Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus / anti malware blocked


  • This topic is locked This topic is locked
24 replies to this topic

#1 Mitch Rush

Mitch Rush

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 09 November 2011 - 12:57 PM

Sorry this has taken a while to get back to you. Original post is here.

I was able to run the DDS application with no problems, but GMER was another story. On the first run I received several pop up boxes telling me data was lost even though the application completed. However, it would not let me save the file. The second run resulted in my computer restarting itself. I was not watching as this happened, so I am assuming I got another blue screen. Last night/this morning, the third run is the charm.

To restate the problem, I was attacked by a bogus anti-virus worm. My zone labs and malwarebytes were rendered inoperable. All anti-virus/malware programs have a file in their directory with a blank file name that cannot be deleted. With malwarebytes, I was able to reinstall, but 10 seconds in, it crashed. When I try to rerun malwarebytes, I am told I don't have permission to run the program. I tried Emsisoft anti-malware. Seems to install okay, but the minute I try to do a scan, windows crashes to blue screen. Zone labs acts like it loaded, but it does nothing. I am running XP Professional sp3.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by mitchr at 8:07:03 on 2011-11-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1436 [GMT -8:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2service.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\lxdwcoms.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exe
C:\Documents and Settings\mitchr\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [PCTVOICE] pctspk.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [PinnacleDriverCheck] c:\winnt\system32\PSDrvCheck.exe -CheckReg
mRun: [NeroFilterCheck] c:\winnt\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [Lexmark 7600 Series Fax Server] "c:\program files\lexmark 7600 series\fm3032.exe" /s
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\mitchr\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mitchr\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\belkin\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\winnt\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link wna-2330 notebook adapter\wirelesscm.exe
uPolicies-explorer: MaxRecentDocs = 30 (0x1e)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179383581363
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214283084153
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mitchr\application data\mozilla\firefox\profiles\c77cz3gs.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\mitchr\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\winnt\system32\drivers\a347bus.sys [2010-3-17 158720]
R0 a347scsi;a347scsi;c:\winnt\system32\drivers\a347scsi.sys [2010-3-17 5248]
R0 kl1;kl1;c:\winnt\system32\drivers\kl1.sys [2011-11-5 128016]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-11-5 17904]
R1 KLIF;Kaspersky Lab Driver;c:\winnt\system32\drivers\klif.sys [2011-11-5 317072]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-11-5 2979280]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-4-17 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-4-17 476528]
R2 lxdw_device;lxdw_device;c:\winnt\system32\lxdwcoms.exe -service --> c:\winnt\system32\lxdwcoms.exe -service [?]
R2 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2011-11-5 486280]
R3 JSWSCIMD;jswscimd Service;c:\winnt\system32\drivers\jswscimd.sys [2008-5-24 57376]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdwserv.exe [2009-6-17 98984]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2007-5-16 34176]
S2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-11-5 51632]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [2007-6-10 61440]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [2007-5-15 71744]
S3 EUSBSCSI;Belkin USB Mass Storage Driver;c:\winnt\system32\drivers\EUSBSCSI.SYS [2007-7-17 51717]
S3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [2009-9-13 15504]
S3 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-13 170640]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2007-5-16 49536]
S3 PTDCWFLT;PTDCWWAN Filter Driver;c:\winnt\system32\drivers\PTDCWFLT.sys [2008-6-19 5120]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\winnt\system32\drivers\PTDCWWAN.sys [2008-6-19 58240]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\winnt\system32\drivers\PTDWBus.sys [2007-5-17 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\winnt\system32\drivers\PTDWMdm.sys [2007-5-17 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\winnt\system32\drivers\PTDWVsp.sys [2007-5-17 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\winnt\system32\drivers\PWCTLDRV.sys [2007-5-17 5888]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\winnt\system32\drivers\rt2870.sys [2009-7-29 517632]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== File Associations ===============
.
.bat=TextPad.bat
.txt=TextPad.txt
.
=============== Created Last 30 ================
.
2011-11-05 20:54:36 128016 ----a-w- c:\winnt\system32\drivers\kl1.sys
2011-11-05 20:52:54 1238408 ----a-w- c:\winnt\system32\zpeng25.dll
2011-11-05 20:41:34 -------- d-----w- c:\program files\Zone Labs
2011-11-05 20:41:13 -------- d-----w- c:\winnt\system32\Zonelabs
2011-11-05 20:10:22 -------- d-----w- c:\winnt\system32\wbem\repository\FS
2011-11-05 20:10:21 -------- d-----w- c:\winnt\system32\wbem\repository\Export
2011-11-05 20:10:21 -------- d-----w- c:\winnt\system32\wbem\Repository
2011-11-05 19:39:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-03 10:41:24 -------- d-----w- c:\documents and settings\all users\application data\ZA_PreservedFiles
2011-11-03 09:59:54 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-11-03 09:52:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-03 08:19:53 -------- d-sh--w- c:\documents and settings\mitchr\local settings\application data\190b2ddf
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\winnt\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\winnt\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\winnt\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\winnt\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\winnt\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\winnt\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\winnt\system32\drivers\afd.sys
2003-09-05 17:44:10 1200623 ----a-w- c:\program files\Easy VideoSplitter_2_01.exe
2003-08-24 09:04:04 3211306 ----a-w- c:\program files\ezjoiner.exe
2003-02-21 11:42:22 348160 ----a-w- c:\program files\msvcr71.dll
2000-11-15 16:21:16 178688 ----a-w- c:\program files\hjsplit.exe
.
============= FINISH: 8:09:23.78 ===============

Attached are my attach.txt and ark.txt

Thank you in advance for any assistance you are able to provide

Mitch

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 11 November 2011 - 02:16 PM

Hi,

Please do the following:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 12 November 2011 - 04:06 AM

Below are the logs for TDSSKiller and ComboFix. There was also a catchme.log written to my desktop. I have not opened that file, nor have I included the contents here until I here from you it is okay to open and post.

Thanks for your assistance so far. Mitch

22:17:35.0123 3920 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
22:17:35.0213 3920 ============================================================
22:17:35.0213 3920 Current date / time: 2011/11/11 22:17:35.0213
22:17:35.0213 3920 SystemInfo:
22:17:35.0213 3920
22:17:35.0213 3920 OS Version: 5.1.2600 ServicePack: 3.0
22:17:35.0213 3920 Product type: Workstation
22:17:35.0213 3920 ComputerName: MITCH
22:17:35.0213 3920 UserName: mitchr
22:17:35.0213 3920 Windows directory: C:\WINNT
22:17:35.0213 3920 System windows directory: C:\WINNT
22:17:35.0213 3920 Processor architecture: Intel x86
22:17:35.0213 3920 Number of processors: 1
22:17:35.0213 3920 Page size: 0x1000
22:17:35.0213 3920 Boot type: Normal boot
22:17:35.0213 3920 ============================================================
22:17:41.0712 3920 Initialize success
22:17:46.0189 3952 ============================================================
22:17:46.0189 3952 Scan started
22:17:46.0189 3952 Mode: Manual;
22:17:46.0189 3952 ============================================================
22:17:48.0202 3952 190b2ddf (8f2bb1827cac01aee6a16e30a1260199) C:\WINNT\3744271129:3874804256.exe
22:17:50.0976 3952 Suspicious file (Hidden): C:\WINNT\3744271129:3874804256.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
22:17:50.0976 3952 190b2ddf ( Rootkit.Win32.PMax.gen ) - infected
22:17:50.0986 3952 190b2ddf - detected Rootkit.Win32.PMax.gen (0)
22:17:51.0256 3952 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:17:51.0276 3952 a2acc - ok
22:17:51.0426 3952 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2ddax86.sys
22:17:51.0426 3952 A2DDA - ok
22:17:51.0877 3952 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINNT\system32\DRIVERS\a347bus.sys
22:17:51.0907 3952 a347bus - ok
22:17:52.0247 3952 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINNT\system32\Drivers\a347scsi.sys
22:17:52.0257 3952 a347scsi - ok
22:17:52.0538 3952 Abiosdsk - ok
22:17:52.0808 3952 abp480n5 - ok
22:17:53.0349 3952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys
22:18:01.0150 3952 ACPI - ok
22:18:01.0891 3952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
22:18:01.0891 3952 ACPIEC - ok
22:18:02.0662 3952 adpu160m - ok
22:18:03.0253 3952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
22:18:03.0273 3952 aec - ok
22:18:03.0644 3952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINNT\System32\drivers\afd.sys
22:18:03.0674 3952 AFD - ok
22:18:04.0064 3952 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\system32\DRIVERS\agp440.sys
22:18:04.0084 3952 agp440 - ok
22:18:04.0465 3952 Aha154x - ok
22:18:04.0946 3952 aic116x - ok
22:18:05.0346 3952 aic78u2 - ok
22:18:06.0087 3952 aic78xx - ok
22:18:06.0828 3952 AliIde - ok
22:18:07.0109 3952 ami0nt - ok
22:18:07.0379 3952 amsint - ok
22:18:07.0700 3952 ANIO (920298c7aef97d8168d219d35975d295) C:\WINNT\system32\ANIO.SYS
22:18:07.0710 3952 ANIO - ok
22:18:08.0070 3952 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINNT\system32\DRIVERS\Apfiltr.sys
22:18:08.0080 3952 ApfiltrService - ok
22:18:08.0901 3952 AR5211 (9108f38c07f4953ea4ee89243e787cad) C:\WINNT\system32\DRIVERS\ar5211.sys
22:18:09.0062 3952 AR5211 - ok
22:18:09.0452 3952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys
22:18:09.0502 3952 Arp1394 - ok
22:18:09.0873 3952 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINNT\system32\drivers\ASAPIW2k.sys
22:18:09.0923 3952 ASAPIW2k - ok
22:18:10.0393 3952 asc - ok
22:18:11.0295 3952 asc3350p - ok
22:18:12.0136 3952 asc3550 - ok
22:18:12.0757 3952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
22:18:12.0817 3952 AsyncMac - ok
22:18:13.0198 3952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINNT\system32\DRIVERS\atapi.sys
22:18:13.0218 3952 atapi - ok
22:18:13.0778 3952 Atdisk - ok
22:18:14.0189 3952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
22:18:14.0189 3952 Atmarpc - ok
22:18:14.0890 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
22:18:14.0890 3952 audstub - ok
22:18:15.0421 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
22:18:15.0421 3952 Beep - ok
22:18:16.0552 3952 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINNT\system32\drivers\btaudio.sys
22:18:16.0562 3952 btaudio - ok
22:18:16.0983 3952 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINNT\system32\DRIVERS\btport.sys
22:18:16.0983 3952 BTDriver - ok
22:18:17.0834 3952 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINNT\system32\DRIVERS\btkrnl.sys
22:18:17.0844 3952 BTKRNL - ok
22:18:18.0725 3952 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINNT\system32\DRIVERS\btwdndis.sys
22:18:19.0026 3952 BTWDNDIS - ok
22:18:20.0248 3952 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINNT\system32\DRIVERS\btwhid.sys
22:18:20.0258 3952 btwhid - ok
22:18:21.0009 3952 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINNT\system32\DRIVERS\btwmodem.sys
22:18:21.0019 3952 btwmodem - ok
22:18:21.0990 3952 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINNT\system32\Drivers\btwusb.sys
22:18:22.0020 3952 BTWUSB - ok
22:18:22.0701 3952 BusLogic - ok
22:18:23.0422 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
22:18:23.0432 3952 cbidf2k - ok
22:18:24.0183 3952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINNT\system32\DRIVERS\CCDECODE.sys
22:18:24.0183 3952 CCDECODE - ok
22:18:24.0584 3952 cd20xrnt - ok
22:18:25.0215 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
22:18:25.0495 3952 Cdaudio - ok
22:18:26.0817 3952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
22:18:26.0997 3952 Cdfs - ok
22:18:28.0449 3952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
22:18:28.0860 3952 Cdrom - ok
22:18:30.0362 3952 Changer - ok
22:18:32.0035 3952 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINNT\system32\DRIVERS\CmBatt.sys
22:18:32.0045 3952 CmBatt - ok
22:18:33.0667 3952 CmdIde - ok
22:18:35.0510 3952 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys
22:18:35.0510 3952 Compbatt - ok
22:18:36.0761 3952 Cpqarray - ok
22:18:37.0342 3952 cpqarry2 - ok
22:18:38.0213 3952 cpqfcalm - ok
22:18:38.0754 3952 cpqfws2e - ok
22:18:39.0335 3952 cs429x (85230103c10542581fb622345310d131) C:\WINNT\system32\drivers\cwawdm.sys
22:18:39.0365 3952 cs429x - ok
22:18:39.0856 3952 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINNT\system32\DRIVERS\CVirtA.sys
22:18:39.0866 3952 CVirtA - ok
22:18:40.0617 3952 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINNT\system32\Drivers\CVPNDRVA.sys
22:18:40.0637 3952 CVPNDRVA - ok
22:18:41.0318 3952 dac2w2k - ok
22:18:41.0839 3952 dac960nt - ok
22:18:42.0169 3952 deckzpsx - ok
22:18:42.0600 3952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
22:18:42.0600 3952 Disk - ok
22:18:43.0421 3952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
22:18:43.0681 3952 dmboot - ok
22:18:44.0332 3952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys
22:18:44.0422 3952 dmio - ok
22:18:44.0753 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
22:18:44.0753 3952 dmload - ok
22:18:45.0063 3952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
22:18:45.0063 3952 DMusic - ok
22:18:45.0474 3952 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINNT\system32\DRIVERS\dne2000.sys
22:18:45.0514 3952 DNE - ok
22:18:46.0005 3952 dpti2o - ok
22:18:46.0355 3952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
22:18:46.0355 3952 drmkaud - ok
22:18:46.0636 3952 EFS - ok
22:18:47.0176 3952 EL90BC (c715dd82b8e72fc11e56ca800f3033ef) C:\WINNT\system32\DRIVERS\el90xbc5.sys
22:18:47.0186 3952 EL90BC - ok
22:18:48.0669 3952 EL90Xbc (c715dd82b8e72fc11e56ca800f3033ef) C:\WINNT\system32\DRIVERS\el90Xbc5.SYS
22:18:48.0679 3952 EL90Xbc - ok
22:18:49.0530 3952 EUSBSCSI (fbd39077ec3c2289bbf04fa0d614951c) C:\WINNT\system32\DRIVERS\EUSBSCSI.SYS
22:18:49.0580 3952 EUSBSCSI - ok
22:18:50.0050 3952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
22:18:50.0081 3952 Fastfat - ok
22:18:50.0541 3952 Fd16_700 - ok
22:18:50.0862 3952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys
22:18:50.0862 3952 Fdc - ok
22:18:51.0212 3952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
22:18:51.0212 3952 Fips - ok
22:18:51.0763 3952 fireport - ok
22:18:52.0174 3952 flashpnt - ok
22:18:53.0175 3952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys
22:18:53.0205 3952 Flpydisk - ok
22:18:54.0577 3952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
22:18:54.0637 3952 FltMgr - ok
22:18:55.0538 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
22:18:55.0538 3952 Fs_Rec - ok
22:18:56.0510 3952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
22:18:56.0550 3952 Ftdisk - ok
22:18:57.0631 3952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\Drivers\GEARAspiWDM.sys
22:18:57.0782 3952 GEARAspiWDM - ok
22:18:58.0493 3952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
22:18:58.0503 3952 Gpc - ok
22:18:58.0883 3952 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
22:18:58.0883 3952 HidUsb - ok
22:18:59.0224 3952 hpn - ok
22:18:59.0855 3952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
22:18:59.0955 3952 HTTP - ok
22:19:00.0325 3952 i2omgmt - ok
22:19:00.0706 3952 i2omp - ok
22:19:01.0427 3952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
22:19:01.0467 3952 i8042prt - ok
22:19:01.0847 3952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
22:19:01.0847 3952 Imapi - ok
22:19:02.0198 3952 ini910u - ok
22:19:02.0558 3952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys
22:19:02.0558 3952 IntelIde - ok
22:19:03.0199 3952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
22:19:03.0209 3952 intelppm - ok
22:19:03.0640 3952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
22:19:03.0670 3952 Ip6Fw - ok
22:19:04.0051 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
22:19:04.0061 3952 IpFilterDriver - ok
22:19:04.0662 3952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
22:19:04.0682 3952 IpInIp - ok
22:19:05.0062 3952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
22:19:05.0112 3952 IpNat - ok
22:19:05.0653 3952 IPSEC (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
22:19:05.0703 3952 IPSEC - ok
22:19:06.0194 3952 ipsraidn - ok
22:19:06.0604 3952 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINNT\system32\DRIVERS\irda.sys
22:19:06.0634 3952 irda - ok
22:19:07.0205 3952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
22:19:07.0225 3952 IRENUM - ok
22:19:07.0906 3952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys
22:19:07.0926 3952 isapnp - ok
22:19:08.0157 3952 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
22:19:08.0167 3952 ISODrive - ok
22:19:08.0247 3952 ISWKL (6c614b6fd20194835c77346f6c34156e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:19:08.0247 3952 ISWKL - ok
22:19:08.0858 3952 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINNT\system32\DRIVERS\jswscimd.sys
22:19:08.0868 3952 JSWSCIMD - ok
22:19:09.0228 3952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
22:19:09.0238 3952 Kbdclass - ok
22:19:09.0649 3952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINNT\system32\DRIVERS\kbdhid.sys
22:19:09.0669 3952 kbdhid - ok
22:19:10.0029 3952 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINNT\system32\DRIVERS\kl1.sys
22:19:10.0059 3952 kl1 - ok
22:19:10.0660 3952 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINNT\system32\DRIVERS\klif.sys
22:19:10.0680 3952 KLIF - ok
22:19:11.0181 3952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
22:19:11.0261 3952 kmixer - ok
22:19:11.0772 3952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
22:19:11.0802 3952 KSecDD - ok
22:19:12.0122 3952 lbrtfdc - ok
22:19:12.0903 3952 lp6nds35 - ok
22:19:13.0614 3952 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINNT\system32\DRIVERS\MarvinBus.sys
22:19:13.0624 3952 MarvinBus - ok
22:19:14.0095 3952 MBAMProtector (310a2d8ffde5eb60a33ee89dd78f1c1f) C:\WINNT\system32\drivers\mbam.sys
22:19:14.0095 3952 MBAMProtector - ok
22:19:14.0596 3952 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINNT\system32\DRIVERS\mdc8021x.sys
22:19:14.0606 3952 MDC8021X - ok
22:19:14.0966 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
22:19:14.0976 3952 mnmdd - ok
22:19:15.0447 3952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
22:19:15.0457 3952 Modem - ok
22:19:15.0788 3952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
22:19:15.0798 3952 Mouclass - ok
22:19:16.0308 3952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
22:19:16.0318 3952 mouhid - ok
22:19:16.0739 3952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
22:19:16.0769 3952 MountMgr - ok
22:19:17.0139 3952 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINNT\system32\DRIVERS\MPE.sys
22:19:17.0139 3952 MPE - ok
22:19:17.0560 3952 mraid35x - ok
22:19:17.0951 3952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
22:19:18.0001 3952 MRxDAV - ok
22:19:18.0632 3952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINNT\system32\DRIVERS\mrxsmb.sys
22:19:18.0782 3952 MRxSmb - ok
22:19:19.0162 3952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
22:19:19.0222 3952 Msfs - ok
22:19:19.0593 3952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
22:19:19.0603 3952 MSKSSRV - ok
22:19:20.0144 3952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
22:19:20.0154 3952 MSPCLOCK - ok
22:19:20.0474 3952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
22:19:20.0474 3952 MSPQM - ok
22:19:20.0925 3952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
22:19:20.0935 3952 mssmbios - ok
22:19:21.0285 3952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINNT\system32\drivers\MSTEE.sys
22:19:21.0285 3952 MSTEE - ok
22:19:21.0726 3952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINNT\system32\drivers\Mup.sys
22:19:21.0766 3952 Mup - ok
22:19:22.0287 3952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINNT\system32\DRIVERS\NABTSFEC.sys
22:19:22.0297 3952 NABTSFEC - ok
22:19:22.0577 3952 Ncrc710 - ok
22:19:22.0958 3952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
22:19:23.0008 3952 NDIS - ok
22:19:23.0348 3952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINNT\system32\DRIVERS\ndistapi.sys
22:19:23.0348 3952 NdisTapi - ok
22:19:23.0769 3952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
22:19:23.0779 3952 Ndisuio - ok
22:19:24.0119 3952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
22:19:24.0140 3952 NdisWan - ok
22:19:24.0630 3952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys
22:19:24.0630 3952 NDProxy - ok
22:19:24.0981 3952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
22:19:24.0991 3952 NetBIOS - ok
22:19:25.0401 3952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
22:19:25.0431 3952 NetBT - ok
22:19:25.0802 3952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys
22:19:25.0802 3952 NIC1394 - ok
22:19:26.0223 3952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
22:19:26.0233 3952 Npfs - ok
22:19:26.0793 3952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
22:19:27.0114 3952 Ntfs - ok
22:19:27.0474 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
22:19:27.0484 3952 Null - ok
22:19:28.0316 3952 nv (d50dbfcdf05c7b161defcd0fc46e77ae) C:\WINNT\system32\DRIVERS\nv4_mini.sys
22:19:28.0336 3952 nv - ok
22:19:28.0866 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
22:19:28.0876 3952 NwlnkFlt - ok
22:19:29.0417 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
22:19:29.0417 3952 NwlnkFwd - ok
22:19:29.0988 3952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys
22:19:30.0088 3952 ohci1394 - ok
22:19:30.0479 3952 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINNT\SYSTEM32\DRIVERS\OMCI.SYS
22:19:30.0489 3952 OMCI - ok
22:19:30.0929 3952 ousb2hub (65a4279a4f180923f6b67abcb25ff5ad) C:\WINNT\system32\DRIVERS\ousb2hub.sys
22:19:30.0939 3952 ousb2hub - ok
22:19:31.0260 3952 ousbehci (3a7a5917e7e0e6ec653c1abc1b9a4b97) C:\WINNT\system32\Drivers\ousbehci.sys
22:19:31.0270 3952 ousbehci - ok
22:19:31.0600 3952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys
22:19:31.0610 3952 Parport - ok
22:19:31.0911 3952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
22:19:31.0921 3952 PartMgr - ok
22:19:32.0341 3952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
22:19:32.0341 3952 ParVdm - ok
22:19:32.0702 3952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys
22:19:32.0702 3952 PCI - ok
22:19:32.0972 3952 PCIDump - ok
22:19:33.0263 3952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
22:19:33.0273 3952 PCIIde - ok
22:19:33.0723 3952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\DRIVERS\pcmcia.sys
22:19:33.0753 3952 Pcmcia - ok
22:19:34.0074 3952 PDCOMP - ok
22:19:34.0344 3952 PDFRAME - ok
22:19:34.0625 3952 PDRELI - ok
22:19:34.0905 3952 PDRFRAME - ok
22:19:35.0286 3952 perc2 - ok
22:19:35.0606 3952 perc2hib - ok
22:19:36.0027 3952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
22:19:36.0027 3952 PptpMiniport - ok
22:19:36.0477 3952 PTDCBus (445d21f11eb4f378b206ebca5f597ffa) C:\WINNT\system32\DRIVERS\PTDCBus.sys
22:19:36.0477 3952 PTDCBus - ok
22:19:36.0828 3952 PTDCMdm (fea4addf9e23b853e5cacc9f013bb986) C:\WINNT\system32\DRIVERS\PTDCMdm.sys
22:19:36.0838 3952 PTDCMdm - ok
22:19:37.0268 3952 PTDCVsp (56e46ffef17844e626b441176be1aabf) C:\WINNT\system32\DRIVERS\PTDCVsp.sys
22:19:37.0278 3952 PTDCVsp - ok
22:19:37.0589 3952 PTDCWFLT (ca125e002c83ad00c620943023e242ce) C:\WINNT\system32\DRIVERS\PTDCWFLT.sys
22:19:37.0599 3952 PTDCWFLT - ok
22:19:38.0080 3952 PTDCWWAN (a4bbb6c04d80ed32b8f3d3c10430a032) C:\WINNT\system32\DRIVERS\PTDCWWAN.sys
22:19:38.0090 3952 PTDCWWAN - ok
22:19:38.0540 3952 PTDWBus (fbd9a22ec513457bc4b9227a239bce2c) C:\WINNT\system32\DRIVERS\PTDWBus.sys
22:19:38.0550 3952 PTDWBus - ok
22:19:38.0951 3952 PTDWMdm (33477b60160223e71c2850532cbba647) C:\WINNT\system32\DRIVERS\PTDWMdm.sys
22:19:38.0951 3952 PTDWMdm - ok
22:19:39.0391 3952 PTDWVsp (80811c30bc5ec69078bd45cae6dec82e) C:\WINNT\system32\DRIVERS\PTDWVsp.sys
22:19:39.0391 3952 PTDWVsp - ok
22:19:39.0872 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
22:19:39.0892 3952 Ptilink - ok
22:19:40.0303 3952 Ptserial (40936a45b0999cc3f48ea62037068c20) C:\WINNT\system32\DRIVERS\ptserial.sys
22:19:40.0313 3952 Ptserial - ok
22:19:40.0803 3952 PWCTLDRV (f82f63e56c9d0c769a2bb385a972120b) C:\WINNT\system32\drivers\PWCTLDRV.sys
22:19:40.0803 3952 PWCTLDRV - ok
22:19:41.0254 3952 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINNT\system32\Drivers\PxHelp20.sys
22:19:41.0254 3952 PxHelp20 - ok
22:19:41.0545 3952 ql1080 - ok
22:19:41.0875 3952 Ql10wnt - ok
22:19:42.0165 3952 ql12160 - ok
22:19:42.0446 3952 ql1240 - ok
22:19:42.0726 3952 ql1280 - ok
22:19:43.0137 3952 ql2100 - ok
22:19:43.0487 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
22:19:43.0497 3952 RasAcd - ok
22:19:43.0938 3952 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINNT\system32\DRIVERS\rasirda.sys
22:19:43.0948 3952 Rasirda - ok
22:19:44.0339 3952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
22:19:44.0339 3952 Rasl2tp - ok
22:19:44.0639 3952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
22:19:44.0639 3952 RasPppoe - ok
22:19:45.0100 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
22:19:45.0110 3952 Raspti - ok
22:19:45.0480 3952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
22:19:45.0520 3952 Rdbss - ok
22:19:46.0001 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
22:19:46.0011 3952 RDPCDD - ok
22:19:46.0552 3952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys
22:19:46.0612 3952 rdpdr - ok
22:19:47.0143 3952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINNT\system32\drivers\RDPWD.sys
22:19:47.0173 3952 RDPWD - ok
22:19:47.0553 3952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys
22:19:47.0563 3952 redbook - ok
22:19:48.0054 3952 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINNT\system32\Drivers\RimUsb.sys
22:19:48.0064 3952 RimUsb - ok
22:19:48.0404 3952 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINNT\system32\DRIVERS\RimSerial.sys
22:19:48.0414 3952 RimVSerPort - ok
22:19:48.0895 3952 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINNT\system32\Drivers\RootMdm.sys
22:19:48.0905 3952 ROOTMODEM - ok
22:19:49.0556 3952 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINNT\system32\DRIVERS\rt2870.sys
22:19:49.0576 3952 rt2870 - ok
22:19:50.0107 3952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
22:19:50.0127 3952 Secdrv - ok
22:19:50.0507 3952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys
22:19:50.0507 3952 serenum - ok
22:19:50.0838 3952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys
22:19:50.0838 3952 Serial - ok
22:19:51.0259 3952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys
22:19:51.0269 3952 Sfloppy - ok
22:19:51.0569 3952 Simbad - ok
22:19:51.0899 3952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINNT\system32\DRIVERS\SLIP.sys
22:19:51.0929 3952 SLIP - ok
22:19:52.0280 3952 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINNT\system32\DRIVERS\smcirda.sys
22:19:52.0300 3952 SMCIRDA - ok
22:19:52.0941 3952 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
22:19:53.0021 3952 SMNDIS5 - ok
22:19:53.0382 3952 Sparrow - ok
22:19:53.0792 3952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
22:19:53.0802 3952 splitter - ok
22:19:54.0393 3952 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINNT\system32\Drivers\sptd.sys
22:19:54.0403 3952 Suspicious file (NoAccess): C:\WINNT\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
22:19:54.0413 3952 sptd ( LockedFile.Multi.Generic ) - warning
22:19:54.0413 3952 sptd - detected LockedFile.Multi.Generic (1)
22:19:54.0744 3952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
22:19:54.0754 3952 sr - ok
22:19:55.0174 3952 srescan - ok
22:19:55.0775 3952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINNT\system32\DRIVERS\srv.sys
22:19:55.0885 3952 Srv - ok
22:19:56.0396 3952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINNT\system32\DRIVERS\StreamIP.sys
22:19:56.0416 3952 streamip - ok
22:19:56.0746 3952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
22:19:56.0756 3952 swenum - ok
22:19:57.0107 3952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
22:19:57.0127 3952 swmidi - ok
22:19:57.0568 3952 symc810 - ok
22:19:57.0878 3952 symc8xx - ok
22:19:58.0239 3952 sym_hi - ok
22:19:58.0809 3952 sym_u3 - ok
22:19:59.0310 3952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
22:19:59.0340 3952 sysaudio - ok
22:20:00.0171 3952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
22:20:00.0472 3952 Tcpip - ok
22:20:01.0113 3952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
22:20:01.0133 3952 TDPIPE - ok
22:20:01.0694 3952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
22:20:01.0704 3952 TDTCP - ok
22:20:02.0214 3952 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
22:20:02.0224 3952 TermDD - ok
22:20:02.0525 3952 tga - ok
22:20:03.0005 3952 TosIde - ok
22:20:03.0566 3952 UdfReadr (37148e648e0f3a6694040fd9f80941b7) C:\WINNT\system32\drivers\UdfReadr.sys
22:20:03.0616 3952 UdfReadr - ok
22:20:04.0257 3952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
22:20:04.0267 3952 Udfs - ok
22:20:04.0568 3952 ultra - ok
22:20:04.0828 3952 ultra66 - ok
22:20:05.0429 3952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
22:20:05.0559 3952 Update - ok
22:20:06.0110 3952 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINNT\system32\Drivers\usbaapl.sys
22:20:06.0120 3952 USBAAPL - ok
22:20:07.0171 3952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
22:20:07.0191 3952 usbccgp - ok
22:20:07.0732 3952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
22:20:07.0742 3952 usbehci - ok
22:20:08.0123 3952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys
22:20:08.0123 3952 usbhub - ok
22:20:08.0433 3952 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINNT\system32\DRIVERS\usbohci.sys
22:20:08.0433 3952 usbohci - ok
22:20:08.0824 3952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys
22:20:08.0834 3952 usbprint - ok
22:20:09.0184 3952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
22:20:09.0184 3952 usbscan - ok
22:20:09.0645 3952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
22:20:09.0655 3952 USBSTOR - ok
22:20:10.0025 3952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys
22:20:10.0036 3952 usbuhci - ok
22:20:10.0516 3952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
22:20:10.0516 3952 VgaSave - ok
22:20:10.0827 3952 ViaIde - ok
22:20:11.0538 3952 Vmodem (687987134b6c075a1aa8bbd200ee3e11) C:\WINNT\system32\DRIVERS\vmodem.sys
22:20:11.0768 3952 Vmodem - ok
22:20:12.0269 3952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
22:20:12.0279 3952 VolSnap - ok
22:20:12.0739 3952 Vpctcom (b8c6067cd631ae0141144a74d00c4e7b) C:\WINNT\system32\DRIVERS\vpctcom.sys
22:20:12.0890 3952 Vpctcom - ok
22:20:13.0490 3952 vsdatant (1045d05bbd5170565927d7653346c961) C:\WINNT\system32\vsdatant.sys
22:20:14.0041 3952 vsdatant - ok
22:20:14.0592 3952 Vvoice (bc41eef92134e25b71e942e1080266e0) C:\WINNT\system32\DRIVERS\vvoice.sys
22:20:14.0612 3952 Vvoice - ok
22:20:15.0493 3952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
22:20:15.0503 3952 Wanarp - ok
22:20:15.0804 3952 WDICA - ok
22:20:16.0154 3952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
22:20:16.0164 3952 wdmaud - ok
22:20:16.0705 3952 WSIMD (2691329aa67863c2e80e63f1d9802947) C:\WINNT\system32\DRIVERS\wsimd.sys
22:20:16.0715 3952 WSIMD - ok
22:20:17.0026 3952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
22:20:17.0046 3952 WSTCODEC - ok
22:20:17.0186 3952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:20:18.0037 3952 \Device\Harddisk0\DR0 - ok
22:20:18.0087 3952 Boot (0x1200) (5df715dc34cb4cbbf2cce5bf95494318) \Device\Harddisk0\DR0\Partition0
22:20:18.0107 3952 \Device\Harddisk0\DR0\Partition0 - ok
22:20:18.0107 3952 ============================================================
22:20:18.0107 3952 Scan finished
22:20:18.0107 3952 ============================================================
22:20:18.0227 3944 Detected object count: 2
22:20:18.0227 3944 Actual detected object count: 2
22:21:20.0096 3944 HKLM\SYSTEM\ControlSet001\services\190b2ddf - will be deleted on reboot
22:21:20.0096 3944 HKLM\SYSTEM\ControlSet004\services\190b2ddf - will be deleted on reboot
22:21:20.0096 3944 C:\WINNT\3744271129:3874804256.exe - will be deleted on reboot
22:21:20.0096 3944 190b2ddf ( Rootkit.Win32.PMax.gen ) - User select action: Delete
22:21:20.0096 3944 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:21:20.0096 3944 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:21:28.0518 3916 Deinitialize success

--- ComboFix Log ---

ComboFix 11-11-12.01 - mitchr 11/11/2011 23:20:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1655 [GMT -8:00]
Running from: c:\documents and settings\mitchr\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cfk.exe
c:\documents and settings\All Users\Application Data\idk.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\mitchr\Local Settings\Application Data\190b2ddf
c:\documents and settings\mitchr\Local Settings\Application Data\190b2ddf\@
c:\documents and settings\mitchr\Local Settings\Application Data\190b2ddf\U\80000000.@
c:\documents and settings\mitchr\Local Settings\Application Data\190b2ddf\U\800000cb.@
c:\documents and settings\mitchr\Local Settings\Application Data\190b2ddf\X
c:\documents and settings\mitchr\Local Settings\Application Data\bcs.exe
c:\documents and settings\mitchr\Local Settings\Application Data\bif.exe
c:\documents and settings\mitchr\Local Settings\Application Data\elk.exe
c:\documents and settings\mitchr\Local Settings\Application Data\erv.exe
c:\documents and settings\mitchr\Local Settings\Application Data\ibi.exe
c:\documents and settings\mitchr\Local Settings\Application Data\kwo.exe
c:\documents and settings\mitchr\Local Settings\Application Data\lrm.exe
c:\documents and settings\mitchr\Local Settings\Application Data\mie.exe
c:\documents and settings\mitchr\Local Settings\Application Data\myq.exe
c:\documents and settings\mitchr\Local Settings\Application Data\nbh.exe
c:\documents and settings\mitchr\Local Settings\Application Data\oaj.exe
c:\documents and settings\mitchr\Local Settings\Application Data\onx.exe
c:\documents and settings\mitchr\Local Settings\Application Data\qvb.exe
c:\documents and settings\mitchr\Local Settings\Application Data\rbv.exe
c:\documents and settings\mitchr\Local Settings\Application Data\swc.exe
c:\documents and settings\mitchr\Local Settings\Application Data\ttv.exe
c:\documents and settings\mitchr\Local Settings\Application Data\vds.exe
c:\documents and settings\mitchr\Local Settings\Application Data\vwu.exe
c:\documents and settings\mitchr\Local Settings\Application Data\wjv.exe
c:\documents and settings\mitchr\Local Settings\Application Data\yiy.exe
c:\documents and settings\mitchr\Recent\Thumbs.db
c:\winnt\$NtUninstallKB52011$
c:\winnt\$NtUninstallKB52011$\4193006026
c:\winnt\$NtUninstallKB52011$\420163039\@
c:\winnt\$NtUninstallKB52011$\420163039\L\ftomtszm
c:\winnt\$NtUninstallKB52011$\420163039\loader.tlb
c:\winnt\$NtUninstallKB52011$\420163039\U\$00000001
c:\winnt\$NtUninstallKB52011$\420163039\U\$800000cb
c:\winnt\$NtUninstallKB52011$\420163039\U\@000000c0
c:\winnt\$NtUninstallKB52011$\420163039\U\@000000cb
c:\winnt\$NtUninstallKB52011$\420163039\U\@000000cf
c:\winnt\$NtUninstallKB52011$\420163039\U\@80000000
c:\winnt\$NtUninstallKB52011$\420163039\U\@800000c0
c:\winnt\$NtUninstallKB52011$\420163039\U\@800000cf
c:\winnt\assembly\GAC_MSIL\desktop.ini
c:\winnt\pkunzip.pif
c:\winnt\pkzip.pif
c:\winnt\system32\
c:\winnt\system32\c_49973.nl_
c:\winnt\system32\Cache
c:\winnt\system32\drivers\etc\lmhosts
c:\winnt\system32\urogitud.ini
c:\winnt\Web\default.htt
.
Infected copy of c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245565.exe
.
Infected copy of c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP996\A0248956.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245566.exe
.
Infected copy of c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245568.exe
.
Infected copy of c:\cfusionmx7\db\slserver54\bin\swagent.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245569.exe
.
Infected copy of c:\cfusionmx7\db\slserver54\bin\swstrtr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245639.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245575.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245576.exe
.
Infected copy of c:\winnt\system32\lxdwcoms.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245572.exe
.
Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245762.exe
.
Infected copy of c:\winnt\system32\nvsvc32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245641.exe
.
Infected copy of c:\program files\UPHClean\uphclean.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245574.exe
.
Infected copy of c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245565.exe
Infected copy of c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP996\A0248956.exe
Infected copy of c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245568.exe
Infected copy of c:\cfusionmx7\db\slserver54\bin\swagent.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245569.exe
Infected copy of c:\cfusionmx7\db\slserver54\bin\swstrtr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245639.exe
Infected copy of c:\winnt\system32\nvsvc32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245641.exe
Infected copy of c:\program files\UPHClean\uphclean.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP992\A0245574.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IAS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-05 20:54 . 2009-10-13 01:15 128016 ----a-w- c:\winnt\system32\drivers\kl1.sys
2011-11-05 20:53 . 2009-10-17 07:39 69000 ----a-w- c:\winnt\system32\zlcomm.dll
2011-11-05 20:53 . 2009-10-17 07:39 103816 ----a-w- c:\winnt\system32\zlcommdb.dll
2011-11-05 20:52 . 2009-10-17 07:39 1238408 ----a-w- c:\winnt\system32\zpeng25.dll
2011-11-05 20:41 . 2011-11-05 20:41 -------- d-----w- c:\program files\Zone Labs
2011-11-05 20:41 . 2011-11-05 20:54 -------- d-----w- c:\winnt\system32\Zonelabs
2011-11-05 20:10 . 2011-11-05 20:10 -------- d-----w- c:\winnt\system32\wbem\Repository
2011-11-05 19:39 . 2011-11-05 21:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-03 10:41 . 2011-11-03 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2011-11-03 09:59 . 2011-11-03 09:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-03 09:52 . 2011-11-03 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-03 09:46 . 2011-11-03 09:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\winnt\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 12:00 220160 ----a-w- c:\winnt\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 12:00 20480 ----a-w- c:\winnt\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\winnt\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ------w- c:\winnt\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\winnt\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\winnt\system32\drivers\afd.sys
2003-09-05 17:44 . 2008-07-27 20:26 1200623 ----a-w- c:\program files\Easy VideoSplitter_2_01.exe
2003-08-24 09:04 . 2008-07-27 20:26 3211306 ----a-w- c:\program files\ezjoiner.exe
2003-02-21 11:42 . 2003-02-21 11:42 348160 ----a-w- c:\program files\msvcr71.dll
2000-11-15 16:21 . 2008-07-17 19:30 178688 ----a-w- c:\program files\hjsplit.exe
2007-04-23 00:16 . 2007-04-23 00:16 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-04-23 00:16 . 2007-04-23 00:16 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2011-09-29 06:53 . 2011-10-04 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\winnt\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\winnt\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\winnt\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\winnt\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-09 16:10 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\winnt\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\ole32.dll
[-] 2003-06-19 19:05 . EEF17647FBBD2F402179EA99895A478E . 996112 . . [5.00.2195.6692] . . c:\winnt\$NtUpdateRollupPackUninstall$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\winnt\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\winnt\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\dllcache\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\winnt\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\winnt\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
[-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\winnt\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\winnt\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"PCTVOICE"="pctspk.exe" [2002-07-26 163840]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2001-11-06 131072]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-02-10 4501504]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"PinnacleDriverCheck"="c:\winnt\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2003-02-10 323584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\mitchr\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\mitchr\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-5-27 25214]
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2008-8-15 869376]
VPN Client.lnk - c:\winnt\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-6-25 6144]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exe [2008-5-24 20525056]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\mitchr\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 a347bus;a347bus;c:\winnt\system32\drivers\a347bus.sys [3/17/2010 10:41 PM 158720]
R0 a347scsi;a347scsi;c:\winnt\system32\drivers\a347scsi.sys [3/17/2010 10:41 PM 5248]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [8/6/2008 9:54 PM 716272]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [11/5/2011 11:40 AM 17904]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11/5/2011 11:39 AM 2979280]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/17/2009 12:11 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/17/2009 12:11 AM 476528]
R2 lxdw_device;lxdw_device;c:\winnt\system32\lxdwcoms.exe -service --> c:\winnt\system32\lxdwcoms.exe -service [?]
R3 JSWSCIMD;jswscimd Service;c:\winnt\system32\drivers\jswscimd.sys [5/24/2008 11:08 AM 57376]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdwserv.exe [6/17/2009 6:08 PM 98984]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [5/16/2007 9:55 PM 34176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11/5/2011 11:40 AM 51632]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [6/10/2007 8:47 PM 61440]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [5/15/2007 11:56 PM 71744]
S3 EUSBSCSI;Belkin USB Mass Storage Driver;c:\winnt\system32\drivers\EUSBSCSI.SYS [7/17/2007 10:54 PM 51717]
S3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [9/13/2009 8:53 PM 15504]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2011 11:55 PM 366152]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 3:45 AM 199384]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [5/16/2007 9:55 PM 49536]
S3 PTDCWFLT;PTDCWWAN Filter Driver;c:\winnt\system32\drivers\PTDCWFLT.sys [6/19/2008 10:19 AM 5120]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\winnt\system32\drivers\PTDCWWAN.sys [6/19/2008 10:19 AM 58240]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\winnt\system32\drivers\PTDWBus.sys [5/17/2007 11:26 PM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\winnt\system32\drivers\PTDWMdm.sys [5/17/2007 11:26 PM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\winnt\system32\drivers\PTDWVsp.sys [5/17/2007 11:26 PM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\winnt\system32\drivers\PWCTLDRV.sys [5/17/2007 11:26 PM 5888]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mitchr\Application Data\Mozilla\Firefox\Profiles\c77cz3gs.default\
FF - prefs.js: browser.startup.homepage -
.
.
------- File Associations -------
.
.txt=TextPad.txt
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79914524.sys
SafeBoot-sglfb.sys
SafeBoot-tga.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1202660629-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE80BB58-31DB-DBCD-A78C-0017CA90FC2F}*]
"iakojdmboffaeemllk"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,6c,
64,6d,00,07
"jambheogepjobgmghibn"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,
6c,64,6d,00,07
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2212)
c:\winnt\system32\WININET.dll
c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\cfusionmx7\db\slserver54\bin\swagent.exe
c:\cfusionmx7\db\slserver54\bin\swstrtr.exe
c:\cfusionmx7\db\slserver54\bin\swsoc.exe
c:\winnt\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\lxdwcoms.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\UPHClean\uphclean.exe
c:\winnt\system32\pctspk.exe
c:\program files\Lexmark 7600 Series\lxdwMsdMon.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-12 00:45:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 08:45
.
Pre-Run: 7,288,688,640 bytes free
Post-Run: 7,534,247,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 52E730A06AB4FE7E1A04C5F58016D591

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 12 November 2011 - 10:35 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 12 November 2011 - 01:18 PM

I performed the first step and ran combofix again. Below is the log. When I attempted to run malwareBytes, I receive the following error message:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Please advise on my next course of action. Thanks.

--- ComboFix Log ---

ComboFix 11-11-12.04 - mitchr 11/12/2011 9:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1514 [GMT -8:00]
Running from: c:\documents and settings\mitchr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mitchr\Desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-05 20:54 . 2009-10-13 01:15 128016 ----a-w- c:\winnt\system32\drivers\kl1.sys
2011-11-05 20:53 . 2009-10-17 07:39 69000 ----a-w- c:\winnt\system32\zlcomm.dll
2011-11-05 20:53 . 2009-10-17 07:39 103816 ----a-w- c:\winnt\system32\zlcommdb.dll
2011-11-05 20:52 . 2009-10-17 07:39 1238408 ----a-w- c:\winnt\system32\zpeng25.dll
2011-11-05 20:41 . 2011-11-05 20:41 -------- d-----w- c:\program files\Zone Labs
2011-11-05 20:41 . 2011-11-05 20:54 -------- d-----w- c:\winnt\system32\Zonelabs
2011-11-05 20:10 . 2011-11-05 20:10 -------- d-----w- c:\winnt\system32\wbem\Repository
2011-11-05 19:39 . 2011-11-05 21:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-03 10:41 . 2011-11-03 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2011-11-03 09:59 . 2011-11-03 09:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-03 09:52 . 2011-11-03 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-03 09:46 . 2011-11-03 09:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\winnt\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 12:00 220160 ----a-w- c:\winnt\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 12:00 20480 ----a-w- c:\winnt\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\winnt\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ------w- c:\winnt\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\winnt\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\winnt\system32\drivers\afd.sys
2003-09-05 17:44 . 2008-07-27 20:26 1200623 ----a-w- c:\program files\Easy VideoSplitter_2_01.exe
2003-08-24 09:04 . 2008-07-27 20:26 3211306 ----a-w- c:\program files\ezjoiner.exe
2003-02-21 11:42 . 2003-02-21 11:42 348160 ----a-w- c:\program files\msvcr71.dll
2000-11-15 16:21 . 2008-07-17 19:30 178688 ----a-w- c:\program files\hjsplit.exe
2007-04-23 00:16 . 2007-04-23 00:16 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-04-23 00:16 . 2007-04-23 00:16 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2011-09-29 06:53 . 2011-10-04 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\winnt\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\winnt\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\winnt\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\winnt\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-09 16:10 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\winnt\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\ole32.dll
[-] 2003-06-19 19:05 . EEF17647FBBD2F402179EA99895A478E . 996112 . . [5.00.2195.6692] . . c:\winnt\$NtUpdateRollupPackUninstall$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\winnt\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\winnt\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\dllcache\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\winnt\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\winnt\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
[-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\winnt\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\winnt\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_08.20.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-24 07:51 . 2011-11-12 13:49 264361 c:\winnt\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"PCTVOICE"="pctspk.exe" [2002-07-26 163840]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2001-11-06 131072]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-02-10 4501504]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"PinnacleDriverCheck"="c:\winnt\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2003-02-10 323584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\mitchr\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\mitchr\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-5-27 25214]
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2008-8-15 869376]
VPN Client.lnk - c:\winnt\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-6-25 6144]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exe [2008-5-24 20525056]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\mitchr\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 a347bus;a347bus;c:\winnt\system32\drivers\a347bus.sys [3/17/2010 10:41 PM 158720]
R0 a347scsi;a347scsi;c:\winnt\system32\drivers\a347scsi.sys [3/17/2010 10:41 PM 5248]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [8/6/2008 9:54 PM 716272]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [11/5/2011 11:40 AM 17904]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11/5/2011 11:39 AM 2979280]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/17/2009 12:11 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/17/2009 12:11 AM 476528]
R2 lxdw_device;lxdw_device;c:\winnt\system32\lxdwcoms.exe -service --> c:\winnt\system32\lxdwcoms.exe -service [?]
R3 JSWSCIMD;jswscimd Service;c:\winnt\system32\drivers\jswscimd.sys [5/24/2008 11:08 AM 57376]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdwserv.exe [6/17/2009 6:08 PM 98984]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [5/16/2007 9:55 PM 34176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11/5/2011 11:40 AM 51632]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [6/10/2007 8:47 PM 61440]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [5/15/2007 11:56 PM 71744]
S3 EUSBSCSI;Belkin USB Mass Storage Driver;c:\winnt\system32\drivers\EUSBSCSI.SYS [7/17/2007 10:54 PM 51717]
S3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [9/13/2009 8:53 PM 15504]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2011 11:55 PM 366152]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 3:45 AM 199384]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [5/16/2007 9:55 PM 49536]
S3 PTDCWFLT;PTDCWWAN Filter Driver;c:\winnt\system32\drivers\PTDCWFLT.sys [6/19/2008 10:19 AM 5120]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\winnt\system32\drivers\PTDCWWAN.sys [6/19/2008 10:19 AM 58240]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\winnt\system32\drivers\PTDWBus.sys [5/17/2007 11:26 PM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\winnt\system32\drivers\PTDWMdm.sys [5/17/2007 11:26 PM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\winnt\system32\drivers\PTDWVsp.sys [5/17/2007 11:26 PM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\winnt\system32\drivers\PWCTLDRV.sys [5/17/2007 11:26 PM 5888]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mitchr\Application Data\Mozilla\Firefox\Profiles\c77cz3gs.default\
FF - prefs.js: browser.startup.homepage -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 09:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1202660629-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE80BB58-31DB-DBCD-A78C-0017CA90FC2F}*]
"iakojdmboffaeemllk"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,6c,
64,6d,00,07
"jambheogepjobgmghibn"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,
6c,64,6d,00,07
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(936)
c:\winnt\system32\WININET.dll
c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
Completion time: 2011-11-12 09:35:20
ComboFix-quarantined-files.txt 2011-11-12 17:35
ComboFix2.txt 2011-11-12 08:45
.
Pre-Run: 7,539,023,872 bytes free
Post-Run: 7,580,200,960 bytes free
.
- - End Of File - - FA0F198B31390DC50A3883F75341A948

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 12 November 2011 - 01:31 PM

Hi,

Please do the following:

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\WINDOWS).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 12 November 2011 - 02:16 PM

Here is the junction log you requested. BTW, thanks for the quick responses.


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

...

...

...

...

..\\?\c:\\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINNT\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINNT\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINNT\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINNT\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINNT\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\WINNT\system32\Zonelabs\vsmon.exe: Access is denied.


..


Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWAK.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWDMP.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWFRAME.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWFWMON.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWMENUS.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSPYSCAN.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSTATS.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSVC.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUILIB.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUL.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUPD.swl: Access is denied.



Failed to open \\?\c:\\WINNT\Temp\IswTmp\Logs\ISWVEXT.swl: Access is denied.


...

...

...

...

...

..

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 12 November 2011 - 02:58 PM

Hi,

Please run the following


Please run the following:
  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


c:\\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml
c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\\WINNT\system32\Zonelabs\vsmon.exe
c:\\WINNT\Temp\IswTmp\Logs\ISWAK.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWDMP.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWFRAME.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWFWMON.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWMENUS.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWSPYSCAN.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWSTATS.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWSVC.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWUILIB.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWUL.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWUPD.swl
c:\\WINNT\Temp\IswTmp\Logs\ISWVEXT.swl



  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.

Malwarebytes should now run, if you can please update and run it, then follow with the ESET scan

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 November 2011 - 03:28 AM

Here are the logs you requested:

--- Junction ---

GrantPerms by Farbar
Ran by mitchr (administrator) at 2011-11-12 12:22:05

===============================================
\\?\c:\\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINNT\system32\Zonelabs\vsmon.exe

Owner: MITCH\mitchr

DACL(protected):
Everyone FULL ALLOW no_propagate_inherit


ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWAK.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWDMP.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWFRAME.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWFWMON.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWMENUS.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSPYSCAN.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSTATS.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWSVC.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUILIB.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUL.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWUPD.swl> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\WINNT\Temp\IswTmp\Logs\ISWVEXT.swl> failed with: Access is denied.


Operating system error message: Access is denied.


--- Malwarebytes ---

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8147

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2011 1:13:07 PM
mbam-log-2011-11-12 (13-13-07).txt

Scan type: Quick scan
Objects scanned: 203157
Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\downloads\94887_mwsnap300.exe (PUP.Perflogger) -> Quarantined and deleted successfully.

--- ESET ---

C:\CFusionMX7\db\slserver54\bin\swsoc.exe Win32/Patched.HN trojan
C:\Documents and Settings\mitchr\Local Settings\Application Data\Downloaded Installations\{D2773C34-9EB1-437C-B02B-9097E6AAAF82}\PCmover Professional.msi a variant of Win32/PSWTool.PWDump.A application
C:\downloads\Navicat.MySQL.7.2.11.cracked.exe-YPOGEiOs.zip Win32/TrojanDropper.Delf.XO trojan
C:\downloads\navicat_trial.exe Win32/TrojanDropper.Delf.XO trojan
C:\downloads\registryfix.exe a variant of Win32/Adware.ErrorClean application
C:\Program Files\mIRC\authpatch.exe a variant of Win32/HackTool.Patcher.F application
C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe.bad Win32/TrojanDropper.Delf.XO trojan
C:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application
C:\Program Files\Total Video Converter\CrackCopyMeToInstallDirAndRun.exe a variant of Win32/HackTool.Patcher.A application
C:\Qoobox\Quarantine\C\CFusionMX7\db\slserver54\bin\swagent.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\CFusionMX7\db\slserver54\bin\swstrtr.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\elk.exe.vir a variant of Win32/Kryptik.LYK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\erv.exe.vir a variant of Win32/Kryptik.LYK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\kwo.exe.vir a variant of Win32/Kryptik.LYK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\oaj.exe.vir a variant of Win32/Kryptik.LYK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\190b2ddf\X.vir a variant of Win32/Kryptik.UVF trojan
C:\Qoobox\Quarantine\C\Documents and Settings\mitchr\Local Settings\Application Data\190b2ddf\U\800000cb.@.vir Win32/Agent.TEO trojan
C:\Qoobox\Quarantine\C\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\UPHClean\uphclean.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINNT\system32\lxdwcoms.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINNT\system32\nvsvc32.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINNT\system32\urogitud.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Software Installers\OOPerfectPhotoSuite.5.5.part01.rar a variant of Win32/Keygen.BH application
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245638.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245671.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245796.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245798.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP993\A0245836.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP995\A0246936.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP995\A0246949.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP996\A0248952.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP996\A0249958.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP996\A0250046.old Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254266.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254271.exe a variant of Win32/Kryptik.LYK trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254272.exe a variant of Win32/Kryptik.LYK trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254274.exe a variant of Win32/Kryptik.LYK trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254279.exe a variant of Win32/Kryptik.LYK trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254291.ini Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254292.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254293.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254294.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254295.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254296.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254297.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254298.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254299.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254300.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254301.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254302.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{8036D1ED-B53E-4811-86BB-C2D77342044E}\RP999\A0254303.exe Win32/Patched.HN trojan
Operating memory Win32/Patched.HN trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 13 November 2011 - 09:11 AM

OK,

There are still some files infected.

The best way to clean some of them is to uninstall the program and reinstall it, others I can fix with ComboFix


C:\CFusionMX7\db\slserver54\bin\swsoc.exe Win32/Patched.HN trojan


This appears to be an infection in your Cold Fusion program. The best way to fix this is to completely uninstall it then reinstall it.


The cracked programs are likely the culprit for the infection, I would remove all the p2p and torrent programs from your system, it really isn't worth it.


NEXT


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\downloads\Navicat.MySQL.7.2.11.cracked.exe-YPOGEiOs.zip 
C:\downloads\navicat_trial.exe 
C:\downloads\registryfix.exe 
C:\Program Files\mIRC\authpatch.exe 
C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe.bad 
C:\Program Files\RegistryFix\RegistryFix.exe 
C:\Program Files\Total Video Converter\CrackCopyMeToInstallDirAndRun.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 November 2011 - 11:22 AM

Since I'll need to find a copy of coldfusion from my employer before I reinstall this or remove any other program that needs to be removed, can I run the combofix now, or do I need to uninstall coldfusion, etc. first?

Another question, my zone labs antivirus seems to be trying to run, but failing. Is it safe at this point to attempt to reinstall the program? Also, I am still seeing those files in the the anti-virus directories. Should I attempt to delete them now? If I cannot delete them, are they harmless now?

Mitch

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 13 November 2011 - 01:15 PM

you can run ComboFix now,


Kaspersky Anti Virus has a trial version that can handle the infection that your Cold Fusion is infected with.

You could try running it and see whether it can cure it or not.

That will do for now, but I would definitely reinstall it when you get the chance


here's the link for the trial version of Kaspersky, make sure you choose to cure rather than delete or quarantine.


http://www.kaspersky.com/anti-virus_trial

You will need to uninstall your anti-virus first.

once done, you can uninstall Kaspersky, then reinstall your AV

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 November 2011 - 02:43 PM

Here is the log from the latest combofix run. I am going to uninstall coldfusionMX7 and install coldfusion8 instead. No reason to keep it since it was loaded for a client's site that I no longer need to support.

ComboFix 11-11-13.02 - mitchr 11/13/2011 10:44:09.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1502 [GMT -8:00]
Running from: c:\documents and settings\mitchr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mitchr\Desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\downloads\Navicat.MySQL.7.2.11.cracked.exe-YPOGEiOs.zip"
"c:\downloads\navicat_trial.exe"
"c:\downloads\registryfix.exe"
"c:\program files\mIRC\authpatch.exe"
"c:\program files\PremiumSoft\Navicat MySQL\navicat.exe.bad"
"c:\program files\RegistryFix\RegistryFix.exe"
"c:\program files\Total Video Converter\CrackCopyMeToInstallDirAndRun.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\downloads\Navicat.MySQL.7.2.11.cracked.exe-YPOGEiOs.zip
c:\downloads\navicat_trial.exe
c:\downloads\registryfix.exe
c:\program files\mIRC\authpatch.exe
c:\program files\PremiumSoft\Navicat MySQL\navicat.exe.bad
c:\program files\RegistryFix\RegistryFix.exe
c:\program files\Total Video Converter\CrackCopyMeToInstallDirAndRun.exe
c:\winnt\system32\c_49973.nl_
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-12 21:31 . 2011-11-12 21:31 -------- d-----w- c:\program files\ESET
2011-11-12 18:52 . 2010-09-07 23:39 150392 ----a-w- c:\winnt\junction.exe
2011-11-05 20:54 . 2009-10-13 01:15 128016 ----a-w- c:\winnt\system32\drivers\kl1.sys
2011-11-05 20:53 . 2009-10-17 07:39 69000 ----a-w- c:\winnt\system32\zlcomm.dll
2011-11-05 20:53 . 2009-10-17 07:39 103816 ----a-w- c:\winnt\system32\zlcommdb.dll
2011-11-05 20:52 . 2009-10-17 07:39 1238408 ----a-w- c:\winnt\system32\zpeng25.dll
2011-11-05 20:41 . 2011-11-05 20:41 -------- d-----w- c:\program files\Zone Labs
2011-11-05 20:41 . 2011-11-05 20:54 -------- d-----w- c:\winnt\system32\Zonelabs
2011-11-05 20:10 . 2011-11-05 20:10 -------- d-----w- c:\winnt\system32\wbem\Repository
2011-11-05 19:39 . 2011-11-05 21:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-03 10:41 . 2011-11-03 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2011-11-03 09:59 . 2011-11-03 09:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-03 09:52 . 2011-11-03 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-03 09:46 . 2011-11-03 09:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\winnt\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 12:00 220160 ----a-w- c:\winnt\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 12:00 20480 ----a-w- c:\winnt\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\winnt\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ------w- c:\winnt\system32\win32k.sys
2011-09-01 01:00 . 2009-09-14 04:53 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\winnt\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\winnt\system32\drivers\afd.sys
2003-09-05 17:44 . 2008-07-27 20:26 1200623 ----a-w- c:\program files\Easy VideoSplitter_2_01.exe
2003-08-24 09:04 . 2008-07-27 20:26 3211306 ----a-w- c:\program files\ezjoiner.exe
2003-02-21 11:42 . 2003-02-21 11:42 348160 ----a-w- c:\program files\msvcr71.dll
2000-11-15 16:21 . 2008-07-17 19:30 178688 ----a-w- c:\program files\hjsplit.exe
2007-04-23 00:16 . 2007-04-23 00:16 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-04-23 00:16 . 2007-04-23 00:16 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2011-09-29 06:53 . 2011-10-04 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\winnt\system32\comres.dll
[-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\winnt\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\winnt\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\winnt\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\winnt\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\winnt\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-09 16:10 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\winnt\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\winnt\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\ole32.dll
[-] 2003-06-19 19:05 . EEF17647FBBD2F402179EA99895A478E . 996112 . . [5.00.2195.6692] . . c:\winnt\$NtUpdateRollupPackUninstall$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\winnt\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\winnt\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\winnt\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\winnt\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\winnt\system32\dllcache\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\winnt\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\winnt\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\winnt\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\winnt\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\MsPMSNSv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\winnt\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
[-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\winnt\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\winnt\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\winnt\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_08.20.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-12 21:17 . 2011-11-12 21:17 16384 c:\winnt\Temp\Perflib_Perfdata_320.dat
+ 2011-10-24 07:51 . 2011-11-12 21:50 264369 c:\winnt\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\mitchr\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]
"PCTVOICE"="pctspk.exe" [2002-07-26 163840]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2001-11-06 131072]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-02-10 4501504]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"PinnacleDriverCheck"="c:\winnt\system32\PSDrvCheck.exe" [2004-03-10 406016]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2003-02-10 323584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\mitchr\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\mitchr\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\winnt\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-5-27 25214]
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2008-8-15 869376]
VPN Client.lnk - c:\winnt\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-6-25 6144]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exe [2008-5-24 20525056]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINNT\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\mitchr\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 a347bus;a347bus;c:\winnt\system32\drivers\a347bus.sys [3/17/2010 10:41 PM 158720]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [8/6/2008 9:54 PM 716272]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [11/5/2011 11:40 AM 17904]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11/5/2011 11:39 AM 2979280]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4/17/2009 12:11 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4/17/2009 12:11 AM 476528]
R2 lxdw_device;lxdw_device;c:\winnt\system32\lxdwcoms.exe -service --> c:\winnt\system32\lxdwcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2011 11:55 PM 366152]
R3 JSWSCIMD;jswscimd Service;c:\winnt\system32\drivers\jswscimd.sys [5/24/2008 11:08 AM 57376]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [9/13/2009 8:53 PM 22216]
S0 a347scsi;a347scsi;c:\winnt\system32\drivers\a347scsi.sys [3/17/2010 10:41 PM 5248]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\winnt\system32\spool\drivers\w32x86\3\lxdwserv.exe [6/17/2009 6:08 PM 98984]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [5/16/2007 9:55 PM 34176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11/5/2011 11:40 AM 51632]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [6/10/2007 8:47 PM 61440]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [5/15/2007 11:56 PM 71744]
S3 EUSBSCSI;Belkin USB Mass Storage Driver;c:\winnt\system32\drivers\EUSBSCSI.SYS [7/17/2007 10:54 PM 51717]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winnt\system32\drivers\mbamswissarmy.sys --> c:\winnt\system32\drivers\mbamswissarmy.sys [?]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 3:45 AM 199384]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [5/16/2007 9:55 PM 49536]
S3 PTDCWFLT;PTDCWWAN Filter Driver;c:\winnt\system32\drivers\PTDCWFLT.sys [6/19/2008 10:19 AM 5120]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\winnt\system32\drivers\PTDCWWAN.sys [6/19/2008 10:19 AM 58240]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\winnt\system32\drivers\PTDWBus.sys [5/17/2007 11:26 PM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\winnt\system32\drivers\PTDWMdm.sys [5/17/2007 11:26 PM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\winnt\system32\drivers\PTDWVsp.sys [5/17/2007 11:26 PM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\winnt\system32\drivers\PWCTLDRV.sys [5/17/2007 11:26 PM 5888]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\mitchr\Application Data\Mozilla\Firefox\Profiles\c77cz3gs.default\
FF - prefs.js: browser.startup.homepage -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1202660629-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE80BB58-31DB-DBCD-A78C-0017CA90FC2F}*]
"iakojdmboffaeemllk"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,6c,
64,6d,00,07
"jambheogepjobgmghibn"=hex:6a,61,6f,66,65,61,6c,70,6e,62,65,6a,6f,6c,61,6f,6b,
6c,64,6d,00,07
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2011-11-13 11:23:15
ComboFix-quarantined-files.txt 2011-11-13 19:23
ComboFix2.txt 2011-11-12 17:35
ComboFix3.txt 2011-11-12 08:45
.
Pre-Run: 7,401,791,488 bytes free
Post-Run: 7,374,536,704 bytes free
.
- - End Of File - - BDB810A9CE516A89C0A799251BF78D3F

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:25 PM

Posted 13 November 2011 - 02:48 PM

OK,

That sounds like a good plan


One other iss, you have numerous files failing signature check.

usually downloading and over-installing Service Pack 3 takes care of that


Please download SP3 from the following link

Install it, then run ComboFix one more time, to make sure that has resolved the issue.

http://www.microsoft.com/download/en/details.aspx?id=24


How is the computer running now? Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Mitch Rush

Mitch Rush
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 13 November 2011 - 04:55 PM

At this point it is running really well. No issues of any kind. I just uninstalled zone alarm and will try again, or look for another that is better. Any recommendations?

I'm guessing anything else I do from this point is to clean any residual issues that may have in existence before this recent attack. I'm a photographer as well as a web developer and this has put me way behind in my work. Thank you so much for your assistance. A donation will be coming. You guys rock.

Mitch




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users