

[2000/01/18 22:41:38 | 000,114,544 | ---
- | C] () -- C:\WINDOWS\USAFE16.DLL

[1999/09/22 14:03:54 | 000,100,352 | ---
- | C] () -- C:\WINDOWS\System32\PG32CON
V.DLL

[1998/06/10 01:00:00 | 000,015,120 | ---
- | C] () -- C:\WINDOWS\System32\REPUTIL
.DLL



========== Custom Scans =
=========






< %systemroot%\system32\*
.dll /lockedfiles >


[2009/02/20 14:09:35 | 000,347,136 | ---
- | M] (Microsoft Corporation)[b] Unable
to obtain MD5
-- C:\WINDOWS\system3
2\dxtmsft.dll

[2009/02/20 14:09:36 | 000,214,528 | ---
- | M] (Microsoft Corporation) Unable
to obtain MD5
-- C:\WINDOWS\system3
2\dxtrans.dll

[2006/11/07 22:03:36 | 000,191,488 | ---
- | M] (Microsoft Corporation) Unable
to obtain MD5
-- C:\WINDOWS\system3
2\iepeers.dll

[14 C:\WINDOWS\system32\*.tmp files -> C
:\WINDOWS\system32\*.tmp -> ]



< %systemroot%\Tasks\*.jo
b /lockedfiles >






< MD5 for: AGP440.SYS >[
/color]

[2004/08/04 15:00:00 | 018,738,937 | ---
- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp2.cab:AGP440.sys

[2004/08/04 15:00:00 | 018,738,937 | ---
- | M] () .cab file -- C:\WINDOWS\I386\s
p2.cab:AGP440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---
- | M] (Microsoft Corporation) MD5=08FD0
4AA961BDC77FB983F328334E3D7 -- C:\WINDOW
S\SoftwareDistribution\Download\dd9ab519
3501484cf5e6884fa1d22f9e\agp440.sys

[2004/08/04 09:07:42 | 000,042,368 | ---
- | M] (Microsoft Corporation) MD5=2C428
FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOW
S\system32\drivers\AGP440.SYS



[color=#A23BEC]< MD5 for: ATAPI.SYS >[/
color]

[2004/08/04 15:00:00 | 018,738,937 | ---
- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp2.cab:atapi.sys

[2004/08/04 15:00:00 | 018,738,937 | ---
- | M] () .cab file -- C:\WINDOWS\I386\s
p2.cab:atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---
- | M] (Microsoft Corporation) MD5=9F3A2
F5AA6875C72BF062C712CFA2674 -- C:\WINDOW
S\SoftwareDistribution\Download\dd9ab519
3501484cf5e6884fa1d22f9e\atapi.sys

[2010/03/07 16:23:59 | 000,095,360 | ---
- | M] (Microsoft Corporation) MD5=CDFE4
411A69C224BD1D11B2DA92DAC51 -- C:\WINDOW
S\system32\dllcache\atapi.sys

[2010/04/17 06:30:58 | 000,095,360 | ---
- | M] (Microsoft Corporation) MD5=CDFE4
411A69C224BD1D11B2DA92DAC51 -- C:\WINDOW
S\system32\drivers\atapi.sys



[color=#A23BEC]< MD5 for: EVENTLOG.DLL
>


[2008/04/13 20:11:53 | 000,056,320 | ---
- | M] (Microsoft Corporation) MD5=6D4FE
B43EE538FC5428CC7F0565AA656 -- C:\WINDOW
S\SoftwareDistribution\Download\dd9ab519
3501484cf5e6884fa1d22f9e\eventlog.dll

[2004/08/04 15:00:00 | 000,055,808 | ---
- | M] (Microsoft Corporation) MD5=82B24
CB70E5944E6E34662205A2A5B78 -- C:\WINDOW
S\system32\eventlog.dll



< MD5 for: NETLOGON.DLL
>


[2008/04/13 20:12:01 | 000,407,040 | ---
- | M] (Microsoft Corporation) MD5=1B7F0
71C51B77C272875C3A23E1E4550 -- C:\WINDOW
S\SoftwareDistribution\Download\dd9ab519
3501484cf5e6884fa1d22f9e\netlogon.dll

[2004/08/04 15:00:00 | 000,407,040 | ---
- | M] (Microsoft Corporation) MD5=96353
FCECBA774BB8DA74A1C6507015A -- C:\WINDOW
S\system32\netlogon.dll



< MD5 for: SCECLI.DLL >[
/color]

[2004/08/04 15:00:00 | 000,180,224 | ---
- | M] (Microsoft Corporation) MD5=0F78E
27F563F2AAF74B91A49E2ABF19A -- C:\WINDOW
S\system32\scecli.dll

[2008/04/13 20:12:05 | 000,181,248 | ---
- | M] (Microsoft Corporation) MD5=A86BB
5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOW
S\SoftwareDistribution\Download\dd9ab519
3501484cf5e6884fa1d22f9e\scecli.dll



[color=#A23BEC]< %systemroot%\*. /mp /s
>




========== Alternate Data
Streams ==========




@Alternate Data Stream - 356 bytes -> C:
\WINDOWS\System32\drivers\mjuvjtdf.sys:c
hangelist

< End of report >




#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 21 March 2010 - 02:55 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 21 March 2010 - 07:40 PM

Hi:

I have a question before I decide to reformat the computer..I used this computer to make installation cd for my company. using Installshield. If the computer is infected is it possible that any dll files that the Installation used could be infected too??? If I have to make back up Cd for the program will it still carry infectious files??

I am little freaked out by the implications itself although I do not use this computer to do any banking stuff at all...

Thanks for your help.



#6 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 22 March 2010 - 11:28 AM

Hi:

Just after sending you the message the Computer re-booted and was stuck again trying to create log files for about 30 mins...but finally it is done.

here is the log file..

Thanks.

ComboFix 10-03-21.04 - Owner 03/22/2010 11:06:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637.258 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\program files\temp
c:\recycler\S-1-5-21-764268790-1272957324-4166798230-1003
c:\windows\system32\adabaviy.ini
c:\windows\system32\akimajur.ini
c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus
c:\windows\system32\config\systemprofile\Application Data\avp.ico
c:\windows\system32\elokewat.ini
c:\windows\system32\ezulojet.ini
c:\windows\system32\ozihatur.ini
c:\windows\system32\upedeyib.ini2
c:\windows\system32\upedeyib.tmp
c:\windows\system32\utemulus.ini
c:\windows\system32\wunibuhi.exe
c:\windows\Tasks\bbvaferv.job
c:\windows\Tasks\fcaqxpbb.job
c:\windows\Tasks\ghxrjddp.job
c:\windows\Tasks\hxzbvdye.job
c:\windows\Tasks\kgtkszri.job
c:\windows\Tasks\ohrdzhnv.job
c:\windows\Tasks\ujrgwdqy.job
c:\windows\Tasks\wrmabqhs.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-04-17 18:16 . 2010-04-17 18:16 95360 ----a-w- c:\windows\system32\drivers\qkagpjiz.sys
2010-03-22 14:09 . 2010-03-22 14:09 95360 ----a-w- c:\windows\system32\drivers\lmumuicm.sys
2010-03-21 22:47 . 2010-03-21 22:47 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-21 22:47 . 2010-03-21 22:47 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-17 18:33 . 2010-03-17 18:33 95360 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-03-11 16:13 . 2010-03-11 16:14 -------- dc----w- C:\Fastg7.63c
2010-03-11 08:48 . 2010-03-11 08:48 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-03-09 19:55 . 2010-03-09 19:55 -------- dc----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-03-09 19:54 . 2010-03-09 19:54 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-04 01:28 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-04 01:10 . 2010-03-04 01:11 -------- dc----w- c:\program files\Microsoft Security Essentials
2010-03-04 01:09 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-04 01:09 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 20:51 . 2009-10-08 12:04 0 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-03-14 14:26 . 2007-01-30 15:08 -------- dc----w- c:\documents and settings\Owner\Application Data\U3
2010-03-12 04:43 . 2009-12-16 18:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 12:08 . 2008-04-23 15:31 -------- dc----w- c:\program files\CrossLoop
2010-02-28 19:11 . 2009-04-08 19:54 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-02-06 14:19 . 2010-02-06 14:19 163 -c--a-w- c:\program files\em_175612296.bat
2010-01-07 21:07 . 2010-01-07 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-07 14:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-04-07 06:59 . 2008-05-01 19:34 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2008-05-01 19:34 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2008-05-01 19:34 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2008-05-01 19:34 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2008-05-01 19:34 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-03-08 23:40 . 2007-03-08 23:40 4263 --sh--w- c:\windows\system32\winguj.sys
.

------- Sigcheck -------

[-] 2010-03-17 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ATAPI.SYS
[-] 2010-03-07 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-23 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-23 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-29 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-29 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2006-02-11 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB914906$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 19:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3gdr\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3qfe\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\system32\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\ie7\mshtml.dll
[-] 2006-03-24 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912945$\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-03 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-30 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4c3bfdd5dba8b913b7baa509418086ab\backup\sp2qfe\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\7b97093d107dfa9fd1d666fcbee1e1d6\backup\sp2qfe\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[-] 2005-09-29 . B919A39ACAFF2188FA699E22DCB5F13F . 2180096 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-03 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-03 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3gdr\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3qfe\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\system32\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\ie7\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-01-10 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-03 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-03 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-03 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-28 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-30 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 19:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 19:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
[-] 2005-09-29 . C60248DDE015B0A73871A16576B7A945 . 2057344 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 19:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-7-23 270336]
HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-25 495682]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-16 14:30 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-19 02:10 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mapdrvs.bat]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\mapdrvs.bat
backup=c:\windows\pss\mapdrvs.batStartup

[HKLM\~\startupfolder\C:^Documents and Settings^SP^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\SP\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS]
2009-02-26 16:46 1579528 -c----w- c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1154365368\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 22:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-09-12 15:20 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03 1093208 -c--a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-01 17:27 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-27 16:27 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InstallShield Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"PrismXL"=2 (0x2)
"PCCUJobMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCsync\\PCsync.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Crystal Decisions\\Crystal Reports 9\\crw32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154365368\\EE\\AOLServiceHost.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 66632]
R2 LLCPORT;LapLink.com Serial Port Driver;c:\windows\system32\drivers\llcport.sys [1/24/2007 2:36 PM 93440]
R2 LLCSER;LapLink.com Serial Comm Driver;c:\windows\system32\drivers\llcser.sys [1/24/2007 2:36 PM 31708]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 11:21 AM 12856]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/12/2009 8:26 PM 126392]
S1 MpKsl74122bca;MpKsl74122bca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKsl74122bca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKsl74122bca.sys [?]
S1 MpKslbbfececd;MpKslbbfececd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKslbbfececd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKslbbfececd.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 LLCMINI;LapLink.com Serial Cable Network Adapter;c:\windows\system32\drivers\LLCMINI5.SYS [1/24/2007 2:36 PM 47520]
S3 NET1080;LapLink Inc. USB Cable Network Adapter;c:\windows\system32\drivers\NETTC.SYS [1/24/2007 12:27 PM 12536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 12872]
S3 USBTC;USBTC;c:\windows\system32\drivers\usbtc.sys [1/24/2007 12:27 PM 13672]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/12/2009 8:26 PM 103280]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2007-01-24 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 19:00]

2010-03-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]

2010-03-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hvxtnoyt.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-nukihovur - c:\windows\system32\wilawape.dll
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-HijackThis - G:\HijackThis.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 12:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{704E856D-3F9D-A5EF-EA53-4824080D4DE9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahgdipdakijmjacnj"=hex:6b,61,6d,65,67,61,6a,64,67,68,69,69,6c,69,6c,62,69,65,
70,61,62,6b,00,00
"hajgfdfbkdiaghmo"=hex:6b,61,6d,65,67,61,6a,64,67,68,68,69,67,69,63,64,65,6d,
67,6f,70,6e,00,7e

[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A6B1F3E-B9D7-12F7-435F-BC27E3EE552E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaficklnoldgofmjla"=hex:6b,61,69,66,64,70,63,64,70,67,68,67,6c,6d,69,6d,61,66,
6d,67,6f,6c,00,00
"hadimjoaldphdnjo"=hex:6b,61,69,66,64,70,63,64,70,67,68,67,6c,6d,69,6d,61,66,
6d,67,6f,6c,00,7e

[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F13B226F-A497-941B-DFEF-044B31CB0742}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaiceeacjbcdekobcj"=hex:6b,61,70,67,6a,70,6e,67,65,69,68,69,69,6b,70,6b,64,6a,
65,68,70,6f,00,00
"hacckfkldkeafdfa"=hex:6a,61,70,67,69,70,6d,67,65,63,70,63,64,61,6d,61,6d,6e,
64,69,00,01

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD7DA6D0-C8A5-2AB7-AFAFBAF6CCA2EFA4}\{BFF22B84-84BD-C376-CF902D4CFF2D2B8A}\{C30500AE-8022-F8A1-791309212C4775E7}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2028)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2010-03-22 12:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 16:21

Pre-Run: 75,444,076,544 bytes free
Post-Run: 75,401,785,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 039B8AE9753E68D5DECA1C6C52EC2AF6


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 22 March 2010 - 05:19 PM

Hi,
technically it is not impossible that the CD was infected, however it is rather unlikely that it is infected.

There are quite some things left. Please run the following fix:
Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/303150/atapisys-file-changed/
Collect::
c:\windows\system32\winguj.sys
c:\windows\system32\drivers\qkagpjiz.sys
c:\windows\system32\drivers\lmumuicm.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKsl74122bca.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\MpKslbbfececd.sys
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^SP^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
File::
c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
c:\windows\pss\BigFix.lnkCommon Startup
c:\windows\pss\AntiVirus Plus.lnkStartup
Folder::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware
Driver::
MpKslbbfececd
MpKsl74122bca
RegNull::
[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{704E856D-3F9D-A5EF-EA53-4824080D4DE9}*]
[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A6B1F3E-B9D7-12F7-435F-BC27E3EE552E}*]
[HKEY_USERS\S-1-5-21-1246549450-3055500251-3571665829-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F13B226F-A497-941B-DFEF-044B31CB0742}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD7DA6D0-C8A5-2AB7-AFAFBAF6CCA2EFA4}\{BFF22B84-84BD-C376-CF902D4CFF2D2B8A}\{C30500AE-8022-F8A1-791309212C4775E7}*]
SRPeek::
C:\windows\system32\drivers\atapi.sys


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
regards myrti

Edited by myrti, 22 March 2010 - 05:21 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 23 March 2010 - 05:14 PM

HI:

I ran combofix with the Script and as usual it hung up with 3 files of cf1867.cfxxe running. I left it to run its course and when I came back it had re-booted the computer and created a log file...so I did not see or respond to any message boxes.

Here is the log.

Thanks for your help.

ComboFix 10-03-21.04 - Owner 03/23/2010 16:45:09.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637.289 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat"
"c:\windows\pss\AntiVirus Plus.lnkStartup"
"c:\windows\pss\BigFix.lnkCommon Startup"

file zipped: c:\windows\system32\drivers\lmumuicm.sys
file zipped: c:\windows\system32\drivers\qkagpjiz.sys
file zipped: c:\windows\system32\winguj.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\mpasbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\mpasdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\mpavbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\mpavdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9C0020B-6B04-4B50-BD32-5FD8CD640D23}\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-1.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{14ED92F4-FF98-47F9-AEEF-2A34C42F9EFC}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0A106A19-13C9-4FFE-AE9A-D73DC9E71BB8}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0C876A99-6811-4ED3-8E99-C6B01284F9D1}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{130CE97C-164C-4996-8B4E-B119C6A5A5B4}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{17B33A6E-5CF9-4168-A9E0-B6360A381720}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1E97463E-0ABD-43E7-B41A-055D368D907B}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{23C96A9A-1643-4F25-A3B6-5CC530211552}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{313C9049-B40D-4220-87C4-5500E7FEDDA7}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{31B5CF29-1637-4B5C-A821-0A9D4DDE1391}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{52417EA9-71D3-4C31-BC96-21D1EC3748FD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5C27A678-BDD8-4D98-9C97-2FB04A1C928A}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5FB9E8C1-D8E7-4BA8-99FD-AB9CF60A21FD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{819407B5-D407-482A-87EB-6744DFBF74DD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{83D327AE-9626-4F3A-B4F6-6BAC6C23A5AC}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{85C3C201-F472-425F-8F58-FB45061780C9}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8C5062AD-AC86-4777-88F2-335453752264}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B1D018EC-4787-43AA-A009-9E47B6327596}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B6D5CBA9-A0C7-4DF5-81FC-C15D4FFDF8FD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BCB6F89D-44BC-4DE8-8B1D-31E5F9AF1D43}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D8827CF2-7BB2-43DB-8348-39AE40CD54F4}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E64D89B0-ED61-4693-87AF-084719B5CDB2}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpCacheStats.log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPLog-03032010-201119.log
c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
c:\windows\pss\AntiVirus Plus.lnkStartup
c:\windows\pss\BigFix.lnkCommon Startup
c:\windows\system32\drivers\lmumuicm.sys
c:\windows\system32\drivers\qkagpjiz.sys
c:\windows\system32\winguj.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceBCF43643-A118-4432-AEDE-D861FCBCFCDE.lock . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSL74122BCA
-------\Legacy_MPKSLBBFECECD
-------\Service_MpKsl74122bca
-------\Service_MpKslbbfececd


((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-21 22:47 . 2010-03-21 22:47 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-21 22:47 . 2010-03-21 22:47 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-17 18:33 . 2010-03-17 18:33 95360 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-03-11 16:13 . 2010-03-11 16:14 -------- dc----w- C:\Fastg7.63c
2010-03-11 08:48 . 2010-03-11 08:48 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-03-09 19:55 . 2010-03-09 19:55 -------- dc----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-03-09 19:54 . 2010-03-09 19:54 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-04 01:28 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-04 01:10 . 2010-03-04 01:11 -------- dc----w- c:\program files\Microsoft Security Essentials
2010-03-04 01:09 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-04 01:09 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 14:26 . 2007-01-30 15:08 -------- dc----w- c:\documents and settings\Owner\Application Data\U3
2010-03-12 04:43 . 2009-12-16 18:06 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 12:08 . 2008-04-23 15:31 -------- dc----w- c:\program files\CrossLoop
2010-02-28 19:11 . 2009-04-08 19:54 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-02-06 14:19 . 2010-02-06 14:19 163 -c--a-w- c:\program files\em_175612296.bat
2010-01-07 21:07 . 2010-01-07 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-07 14:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-04-07 06:59 . 2008-05-01 19:34 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2008-05-01 19:34 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2008-05-01 19:34 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2008-05-01 19:34 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2008-05-01 19:34 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

[-] CDFE4411A69C224BD1D11B2DA92DAC51 95360 c:\windows\system32\drivers\ATAPI.SYS
[-] CDFE4411A69C224BD1D11B2DA92DAC51 95360 \RP33\A0027044.sys
[-] E764190B0963EC48732954C3A9E6BC6E 95360 \RP40\A0039998.sys
.
------- Sigcheck -------

[-] 2010-03-17 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ATAPI.SYS
[-] 2010-03-07 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-23 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-23 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-29 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-29 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2006-02-11 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB914906$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 19:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3gdr\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3qfe\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\system32\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\ie7\mshtml.dll
[-] 2006-03-24 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912945$\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-03 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-30 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2006-02-21 . DF4D09B676964646FA166A78C816B4C3 . 2180992 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[-] 2005-09-29 . B919A39ACAFF2188FA699E22DCB5F13F . 2180096 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-03 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-03 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3gdr\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\backup\sp3qfe\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\system32\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\ie7\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-01-10 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-03 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-03 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-03 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-28 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-30 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 07:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 19:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 19:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2006-02-21 . 501C033D08AC37C4BE751633AB02197C . 2057984 . . [5.1.2600.2853] . . c:\windows\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
[-] 2005-09-29 . C60248DDE015B0A73871A16576B7A945 . 2057344 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 19:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 16120832]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-7-23 270336]
HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-25 495682]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-16 14:30 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-19 02:10 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mapdrvs.bat]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\mapdrvs.bat
backup=c:\windows\pss\mapdrvs.batStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS]
2009-02-26 16:46 1579528 -c----w- c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1154365368\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 22:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-09-12 15:20 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03 1093208 -c--a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-01 17:27 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-27 16:27 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InstallShield Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"PrismXL"=2 (0x2)
"PCCUJobMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCsync\\PCsync.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Crystal Decisions\\Crystal Reports 9\\crw32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154365368\\EE\\AOLServiceHost.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 66632]
R2 LLCPORT;LapLink.com Serial Port Driver;c:\windows\system32\drivers\llcport.sys [1/24/2007 2:36 PM 93440]
R2 LLCSER;LapLink.com Serial Comm Driver;c:\windows\system32\drivers\llcser.sys [1/24/2007 2:36 PM 31708]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 11:21 AM 12856]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/12/2009 8:26 PM 126392]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 LLCMINI;LapLink.com Serial Cable Network Adapter;c:\windows\system32\drivers\LLCMINI5.SYS [1/24/2007 2:36 PM 47520]
S3 NET1080;LapLink Inc. USB Cable Network Adapter;c:\windows\system32\drivers\NETTC.SYS [1/24/2007 12:27 PM 12536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 12872]
S3 USBTC;USBTC;c:\windows\system32\drivers\usbtc.sys [1/24/2007 12:27 PM 13672]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/12/2009 8:26 PM 103280]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2007-01-24 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 19:00]

2010-03-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hvxtnoyt.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1260)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
c:\windows\SoftwareDistribution\Download\4c8193e6fe0f09288b4175a7e06d452f\update\update.exe
.
**************************************************************************
.
Completion time: 2010-03-23 17:06:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 21:06
ComboFix2.txt 2010-03-22 16:21

Pre-Run: 75,315,027,968 bytes free
Post-Run: 75,036,835,840 bytes free

- - End Of File - - A07F9BB57783EF61860A28785219A0B9


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 24 March 2010 - 05:31 PM

Hi,
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    sc start cryptsvc
  • a line will be displayed, please post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 25 March 2010 - 07:10 AM

Hi :

Ran the script and the line that showed up was

"The instance of the service is already running".

Thanks.


Regards,
Bandera




#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 27 March 2010 - 07:24 AM

Hi,

it seems as if the upload from ComboFix wasn't successful, please go to C:\qoobox\quarantine and locate the file [4]Submit_.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

Please read through this guide first
  1. Please download Dial-A-Fix
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix

Afterwards please run a scan with ComboFix again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 30 March 2010 - 09:55 AM

Hi:

I rebooted the computer and then ran dial-a-fix and it ran without a problem. Ran combofix and here is the report.

Thanks.

ComboFix 10-03-29.04 - Owner 03/30/2010 10:29:12.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637.338 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-30 14:22:03 . 2010-03-30 14:38:23 -------- d-----w- C:\WINDOWS\system32\CatRoot2
2010-03-21 22:47:04 . 2010-03-21 22:47:04 -------- dc----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-21 22:47:04 . 2010-03-21 22:47:04 -------- dc----w- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2010-03-17 18:33:28 . 2010-03-17 18:33:28 95360 ----a-w- C:\WINDOWS\system32\drivers\ATAPI.SYS
2010-03-11 16:13:43 . 2010-03-11 16:14:40 -------- dc----w- C:\Fastg7.63c
2010-03-11 08:48:05 . 2010-03-11 08:48:05 -------- dc----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
2010-03-09 19:55:03 . 2010-03-09 19:55:03 -------- dc----w- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2010-03-09 19:54:15 . 2010-03-09 19:54:44 -------- dc----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2010-03-04 01:28:10 . 2010-02-24 14:16:06 181632 ------w- C:\WINDOWS\system32\MpSigStub.exe
2010-03-04 01:10:43 . 2010-03-04 01:11:25 -------- dc----w- C:\Program Files\Microsoft Security Essentials
2010-03-04 01:09:09 . 2009-08-07 00:23:46 215920 ----a-w- C:\WINDOWS\system32\muweb.dll
2010-03-04 01:09:08 . 2009-08-07 00:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 13:35:33 . 2009-04-08 19:55:55 117760 -c--a-w- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-14 14:26:51 . 2007-01-30 15:08:12 -------- dc----w- C:\Documents and Settings\Owner\Application Data\U3
2010-03-12 04:43:19 . 2009-12-16 18:06:08 -------- dc----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 12:08:53 . 2008-04-23 15:31:55 -------- dc----w- C:\Program Files\CrossLoop
2010-02-28 19:11:03 . 2009-04-08 19:54:40 -------- dc----w- C:\Program Files\SUPERAntiSpyware
2010-02-06 14:19:21 . 2010-02-06 14:19:21 163 -c--a-w- C:\Program Files\em_175612296.bat
2010-01-11 00:29:03 . 2010-01-11 00:29:03 52224 -c--a-w- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 21:07:14 . 2010-01-07 14:42:27 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 . 2010-01-07 14:42:24 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2008-04-07 06:59:01 . 2008-05-01 19:34:51 67696 -c--a-w- C:\Program Files\mozilla firefox\components\jar50.dll
2008-04-07 06:59:02 . 2008-05-01 19:34:51 54376 -c--a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59:03 . 2008-05-01 19:34:51 34952 -c--a-w- C:\Program Files\mozilla firefox\components\myspell.dll
2008-04-07 06:59:03 . 2008-05-01 19:34:52 46720 -c--a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59:04 . 2008-05-01 19:34:52 172144 -c--a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 16:27:48 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 10:01:32 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-05 00:44:58 16120832]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 06:42:26 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-11-04 15:30:50 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 06:01:00 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2008-7-23 270336]
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-25 495682]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-16 14:30:56 548352 -c--a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-19 02:10:08 87352 ----a-w- C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mapdrvs.bat]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\mapdrvs.bat
backup=C:\WINDOWS\pss\mapdrvs.batStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS]
2009-02-26 16:46:22 1579528 -c----w- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 19:00:00 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03:00 125528 ----a-w- C:\Program Files\Common Files\AOL\1154365368\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 22:34:50 213936 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20:54 290088 -c--a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-09-12 15:20:58 63048 -c--a-w- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24:37 1694208 ------w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 10:03:12 1093208 -c--a-w- c:\Program Files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30:50 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24:50 966656 ----a-w- C:\WINDOWS\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-01 17:27:06 149280 -c--a-w- C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-27 16:27:48 68856 -c--a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20:12 866584 -c--a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InstallShield Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"PrismXL"=2 (0x2)
"PCCUJobMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\PCsync\\PCsync.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Crystal Decisions\\Crystal Reports 9\\crw32.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Common Files\\AOL\\1154365368\\EE\\AOLServiceHost.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 11:33:42 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33:40 AM 66632]
R2 LLCPORT;LapLink.com Serial Port Driver;C:\WINDOWS\system32\drivers\llcport.sys [1/24/2007 2:36:05 PM 93440]
R2 LLCSER;LapLink.com Serial Comm Driver;C:\WINDOWS\system32\drivers\llcser.sys [1/24/2007 2:36:05 PM 31708]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [9/12/2007 11:21:00 AM 12856]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/12/2009 8:26:14 PM 126392]
S2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [11/3/2006 6:19:58 PM 13592]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\drivers\el575ND5.sys [7/1/2006 12:44:58 AM 69692]
S3 LLCMINI;LapLink.com Serial Cable Network Adapter;C:\WINDOWS\system32\drivers\LLCMINI5.SYS [1/24/2007 2:36:06 PM 47520]
S3 NET1080;LapLink Inc. USB Cable Network Adapter;C:\WINDOWS\system32\drivers\NETTC.SYS [1/24/2007 12:27:37 PM 12536]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33:44 AM 12872]
S3 USBTC;USBTC;C:\WINDOWS\system32\drivers\usbtc.sys [1/24/2007 12:27:37 PM 13672]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/12/2009 8:26:15 PM 103280]
S4 SentinelKeysServer;Sentinel Keys Server;C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00:04 AM 316992]
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2007-01-24 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2006-05-07 00:36:30 . 2004-08-04 19:00:00]

2010-03-30 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02:36 . 2009-12-09 23:02:36]

2010-03-30 C:\WINDOWS\Tasks\MpIdleTask.job
- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02:36 . 2009-12-09 23:02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hvxtnoyt.default\
.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 03 April 2010 - 11:28 AM

Hi,

it seems the report got cut at the bottom, but the log is looking good. How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 bandera

bandera
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 03 April 2010 - 12:00 PM

Hi:

The computer is working fine..no more run32.dll's running. I have installed microsoft essentials and SAS. Do I need another antivirus?..I was using AVG earlier.

Thanks for all your help.

bandera

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:07 AM

Posted 03 April 2010 - 12:05 PM

Hi,

MSSE (microsoft essentials) should be fine as anti virus program. I would like you to run a scan with Eset to check for potential leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

I'll give you a couple more advice on making your PC more secure, but using an anti virus program and an anti spyware program such as SuperAntiSpyware are a very good start. smile.gif

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users