TechSpot

Blue Screen/Redirect

By rjtj32
Jun 6, 2011
  1. Hi,

    I've had an issue with search engine redirects and BSOD on restarts. I've been searching the web and have done random cleaning program (alot used on threads I've looked at quickly) and even though the redirects have stopped the antivirus scans still show up as infected. I found this site and see how thorough you guys are with removal of all issues until your computer is totally clean and would like to get my computer to that state. Thanks for your time.

    I have followed the 7 steps. Malwarebytes and DDS scans went fine. Malwarebytes after the 1st scan it found threats and upon reboot I received an error 2. Not sure of the error and if threats were removed right I did another quick scan to check and no threats were found. As for the Gmer, I've tried the scan many times and it would crash deep into the scan and the BSOD would pop up and my computer would restart. I then ran it in safe mode and it completed but didnt allow me to produce/save a log. So I have pasted the Malwarebytes (both scans) and DDS scan logs...


    Scan1
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6774

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/5/2011 9:58:18 AM
    mbam-log-2011-06-05 (09-58-18).txt

    Scan type: Quick scan
    Objects scanned: 231760
    Time elapsed: 13 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\adgj.agHlp (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adgj.agHlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\J40NOZ44HU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SECURITY SOLUTION 2011 (Rogue.SecuritySolution) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Security Solution 2011\SoftID (Rogue.SecuritySolution) -> Value: SoftID -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\Rob\application data\security solution 2011 (Rogue.SecuritySolution) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\Rob\application data\security solution 2011\icoactivate.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.
    c:\documents and settings\Rob\application data\security solution 2011\IcoHelp.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.
    c:\documents and settings\Rob\application data\security solution 2011\icouninstall.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.




    Scan 2
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6776

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/5/2011 2:02:05 PM
    mbam-log-2011-06-05 (14-02-05).txt

    Scan type: Quick scan
    Objects scanned: 237043
    Time elapsed: 22 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Run by Rob at 8:52:53 on 2011-06-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.318 [GMT -4:00]
    .
    AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\hasplms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\common files\protexis\license service\psiservice_2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    c:\program files\hp\hp software update\hpwuschd2.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\program files\hp\digital imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Starfield\offSyncService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\qtace09p.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\qtace09p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-1 13496]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-1 353168]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\belkin\belkin wireless ag desktop network card\wireless utility\WLService.exe [2010-2-4 49152]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    R3 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
    S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-6-1 51144]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-5-28 364576]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
    S3 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-1 30368]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-1 16080]
    S3 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
    S4 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-1 239472]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    .
    =============== Created Last 30 ================
    .
    2011-06-05 17:38:16 -------- d-----w- c:\documents and settings\rob\application data\Malwarebytes
    2011-06-05 17:38:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-05 17:37:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-05 17:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-05 17:37:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-04 23:25:03 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-06-04 20:24:53 -------- d--h--w- C:\$AVG
    2011-06-04 13:03:03 -------- d-----w- c:\documents and settings\rob\application data\AVG10
    2011-06-04 12:54:23 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-04 12:54:23 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-06-04 12:52:19 -------- d-----w- c:\program files\AVG
    2011-06-04 12:46:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-06-03 20:04:53 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
    2011-06-03 19:38:04 2 --shatr- c:\windows\winstart.bat
    2011-06-03 19:37:24 -------- d-----w- c:\program files\UnHackMe
    2011-06-03 19:08:06 388096 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-03 19:08:03 -------- d-----w- c:\program files\Trend Micro
    2011-06-03 12:01:37 -------- d-----w- c:\documents and settings\rob\application data\SUPERAntiSpyware.com
    2011-06-03 12:01:10 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-06-03 03:01:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2011-06-03 01:06:26 -------- d-----w- C:\AVGTemp
    2011-06-02 02:44:43 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2011-06-02 02:44:11 -------- d-----w- c:\program files\Soluto
    2011-06-02 02:43:07 -------- d-----w- c:\documents and settings\all users\application data\Soluto
    2011-06-01 23:24:02 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-06-01 23:23:48 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-06-01 23:19:06 -------- d-----w- c:\documents and settings\rob\application data\IObit
    2011-06-01 23:19:01 -------- d-----w- c:\program files\IObit
    2011-05-26 00:09:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-10 23:25:17 -------- d-----w- c:\program files\iPod
    2011-05-10 23:24:55 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2011-05-28 17:34:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-05-28 17:07:34 215424 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-19 20:17:28 47360 ----a-w- c:\documents and settings\rob\application data\pcouffin.sys
    2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 8:54:20.93 ===============
     
  2. rjtj32

    rjtj32 TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/4/2010 11:48:28 AM
    System Uptime: 6/6/2011 7:21:16 AM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NAGAMI
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 939 | 2204/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 31.832 GiB free.
    D: is CDROM ()
    E: is Removable
    H: is Removable
    I: is FIXED (FAT32) - 7 GiB total, 0.392 GiB free.
    K: is Removable
    M: is Removable
    N: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: HP Photosmart C4400
    Device ID: USB\VID_03F0&PID_6C11&MI_00\6&2EE527E8&0&0000
    Manufacturer: Hewlett-Packard
    Name: HP Photosmart C4400
    PNP Device ID: USB\VID_03F0&PID_6C11&MI_00\6&2EE527E8&0&0000
    Service: usbscan
    .
    Class GUID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}
    Description: Other PCI Bridge Device
    Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A3A103C&REV_A1\3&2411E6FE&0&A0
    Manufacturer:
    Name: Other PCI Bridge Device
    PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A3A103C&REV_A1\3&2411E6FE&0&A0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP23: 6/5/2011 10:02:49 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    32 Bit HP CIO Components Installer
    A4DeskPro v5.01
    abgx360 v1.0.2
    Acrobat.com
    ACT! by Sage for Real Estate 2008 (10.0)
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.1 - CPSID_83708
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Asset Services CS4
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe Creative Suite 4 Design Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Dreamweaver CS5
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS3
    Adobe Flash CS3 Professional
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Professional CS5
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced SystemCare 4
    AIM 7
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AVG 2011
    AVS Video Converter 7
    Belkin Wireless A/G Desktop Network Card
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
    Bonjour
    BufferChm
    C4400
    C4400_Help
    Canon Camera WIA Driver
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    Cards_Calendar_OrderGift_DoMorePlugout
    Chief Architect X1
    Chief Architect X2
    Connect
    ConvertXtoDVD 4.1.10.348
    Copy
    CustomerResearchQFolder
    CyberLink PhotoNow
    CyberLink PowerDirector
    Desktop Calendar Tools
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Setup
    DocProc
    DocProcQFolder
    DVD Decrypter (Remove Only)
    DVD Identifier
    DynDNS Updater
    eSupportQFolder
    EventPro Planner
    FastStone Photo Resizer 3.0
    FileZilla Client 3.3.5.1
    Free WMA to MP3 Converter 1.16
    Google Earth
    Google SketchUp 8
    Google Update Helper
    GPBaseService
    GPL MPEG-1/2 DirectShow Decoder Filter
    Guitar Pro 5.2
    HiJackThis
    Home Designer Suite 8
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Product Detection
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    iBBDemo2
    ImgBurn
    IObit Malware Fighter
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    JDownloader
    K-Lite Codec Pack 5.7.0 (Basic)
    kuler
    LightScribe System Software
    LoopBe1 - Internal MIDI Port
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (SQLEXPRESS)
    Microsoft SQL Server 2005 Express Edition (ACT7)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.6)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NETGEAR WG311v2 802.11g Wireless PCI Adapter
    NVIDIA Drivers
    OCR Software by I.R.I.S. 10.0
    Orbit Downloader
    PanoStandAlone
    PDF Settings CS4
    PDF Settings CS5
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PlayFLV
    PowerISO
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    QuickBooks
    QuickBooks Customer Manager Version 2.5
    QuickBooks Pro 2010
    Quicken 2010
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Registry Clean Expert
    Rosetta Stone Version 3
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Shop for HP Supplies
    Smart Defrag 2
    SmartSound Quicktracks Plugin
    SmartWebPrintingOC
    SolutionCenter
    Soluto
    SoulSeek 157 NS 13e
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Toolbox
    ToolkitCMA
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Vuze
    Vuze_Remote Toolbar
    WebFldrs XP
    WebReg
    Windows Essentials Media Codec Pack 3.4 [32-Bit]
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinImage
    WinRAR archiver
    Xilisoft DVD Ripper Ultimate
    Xobni
    Xobni Core
    XP Codec Pack
    XPort 360
    Yahoo! BrowserPlus 2.9.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/5/2011 11:23:15 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    6/5/2011 10:48:08 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    6/5/2011 10:47:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    6/4/2011 11:46:22 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\D.
    6/4/2011 10:42:08 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    6/4/2011 10:42:08 AM, error: Service Control Manager [7034] - The HASP License Manager service terminated unexpectedly. It has done this 1 time(s).
    6/4/2011 10:42:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Belkin Wireless Desktop Card Service service to connect.
    6/4/2011 10:42:08 AM, error: Service Control Manager [7000] - The Belkin Wireless Desktop Card Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/4/2011 10:41:38 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    6/4/2011 10:41:38 AM, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
    6/4/2011 10:41:32 AM, error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
    6/4/2011 10:41:32 AM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
    6/3/2011 9:12:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    6/3/2011 9:12:35 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 9:06:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    6/3/2011 9:06:25 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 2 time(s).
    6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 2 time(s).
    6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s).
    6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
    6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/3/2011 3:04:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
    6/3/2011 3:04:22 PM, error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    6/3/2011 3:03:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service service to connect.
    6/3/2011 3:03:15 PM, error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 2:57:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/3/2011 2:57:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/3/2011 12:44:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SASDIFSV SASKUTIL SCDEmu Soluto
    6/3/2011 12:15:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    6/3/2011 12:15:25 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 11:18:36 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/3/2011 11:15:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    6/3/2011 11:15:36 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 10:22:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit QuickBooks FCS service to connect.
    6/3/2011 10:22:38 AM, error: Service Control Manager [7000] - The Intuit QuickBooks FCS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 10:21:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
    6/3/2011 10:21:32 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/2/2011 8:47:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/2/2011 8:26:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SCDEmu Soluto
    6/2/2011 7:25:02 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
    6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    6/2/2011 10:13:15 PM, error: Service Control Manager [7031] - The Belkin Wireless Desktop Card Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/1/2011 8:44:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SCDEmu
    6/1/2011 8:16:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
    6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    6/1/2011 8:04:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DynDNS Updater service to connect.
    6/1/2011 8:04:49 AM, error: Service Control Manager [7000] - The DynDNS Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/1/2011 12:49:15 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    6/1/2011 12:46:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    6/1/2011 11:30:17 AM, error: Print [19] - Sharing printer failed + 1722, Printer Send To OneNote 2007 share name Printer.
    5/31/2011 8:00:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/31/2011 7:55:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips ohci1394 Processor SCDEmu
    .
    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware.

    The main malware is Rogue SecuritySolution Malwarbytes has remove much of it. Here's a description:
    These rogue programs update to reflect the current year, but they are still the same program.There will be other entries. For instance, it appears that this has been reset:
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,.
    ======================================
    I will need you to run the following scans in order to help find the additional entries for removal:
    AVG has not left any way to disable it to run Combofix and the program won't run with it on. So you will remove it temporarily:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    Please follow with this online scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Please Note: Advise uninstall Registry Clean Expert. We do not advise anyone to use a registry cleaner.
    You have file sharing programs on the system> I notices Vuze and the Vuze Toolbar. Please either uninstall or disable them. Do not do any 'file sharing' while I am helping you.

    Please leave lgo for Combofix and the Eset scan in your next reply.

    Observe: Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  4. rjtj32

    rjtj32 TS Rookie Topic Starter

    Thanks for your help. Sorry it took so long to reply the Eset scan took a long time. Here are my Logs.


    ComboFix 11-06-06.01 - Rob 06/06/2011 12:32:40.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.504 [GMT -4:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\ndis.sys . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
    2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
    2011-06-05 17:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-05 17:37 . 2011-06-05 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-05 17:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-04 23:25 . 2011-06-06 15:46 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
    2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
    2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
    2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
    2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
    2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
    2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
    2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
    2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
    2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
    2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
    2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
    2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-05-28 17:07 . 2011-05-28 17:07 215424 -c--a-w- c:\windows\system32\dllcache\ndis.sys
    2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-16 17:48 . 2011-05-16 17:48 -------- d-----w- c:\documents and settings\Rob\Application Data\U3
    2011-05-10 23:25 . 2011-05-10 23:25 -------- d-----w- c:\program files\iPod
    2011-05-10 23:24 . 2011-05-10 23:27 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
    2011-05-28 17:34 . 2011-01-04 20:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-05-28 17:07 . 2004-08-04 12:00 215424 ----a-w- c:\windows\system32\drivers\ndis.sys
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
    2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
    [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    .
    [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
    [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
    .
    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
    [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
    .
    [-] 2011-05-28 17:07 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . c:\windows\system32\dllcache\ndis.sys
    [-] 2011-05-28 17:07 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . c:\windows\system32\drivers\ndis.sys
    [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
    [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
    .
    [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
    [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
    .
    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
    .
    [-] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
    .
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
    .
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
    .
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    .
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
    [-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
    .
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
    .
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
    .
    [-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll
    [-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
    [-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
    [-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ERDNT\cache\mshtml.dll
    [-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
    [-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
    [-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
    [-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    [-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
    [-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
    [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
    [-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
    [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
    .
    [-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll
    [-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
    [-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
    [-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ERDNT\cache\wininet.dll
    [-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
    [-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
    [-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
    [-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
    [-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
    [-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
    [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
    [-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
    .
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
    .
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
    .
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
    .
    [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
    [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
    [-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
    .
    [-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
    [-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    .
    [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
    [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
    .
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
    [-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
    .
    [-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    .
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
    [-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
    .
    [-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
    [-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
    .
    [-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
    [-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll
     
  5. rjtj32

    rjtj32 TS Rookie Topic Starter

    .
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe
    [-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    "nwiz"="nwiz.exe" [2006-05-09 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
    backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
    backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
    2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
    2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
    2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
    2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
    2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
    R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [2/4/2010 1:42 PM 49152]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
    R3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
    S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
    S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
    S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
    S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - GTNDIS5
    *NewlyCreated* - SSMDRV
    *Deregistered* - pxtdqpoc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
    .
    2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    2011-06-06 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-avgrsstarter - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-06 13:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(988)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(5736)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\xpsp3res.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-06-06 13:17:47
    ComboFix-quarantined-files.txt 2011-06-06 17:17
    ComboFix2.txt 2011-06-04 03:33
    .
    Pre-Run: 34,760,572,928 bytes free
    Post-Run: 34,754,551,808 bytes free
    .
    - - End Of File - - 70481C1CAE405EEF5B2CC79415C1CF99


    Eset Found this 1 threat

    C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar multiple threats
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    For the Eset entry, usually this type is in the Java cache. But this doesn't appear to be there:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==================================
    I need to replace a file so we have to find a good copy:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      ndis.*
      
      
      =
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    =================================
    I'll try to get back later to review Combofix. If I don't, I'll do it first thing in the morning.
     
  7. rjtj32

    rjtj32 TS Rookie Topic Starter

    Here are the next 2 logs


    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: -
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 61688035 bytes
    ->Apple Safari cache emptied: 34163712 bytes

    User: --
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 2278961 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8503430 bytes

    User: Rob
    ->Temp folder emptied: 641721 bytes
    ->Temporary Internet Files folder emptied: 1397498 bytes
    ->FireFox cache emptied: 88363596 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 14463 bytes

    User: TEMP
    ->FireFox cache emptied: 45002271 bytes
    ->Apple Safari cache emptied: 214016 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 4305425 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 662717 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 236.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06082011_082418

    Files moved on Reboot...
    File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...







    SystemLook 04.09.10 by jpshortstuff
    Log created at 08:39 on 08/06/2011 by Rob
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "ndis.*"
    C:\WINDOWS\ERDNT\cache\ndis.sys --a---- 182656 bytes [01:28 15/11/2010] [05:50 14/04/2008] (Unable to calculate MD5)
    C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys --a---- 182656 bytes [08:17 05/02/2010] [19:20 13/04/2008] (Unable to calculate MD5)
    C:\WINDOWS\ServicePackFiles\i386\ndis.sys ------- 182656 bytes [22:30 08/02/2010] [05:50 14/04/2008] (Unable to calculate MD5)
    C:\WINDOWS\system32\dllcache\ndis.sys --a--c- 215424 bytes [17:07 28/05/2011] [17:07 28/05/2011] (Unable to calculate MD5)
    C:\WINDOWS\system32\drivers\ndis.sys --a---- 215424 bytes [12:00 04/08/2004] [17:07 28/05/2011] (Unable to calculate MD5)

    -= EOF =
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- so no available file found. Need to check this please:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:
    Code:
    FileLook::
    c:\windows\system32\drivers\ndis.sys
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  9. rjtj32

    rjtj32 TS Rookie Topic Starter

    Sorry I was away for the weekend.

    I dragged the file into Combofix and it ran but asked for an update. I updated Combofix and it restarted automatically so I'm not sure if it ran a normal scan after the restart or continued with what it was supposed to do after I dragged the file into it. Here's the posted log of the scan it ran. If its not the right thing let me know and I'll drag the file in again.


    ComboFix 11-06-12.04 - Rob 06/13/2011 7:41:33.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1305 [GMT -4:00]
    Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Rob\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\drivers\ndis.sys . . . is infected!!


    ((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))


    2011-06-09 17:22:30 . 2011-06-09 17:22:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2011-06-09 17:21:00 . 2011-06-09 17:21:00 -------- d-----w- C:\Program Files\Common Files\HP
    2011-06-09 17:20:47 . 2011-06-09 17:20:47 -------- d-----w- C:\Program Files\Hewlett-Packard
    2011-06-09 17:19:16 . 2007-10-31 00:22:51 303104 ----a-w- C:\WINDOWS\system32\hpovst14.dll
    2011-06-09 17:19:16 . 2007-10-31 00:22:50 970752 ----a-w- C:\WINDOWS\system32\hpotiop6.dll
    2011-06-09 17:19:15 . 2007-10-31 00:25:52 372736 ----a-w- C:\WINDOWS\system32\hppldcoi.dll
    2011-06-09 17:19:15 . 2007-10-31 00:25:52 309760 ----a-w- C:\WINDOWS\system32\difxapi.dll
    2011-06-09 17:19:15 . 2007-10-31 00:22:51 729088 ----a-w- C:\WINDOWS\system32\hpowiax8.dll
    2011-06-09 17:18:48 . 2011-06-09 17:22:30 -------- d-----w- C:\Program Files\HP
    2011-06-09 15:14:10 . 2008-04-14 04:15:36 15104 ----a-w- C:\WINDOWS\system32\drivers\usbscan.sys
    2011-06-08 12:24:18 . 2011-06-08 12:24:18 -------- d-----w- C:\_OTM
    2011-06-06 17:35:22 . 2011-06-06 17:35:22 -------- d-----w- C:\Program Files\ESET
    2011-06-06 15:16:59 . 2011-06-06 15:16:59 -------- d-----w- C:\Documents and Settings\Rob\Application Data\Avira
    2011-06-06 15:13:52 . 2011-04-01 21:07:59 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
    2011-06-06 15:13:52 . 2011-04-01 21:07:59 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
    2011-06-06 15:13:52 . 2010-06-17 19:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
    2011-06-06 15:13:52 . 2010-06-17 19:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
    2011-06-06 15:13:51 . 2011-06-06 15:13:51 -------- d-----w- C:\Program Files\Avira
    2011-06-06 15:13:51 . 2011-06-06 15:13:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
    2011-06-05 17:38:16 . 2011-06-05 17:38:16 -------- d-----w- C:\Documents and Settings\Rob\Application Data\Malwarebytes
    2011-06-05 17:38:00 . 2010-12-20 22:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011-06-05 17:37:58 . 2011-06-05 17:37:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2011-06-05 17:37:54 . 2011-06-05 17:38:04 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2011-06-05 17:37:54 . 2010-12-20 22:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-06-04 23:25:03 . 2011-06-12 18:56:05 -------- d-----w- C:\WINDOWS\system32\wbem\Logs
    2011-06-04 13:03:03 . 2011-06-04 13:03:03 -------- d-----w- C:\Documents and Settings\Rob\Application Data\AVG10
    2011-06-04 12:54:23 . 2011-06-06 15:37:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG10
    2011-06-04 12:54:23 . 2011-06-06 15:06:56 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
    2011-06-04 12:52:19 . 2011-06-04 12:52:19 -------- d-----w- C:\Program Files\AVG
    2011-06-04 12:46:27 . 2011-06-06 15:11:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
    2011-06-03 20:04:53 . 2011-06-03 20:04:54 54016 ----a-w- C:\WINDOWS\system32\drivers\cspbefgt.sys
    2011-06-03 19:38:04 . 2011-06-03 19:38:04 2 --shatr- C:\WINDOWS\winstart.bat
    2011-06-03 19:37:24 . 2011-06-04 13:27:40 -------- d-----w- C:\Program Files\UnHackMe
    2011-06-03 19:08:06 . 2011-06-03 19:08:06 388096 ----a-r- C:\Documents and Settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-03 19:08:03 . 2011-06-03 19:08:03 -------- d-----w- C:\Program Files\Trend Micro
    2011-06-03 12:01:37 . 2011-06-03 12:01:37 -------- d-----w- C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com
    2011-06-03 12:01:10 . 2011-06-03 12:02:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-06-03 03:01:49 . 2011-06-03 03:01:49 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
    2011-06-03 01:06:26 . 2011-06-03 01:06:26 -------- d-----w- C:\AVGTemp
    2011-06-02 02:44:43 . 2011-05-28 20:47:42 51144 ----a-w- C:\WINDOWS\system32\drivers\Soluto.sys
    2011-06-02 02:44:11 . 2011-06-02 02:45:09 -------- d-----w- C:\Program Files\Soluto
    2011-06-02 02:43:07 . 2011-06-02 12:04:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Soluto
    2011-06-01 23:24:02 . 2011-02-23 20:54:12 29520 ----a-w- C:\WINDOWS\system32\SmartDefragBootTime.exe
    2011-06-01 23:23:48 . 2011-02-23 21:04:32 13496 ----a-w- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys
    2011-06-01 23:19:06 . 2011-06-02 12:31:30 -------- d-----w- C:\Documents and Settings\Rob\Application Data\IObit
    2011-06-01 23:19:01 . 2011-06-01 23:22:37 -------- d-----w- C:\Program Files\IObit
    2011-06-01 16:00:31 . 2011-06-01 16:00:31 -------- d-----w- C:\Documents and Settings\Rob\Application Data\HPAppData
    2011-05-28 20:16:33 . 2011-05-28 20:16:33 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
    2011-05-28 17:07:34 . 2011-05-28 17:07:34 215424 -c--a-w- C:\WINDOWS\system32\dllcache\ndis.sys
    2011-05-26 00:09:09 . 2011-05-26 00:09:09 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2011-05-16 17:48:03 . 2011-05-16 17:48:03 -------- d-----w- C:\Documents and Settings\Rob\Application Data\U3
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-06-03 20:04:53 . 2011-06-03 20:04:53 194 ----a-w- C:\WINDOWS\Fonts\cqhr
    2011-05-28 17:07:34 . 2004-08-04 12:00:00 215424 ----a-w- C:\WINDOWS\system32\drivers\ndis.sys
    2011-04-06 20:20:16 . 2011-04-06 20:20:16 91424 ----a-w- C:\WINDOWS\system32\dnssd.dll
    2011-04-06 20:20:16 . 2011-04-06 20:20:16 107808 ----a-w- C:\WINDOWS\system32\dns-sd.exe
    2011-03-27 23:37:27 . 2011-03-26 02:43:20 69632 ----a-r- C:\Documents and Settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
    2011-03-19 20:17:28 . 2011-03-19 20:17:28 47360 ----a-w- C:\Documents and Settings\Rob\Application Data\pcouffin.sys


    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


    --- c:\windows\system32\drivers\ndis.sys ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 215424
    Created time: 2004-08-04 12:00:00
    Modified time: 2011-05-28 17:07:34
    MD5: 36D8454FD712060F6D2355C669CD9EB3
    SHA1: 9E959AA2317EB97370E57BBEA7991CDE53594EA8


    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.

    [-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\atapi.sys
    [-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
    [-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

    [-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\asyncmac.sys
    [-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
    [-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys

    [-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\beep.sys
    [-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\beep.sys
    [-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

    [-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\kbdclass.sys
    [-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
    [-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys

    [-] 2011-05-28 17:07:34 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . C:\WINDOWS\system32\dllcache\ndis.sys
    [-] 2011-05-28 17:07:34 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . C:\WINDOWS\system32\drivers\ndis.sys
    [-] 2008-04-14 05:50:38 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ndis.sys
    [-] 2008-04-14 05:50:38 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys

    [-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\ntfs.sys
    [-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
    [-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys

    [-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\null.sys
    [-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\null.sys
    [-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

    [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\ERDNT\cache\tcpip.sys
    [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
    [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
    [-] 2008-04-14 05:50:18 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    [-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys

    [-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\browser.dll
    [-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
    [-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll

    [-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\lsass.exe
    [-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
    [-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe

    [-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\netman.dll
    [-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
    [-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll

    [-] 2008-04-14 10:41:52 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 10:41:52 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll
    [-] 2008-04-14 00:11:51 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll

    [-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\qmgr.dll
    [-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
    [-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
    [-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll

    [-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\ERDNT\cache\rpcss.dll
    [-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
    [-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
    [-] 2008-04-14 10:42:06 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
    [-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll

    [-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\ERDNT\cache\services.exe
    [-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
    [-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
    [-] 2008-04-14 10:42:36 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
    [-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe

    [-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\ERDNT\cache\spoolsv.exe
    [-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\spoolsv.exe
    [-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\dllcache\spoolsv.exe
    [-] 2008-04-14 10:42:38 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe

    [-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\winlogon.exe
    [-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
    [-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

    [-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\ERDNT\cache\comctl32.dll
    [-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\comctl32.dll
    [-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
    [-] 2010-08-23 16:12:02 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [-] 2008-04-14 10:42:52 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 10:41:52 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 00:12:51 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
    [-] 2004-08-04 12:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2004-08-04 12:00:00 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

    [-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\cryptsvc.dll
    [-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
    [-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll

    [-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\ERDNT\cache\es.dll
    [-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
    [-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
    [-] 2008-04-14 10:41:54 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
    [-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll

    [-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\imm32.dll
    [-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
    [-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll

    [-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\ERDNT\cache\kernel32.dll
    [-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\kernel32.dll
    [-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
    [-] 2008-04-14 10:41:58 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
    [-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll

    [-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\linkinfo.dll
    [-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
    [-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll

    [-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\lpk.dll
    [-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
    [-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll

    [-] 2011-02-22 23:06:29 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046 (longhorn_ie8_gdr.110216-1700)] . . C:\WINDOWS\system32\mshtml.dll
    [-] 2011-02-22 23:06:29 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046 (longhorn_ie8_gdr.110216-1700)] . . C:\WINDOWS\system32\dllcache\mshtml.dll
    [-] 2010-12-20 23:59:20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)] . . C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll
    [-] 2010-11-06 00:26:58 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999 (longhorn_ie8_gdr.101101-1700)] . . C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll
    [-] 2010-09-10 05:58:08 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\ERDNT\cache\mshtml.dll
    [-] 2010-09-10 05:58:08 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll
    [-] 2010-06-24 12:22:01 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll
    [-] 2010-05-06 10:41:52 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)] . . C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll
    [-] 2010-02-25 06:24:36 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)] . . C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll
    [-] 2009-12-21 19:14:04 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)] . . C:\WINDOWS\ie8updates\KB980182-IE8\mshtml.dll
    [-] 2009-10-29 07:45:37 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\ie8updates\KB978207-IE8\mshtml.dll
    [-] 2009-03-08 09:41:16 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB976325-IE8\mshtml.dll
    [-] 2008-04-14 10:42:00 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
    [-] 2008-04-14 00:11:59 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
    [-] 2004-08-04 12:00:00 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\ie8\mshtml.dll

    [-] 2008-04-14 10:42:52 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\msvcrt.dll
    [-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
    [-] 2008-04-14 00:12:51 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
    [-] 2004-08-04 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-04 12:00:00 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

    [-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\ERDNT\cache\mswsock.dll
    [-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
    [-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
    [-] 2008-04-14 10:42:02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
    [-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll

    [-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\netlogon.dll
    [-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
    [-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

    [-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\powrprof.dll
    [-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
    [-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll

    [-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\scecli.dll
    [-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
    [-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

    [-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\sfc.dll
    [-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
    [-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll

    [-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\svchost.exe
    [-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
    [-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe

    [-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\tapisrv.dll
    [-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
    [-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll

    [-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\user32.dll
    [-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
    [-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll

    [-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\userinit.exe
    [-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
    [-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

    [-] 2011-02-22 23:06:29 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044 (longhorn_ie8_gdr.110211-1700)] . . C:\WINDOWS\system32\wininet.dll
    [-] 2011-02-22 23:06:29 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044 (longhorn_ie8_gdr.110211-1700)] . . C:\WINDOWS\system32\dllcache\wininet.dll
    [-] 2010-12-20 23:59:20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)] . . C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll
    [-] 2010-11-06 00:26:58 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992 (longhorn_ie8_gdr.101015-1700)] . . C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll
    [-] 2010-09-10 05:58:08 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\ERDNT\cache\wininet.dll
    [-] 2010-09-10 05:58:08 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll
    [-] 2010-06-24 12:22:03 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll
    [-] 2010-05-06 10:41:53 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll
    [-] 2010-02-25 06:24:37 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)] . . C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
    [-] 2009-12-21 19:14:05 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)] . . C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll
    [-] 2009-10-29 07:45:38 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
    [-] 2009-03-08 09:34:58 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll
    [-] 2008-04-14 10:42:10 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    [-] 2008-04-14 00:12:08 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
    [-] 2004-08-04 12:00:00 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\ie8\wininet.dll

    [-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ws2_32.dll
    [-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
    [-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll

    [-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ws2help.dll
    [-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
    [-] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll

    [-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
    [-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\explorer.exe
    [-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

    [-] 2008-04-14 10:42:34 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe
    [-] 2008-04-14 10:42:34 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regedit.exe
    [-] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe

    [-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\ERDNT\cache\ole32.dll
    [-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\ole32.dll
    [-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\dllcache\ole32.dll
    [-] 2008-04-14 10:42:04 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 00:12:02 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
     
  10. rjtj32

    rjtj32 TS Rookie Topic Starter

    [-] 2010-04-16 15:36:56 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\usp10.dll
    [-] 2010-04-16 15:36:56 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\dllcache\usp10.dll
    [-] 2008-04-14 10:42:10 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\usp10.dll
    [-] 2008-04-14 00:12:08 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll

    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
    [-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

    [-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\wscntfy.exe
    [-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
    [-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

    [-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\xmlprov.dll
    [-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
    [-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll

    [-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\eventlog.dll
    [-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
    [-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

    [-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\sfcfiles.dll
    [-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
    [-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll

    [-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\ctfmon.exe
    [-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
    [-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe

    [-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\shsvcs.dll
    [-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
    [-] 2008-04-14 10:42:06 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\shsvcs.dll
    [-] 2008-04-14 10:42:06 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll

    [-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\regsvc.dll
    [-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
    [-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

    [-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\schedsvc.dll
    [-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
    [-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll

    [-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ssdpsrv.dll
    [-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
    [-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll

    [-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\termsrv.dll
    [-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
    [-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll

    [-] 2008-04-14 10:41:56 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 10:41:56 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
    [-] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll

    [-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\appmgmts.dll
    [-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\appmgmts.dll
    [-] 2008-04-14 00:11:49 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll

    [-] 2004-08-04 12:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\acpiec.sys
    [-] 2004-08-04 12:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

    [-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ERDNT\cache\aec.sys
    [-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
    [-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
    [-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys

    [-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\agp440.sys
    [-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys
    [-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

    [-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ip6fw.sys
    [-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
    [-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys

    [-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\ERDNT\cache\mfc40u.dll
    [-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
    [-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
    [-] 2008-04-14 10:41:58 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll


    [-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\msgsvc.dll
    [-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
    [-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll

    [-] 2008-04-14 00:12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mspmsnsv.dll
    [-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\ERDNT\cache\mspmsnsv.dll
    [-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll

    [-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntkrnlpa.exe
    [-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    [-] 2010-04-27 13:05:00 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\ERDNT\cache\ntkrnlpa.exe
    [-] 2008-04-14 05:01:22 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-13 18:31:21 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe

    [-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ERDNT\cache\ntmssvc.dll
    [-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
    [-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll

    [-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\upnphost.dll
    [-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
    [-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll

    [-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\dsound.dll
    [-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
    [-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll

    [-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\d3d9.dll
    [-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
    [-] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll

    [-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\ddraw.dll
    [-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
    [-] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll

    [-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ERDNT\cache\olepro32.dll
    [-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
    [-] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll

    [-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\perfctrs.dll
    [-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
    [-] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll

    [-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\version.dll
    [-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
    [-] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll

    [-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntoskrnl.exe
    [-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    [-] 2010-04-28 02:25:02 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
    [-] 2008-04-14 05:57:54 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 19:27:53 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe

    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\srsvc.dll
    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
    [-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

    [-] 2008-04-14 10:42:10 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 10:42:10 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\w32time.dll
    [-] 2008-04-14 00:12:08 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll

    [-] 2008-04-14 10:42:10 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 10:42:10 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wiaservc.dll
    [-] 2008-04-14 00:12:08 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll

    [-] 2008-04-14 10:41:58 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 10:41:58 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\midimap.dll
    [-] 2008-04-14 00:11:57 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll

    [-] 2008-04-14 10:42:04 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 10:42:04 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\rasadhlp.dll
    [-] 2008-04-14 00:12:03 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 14:32:14 18085888]
    "nwiz"="nwiz.exe" [2006-05-09 20:50:00 1519616]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 20:50:00 7311360]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 20:50:00 86016]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 20:15:29 281768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 21:38:18 421888]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 01:17:32 49152]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 20:31:16 80896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:42:18 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=C:\Documents and Settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
    backup=C:\WINDOWS\pss\DynDNS Updater Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
    backup=C:\WINDOWS\pss\LoopBe1 Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
    backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=C:\Documents and Settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 23:11:26 640440 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
    2007-10-24 04:18:29 393216 ------w- C:\Program Files\ACT\Act for Windows\ActSage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
    2007-10-24 03:55:18 9728 ------w- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-09-23 09:42:13 38840 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57:28 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-02-12 18:44:42 500208 ------w- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58:34 611712 ----a-w- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57:06 406992 ----a-w- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04:49 3972440 ----a-w- C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45:26 1164584 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2009-11-26 02:04:46 1087752 ----a-w- c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 05:22:56 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-03-04 16:31:54 2736128 ----a-w- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
    2009-12-10 14:12:32 625184 ----a-w- C:\Program Files\Starfield\Desktop Calendar Tools\OutSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40:16 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
    2010-08-15 16:03:45 32960 ----a-w- C:\Program Files\Starfield\starfieldupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37:14 517096 ----a-w- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-04-17 00:31:06 202256 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2008-12-04 03:15:16 218408 ----a-w- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
    2010-07-07 16:33:20 1076432 ----a-w- C:\Program Files\Starfield\wben.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "C:\\Program Files\\SoulseekNS\\slsk.exe"=
    "C:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "C:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM

    R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [3/4/2010 1:45:28 PM 64288]
    R0 SmartDefragDriver;SmartDefragDriver;C:\WINDOWS\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23:48 PM 13496]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25:48 PM 12872]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41:30 PM 67656]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19:03 PM 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14:02 AM 136360]
    R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [2/4/2010 1:42:34 PM 49152]
    R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run --> C:\WINDOWS\system32\hasplms.exe -run [?]
    R2 IMFservice;IMF Service;C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23:05 PM 821080]
    S0 Soluto;Soluto;C:\WINDOWS\system32\drivers\Soluto.sys [6/1/2011 10:44:43 PM 51144]
    S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [5/28/2011 5:03:44 PM 364576]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46:20 AM 284016]
    S3 File Backup;File Backup Service;C:\Program Files\Starfield\offSyncService.exe [7/16/2010 1:47:26 PM 1310960]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01:39 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01:39 PM 136176]
    S3 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29:54 AM 29178224]
    S3 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200;C:\Program Files\Nero\Update\NASvc.exe [5/4/2010 12:07:22 PM 503080]
    S3 RegFilter;RegFilter;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23:28 PM 30368]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37:14 PM 517096]
    S3 UrlFilter;UrlFilter;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23:28 PM 16080]
    S3 XobniService;XobniService;C:\Program Files\Xobni\XobniService.exe [10/12/2009 12:33:26 PM 46824]
    S4 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19:28 PM 103800]
    S4 FileMonitor;FileMonitor;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23:28 PM 239472]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52:57 AM 1352832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29:54 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

    Contents of the 'Scheduled Tasks' folder

    2011-06-12 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52:58 . 2010-06-17 16:46:11]

    2011-06-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

    2011-06-12 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01:39 . 2010-12-09 01:01:28]

    2011-06-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01:39 . 2010-12-09 01:01:28]

    2011-06-10 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

    2011-06-13 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

    2011-06-12 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

    2011-06-13 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

    2011-06-13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 09:31:54 . 2009-03-08 09:31:54]

    2011-06-10 C:\WINDOWS\Tasks\Windows Codec Update Service.job
    - C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06:00 . 2011-02-27 10:06:00]


    ------- Supplementary Scan -------

    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

    - - - - ORPHANS REMOVED - - - -

    AddRemove-Shop for HP Supplies - C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please remove all of these domains from the Trusted Zone. Nothing needs to be in that zone. The security is lower.
    Control Panel or Tools in IE: Internet Options> Security tab> Trusted sites> Sites> Find each pf the following in the Web Sites box and click on Remove for each. Click on OK> Apply> OK when through.
    realtytools.com
    toolkitcma.com
    toolkitcma2.com
    ===================================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      ndis.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  12. rjtj32

    rjtj32 TS Rookie Topic Starter

    Having a little problem connecting to the internet. I'm getting a code 39 error for all of my network adapters. I downloaded systemlook from my laptop and will move it to the desktop of my pc via usb and run it as said.

    How do I fix the code 39 error so my wireless adapters work again so I can connect to the internet via my pc?
     
  13. rjtj32

    rjtj32 TS Rookie Topic Starter

    SystemLook 04.09.10 by jpshortstuff
    Log created at 12:41 on 15/06/2011 by Rob
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "ndis.*"
    C:\ComboFix\ndis.sys.ND_ --a---- 14 bytes [12:00 13/06/2011] [12:00 13/06/2011] 4669A9D0F7726595DD6FDF8B14BDAAFE
    C:\WINDOWS\ERDNT\cache\ndis.sys --a---- 182656 bytes [01:28 15/11/2010] [05:50 14/04/2008] 1DF7F42665C94B825322FAE71721130D
    C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys --a---- 182656 bytes [08:17 05/02/2010] [19:20 13/04/2008] 1DF7F42665C94B825322FAE71721130D
    C:\WINDOWS\ServicePackFiles\i386\ndis.sys ------- 182656 bytes [22:30 08/02/2010] [05:50 14/04/2008] 1DF7F42665C94B825322FAE71721130D
    C:\WINDOWS\system32\dllcache\ndis.sys --a--c- 215424 bytes [17:07 28/05/2011] [17:07 28/05/2011] (Unable to calculate MD5)

    -= EOF =-
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    For this:
    Device Manager

    Using Safe Mode and Device Manager to troubleshoot.

    1) Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    2) Access the Device Manager: Control Panel> System> Hardware tab> Device Manager
    • Double-click (or highlight a device> Properties> This will show Device Status and Device Usage
    • Disable the drivers for the following devices (if present) using theDevice Usage for each
      [o] Display Adapters
      [o] Floppy Disk Controllers
      [o] Hard Disk Controllers
      [o] Keyboard
      [o] Mouse
      [o] Network Adapters
      [o] PCMCIA Socket
      [o] Ports
      [o] SCSI Controllers
      [o] Sound, Video, and Game Controllers

      This icon [​IMG] appears on devices that aren't responding or whose drivers aren't installed properly.
      This icon [​IMG] appears on devices that have been disabled.

    3) Reboot the computer into normal mode.
    • If the computer successfully boots into normal mode, reenable half of the device drivers that were disabled and reboot.
    • Continue rebooting and reenabling successively more devices until Windows no longer boots normally.
    • One of the device drivers in the most recently reenabled group of drivers is causing the problem.
    ============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    FCopy:: C:\WINDOWS\ServicePackFiles\i386\ndis.sys | C:\WINDOWS\system32\drivers\ndis.sys
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  15. rjtj32

    rjtj32 TS Rookie Topic Starter

    I disabled everything I had on the list and rebooted and enabled them and its boots fine but I still have the yellow ! next to all of my network drivers in Device Manager.

    He's the Combofix log after following your steps


    ComboFix 11-06-12.04 - Rob 06/16/2011 9:53.6.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1252 [GMT -4:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    F:\Autorun.inf
    .
    -- Previous Run --
    .
    c:\windows\system32\drivers\ndis.sys . . . is infected!!
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 15:46 . 2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    2011-06-15 15:45 . 2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll
    2011-06-15 15:45 . 2011-06-15 15:45 -------- d-----w- c:\program files\Belkin
    2011-06-15 02:54 . 2011-06-15 08:05 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-15 02:50 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-14 13:04 . 2011-06-15 04:17 -------- d-----w- c:\windows\system32\NtmsData
    2011-06-09 17:22 . 2011-06-09 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2011-06-09 17:21 . 2011-06-09 17:21 -------- d-----w- c:\program files\Common Files\HP
    2011-06-09 17:20 . 2011-06-09 17:20 -------- d-----w- c:\program files\Hewlett-Packard
    2011-06-09 17:19 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2011-06-09 17:19 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2011-06-09 17:19 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-06-09 17:19 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
    2011-06-09 17:19 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2011-06-09 17:18 . 2011-06-09 17:22 -------- d-----w- c:\program files\HP
    2011-06-09 15:14 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-06-08 12:24 . 2011-06-08 12:24 -------- d-----w- C:\_OTM
    2011-06-06 17:35 . 2011-06-06 17:35 -------- d-----w- c:\program files\ESET
    2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
    2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
    2011-06-05 17:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-05 17:37 . 2011-06-14 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-05 17:37 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-04 23:25 . 2011-06-16 13:34 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
    2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
    2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
    2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
    2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
    2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
    2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
    2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
    2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
    2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
    2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
    2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
    2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
    2011-05-02 15:31 . 2010-02-04 16:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
    2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
    [7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
    .
    c:\windows\System32\drivers\ndis.sys ... is missing !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-13_12.05.16 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-04 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
    + 2010-02-04 18:17 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2010-02-04 18:17 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2010-02-04 18:17 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2010-02-04 18:17 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
    + 2011-06-15 09:41 . 2011-06-15 09:41 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\e092208b746d81afc2ff5ac2b975505d\stdole.ni.dll
    + 2011-06-15 09:25 . 2011-06-15 09:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
    + 2011-06-15 09:23 . 2011-06-15 09:23 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 64512 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\6c1e702cfaea8a9fee7e7661aa3d89c9\PCGUsersCenter.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\3bb7879d09007e1a8be12d36f0e7ed66\PCGRSPProbe.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\7d5fbc89175a1d8e0feae7a63c334aed\PCGHIDProbe.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGEntities\a82c51ea15ef1e630607a89b0c6c4dbc\PCGEntities.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 57344 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\314ccfb409e3738d19ce6eecfb2f08ad\PCGConfiguration.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 20480 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\2a65ea688eab99831a8bf3ff91eb89eb\PCGAzureEntityFramework.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dcf12a13a1b26f3ea197cbaae05f9330\Microsoft.SqlServer.CustomControls.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Common\ecee0b5af8291763194d5994cd63935c\Infralution.Common.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\5f89641c7f9efd0b9d630a89ddacda4c\Extensibility.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
    + 2011-06-15 09:46 . 2011-06-15 09:46 33280 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Remoting.Com#\3403ddf611c5d686b8e8048040bc5f4d\Act.UI.Remoting.Common.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.LookupsResou#\83d4919f1c9c89c310c3fbb62cd748f6\Act.UI.LookupsResources.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 72192 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Email\8bcd0d78eac993fc21a089dff4fac39b\Act.UI.Email.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Dialogs\e106c92d675f4a697a955bbfcd323400\Act.UI.Dialogs.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\eebdac9fe1ce0754365527cbfd8a8721\Act.UI.Designer.Report.Resources.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\5819a18241da48c9370eb8a2e173a2cd\Act.Shared.Windows.Forms.NotificationItem.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 54272 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\2ba54c117cdaf521dfdf86435d924503\Act.Shared.Windows.Forms.StyleEnforcer.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\3689e5756fe1811e39aa3ecd291f716f\Act.Shared.Utilities.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.UI.Utili#\7ec4b88e05201eaa2a4f19a2519a48e9\Act.Shared.UI.Utilities.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Messaging\5e04b87a59f0ad79916bebe5d026292b\Act.Shared.Messaging.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Messagin#\5ca99e05533d7973ce7645d9616fd839\Act.Shared.Messaging.Types.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Licensing\406104f799abc7663d59ad86f2fed992\Act.Shared.Licensing.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 46592 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\59d36b134c8091094ec23dfa57859a0c\Act.Shared.Diagnostics.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 79360 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\37af54e7c1c35a61afb827f1e2108a64\Act.Shared.Config.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 13824 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.PluginFactory\37ac7db656f8f064087f75ac1a4619f7\Act.PluginFactory.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\a2a84f87e76ab9c9c55f8a8cfc8b526e\Act.Framework.Synchronization.Remoting.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Stand#\06fb91f57f5fb22918cb524c228000be\Act.Framework.StandaloneActivityRecurUtility.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 27648 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Messa#\ec075b8f714da5c86ff46bfb7df6a3f9\Act.Framework.Messaging.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Synchro#\b08c4cf5153170a44c4fef275485d43b\Act.Devices.Synchronization.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Plugin\78f7f683693edf927f30070effcc9056\Act.Devices.Plugin.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 64000 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\413d748fdf995e50ab01823d8b4a4f1e\Act.Devices.Conduit.Config.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data.ActDb\efb2b1474aaa067eb1d94ef7d7330eb8\Act.Data.ActDb.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Application.Int#\c27984ef969b045f2d300774128ddcd3\Act.Application.Interop.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    + 2011-06-15 09:02 . 2011-06-15 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-06-15 09:01 . 2011-06-15 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-06-15 09:02 . 2011-06-15 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2011-06-15 09:02 . 2011-06-15 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2011-06-15 09:05 . 2011-06-15 09:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-06-15 09:05 . 2011-06-15 09:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2011-06-15 09:05 . 2011-06-15 09:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2011-06-15 09:05 . 2011-06-15 09:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2004-08-04 12:00 . 2011-06-05 15:25 561318 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2011-06-15 09:14 561318 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2011-06-05 15:25 113758 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-06-15 09:14 113758 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    - 2004-08-04 12:00 . 2008-04-14 10:42 551936 c:\windows\system32\oleaut32.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
    - 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
    + 2009-03-08 09:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
    + 2004-08-04 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
    - 2010-02-04 17:42 . 2003-12-16 02:17 396608 c:\windows\system32\drivers\ar5211.sys
    + 2010-02-04 17:42 . 2003-12-16 01:17 396608 c:\windows\system32\drivers\ar5211.sys
    + 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
    - 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    - 2004-08-04 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
    + 2010-02-04 16:43 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
    - 2010-02-04 18:17 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2010-02-04 18:17 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2010-02-05 02:33 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-02-05 02:33 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2010-02-05 02:33 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2010-02-04 18:17 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2010-02-04 18:17 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-11 22:16 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-11 22:16 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2004-08-04 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2004-08-04 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
    - 2004-08-04 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
    + 2010-02-05 02:34 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
    - 2010-02-05 02:34 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    + 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-06-15 07:03 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2011-06-15 07:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2011-06-15 07:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2011-06-15 07:56 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
    + 2011-06-15 07:57 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
    + 2011-06-15 07:57 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
    + 2011-06-15 07:56 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
    + 2011-06-15 07:56 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
    + 2010-02-05 02:33 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2011-06-15 09:54 . 2011-06-15 09:54 747008 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\749c0b6c41eb134d26f557bc8e5a3e88\ZedGraph.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\9aeb95d79c2da10a5c309b52fc77dc20\XobniStatistics.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 487936 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\81966a64bc543f6077ca85d31f4b5a95\XobniPluginAPI.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\c1c1125342421095c76b12fabef356ea\Xobni.XMapiAccessor.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
    + 2011-06-15 09:41 . 2011-06-15 09:41 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 777728 c:\windows\assembly\NativeImages_v2.0.50727_32\Utilities\2e4f5d3536d6f4e9968bad94608a679c\Utilities.ni.dll
    + 2011-06-15 09:41 . 2011-06-15 09:41 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
    + 2011-06-15 09:40 . 2011-06-15 09:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 432128 c:\windows\assembly\NativeImages_v2.0.50727_32\TAPIEx_Wrap\6fbc7289aea10c0367f0c3eeffa63be7\TAPIEx_Wrap.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\cdf4f4c280e68227acdd53a4f13d8995\System.Messaging.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
    + 2011-06-15 09:34 . 2011-06-15 09:34 208384 c:\windows\assembly
     
  16. rjtj32

    rjtj32 TS Rookie Topic Starter

    \NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\b1ef036a0ff708e6f8f3cf2a4acf18a7\System.Data.SqlServerCe.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 463360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\f49a4b07c930fde1eb011069f6fa8f89\System.Data.SQLite.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\c69fcf0346bee942bbed92652d143c97\SolutoUpdateService.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 675840 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\67f71165d2b1986616de73cda28b1d6b\SolutoCleanup.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
    + 2011-06-15 09:48 . 2011-06-15 09:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
    + 2011-06-15 09:27 . 2011-06-15 09:27 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
    + 2011-06-15 09:27 . 2011-06-15 09:27 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
    + 2011-06-15 09:27 . 2011-06-15 09:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
    + 2011-06-15 09:27 . 2011-06-15 09:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\d338c74c9c857395d1b85f1d4b27936e\PCGUpgrader.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\cd87b102320a6ead6932a22588eef9dd\PCGSAProbe.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 644096 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\710539fbf39f9f3feddc062bf5a01b99\PCGPostBootResources.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\7b066dc83d02ff75c6a45f32f76d091b\PCGDriverProbe.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 510464 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\05d4a3044bb1440d520f1817f28eeb0b\PCGDataAggregation.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 879616 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\b6fb12b236a2f48e55d6764db3187147\PCGClientCommunication.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 408576 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\4002300fd91c210310d369fafb9b22c0\PCGCatalogItemFootprint.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\6cb9a06fcbf6242f7e8c0e26aa34186e\PCGCatalogItemCache.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 717312 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\37cdccd56253559bce35f9fdbdcf75d6\PCGBrowsersProbe.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 380416 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\40b9f5e03c4ef17760b1a7a1d093cc4a\PCGBootVisualizingCore.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 189440 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\25e8c99f1f15369bdaae9257ad0a254c\PCGBootVisualizingCommon.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 672256 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\ec67d2d4f2dcf06983540177ea375d8a\PCGAzureShared.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\f5c76bd9abadeabebdc1851f26baa01c\office.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 963072 c:\windows\assembly\NativeImages_v2.0.50727_32\office\35ef41f982149a3a548ef62e49dfbee7\office.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\e7390b11f43b107f2987811db284ec17\Newtonsoft.Json.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
    + 2011-06-15 09:51 . 2011-06-15 09:51 466944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a39938cfc4be0e73feabccdf81c81e0e\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\22b5dda86c257126acbe465f55b39652\Microsoft.Vbe.Interop.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fab4e67e0cd7f82fd55752a208f7f8d5\Microsoft.SqlServer.Setup.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c78b055d2be9adef22101a8b140a1722\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9c61807848ad3aad31dfc1e71fd0f409\Microsoft.SqlServer.GridControl.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ServiceHo#\01f9bff44989f75b09885555fa068bc2\Microsoft.ServiceHosting.ServiceRuntime.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\3895ba5a853b78ebd2775e6a55ec66c4\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 572928 c:\windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\147eba82477c1b6b4e9d5148648d47a0\Ionic.Zip.Reduced.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\513afc91d31de50e6b3569add6ae280f\Interop.shdocvw.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 100864 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\2d54f480d0481219d626964c7c388e0a\Interop.IWshRuntimeLibrary.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 132096 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.DartMail\60a0ed7041ec3e6159ede19cd1aed3fc\Interop.DartMail.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 126976 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\e83dd444e538309154ffa72f6fd6322d\Interop.ADChronopher.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 424448 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Controls\18463e61b1d02f08895113acc2d21912\Infralution.Controls.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 784384 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Control#\eac87682fb65efb4c55d884150c93898\Infralution.Controls.VirtualTree.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Wi#\1550a97a04bea7112987e540c2d51462\Infragistics.Act.Win.UltraWinListBar.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 323072 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Sh#\bb27aa84e485bad190a516c4c8c9696e\Infragistics.Act.Shared.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 517120 c:\windows\assembly\NativeImages_v2.0.50727_32\Genghis\d91844820c423914af27aa4d5238b7c7\Genghis.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 392704 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraNavB#\3ea3a83c3995ca6cc092e269ba89eac3\DevExpress.XtraNavBar.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 570880 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils\a2702114232759abceda84d0ed0900f7\DevExpress.Utils.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
    + 2011-06-15 09:47 . 2011-06-15 09:47 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Thesaurus\439f41c5b3fbaed817f2b136e0d83a5d\C1.Win.C1Thesaurus.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 585216 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Spell\6eb0863773ef9e0c9c41120b9694dc2d\C1.Win.C1Spell.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Common\51dde9cc6928cefe9c4f974825e9bdeb\C1.Common.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 207360 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.C1Zip\7d2269ff5c8dfd4de8989bd751e27716\C1.C1Zip.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\autocomplete\00c749f1f9a4abff328bb1adf7d580ab\autocomplete.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\902cf1c2bb0956093d005cf3684176bb\Antlr3.Runtime.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 147456 c:\windows\assembly\NativeImages_v2.0.50727_32\actmigration\e5c3f0984c4861036f32ca29dc0ca593\actmigration.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 745984 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.WordProcesso#\9f6e6b76b7a9197d935483d29463eb2a\Act.UI.WordProcessorDialogs.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 653312 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Widgets\c6bade17ed3a45b95524ff9c834bc53b\Act.UI.Widgets.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 153088 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Updater\f2c74f975cceb24effd1a0ad8d90c1c9\Act.UI.Updater.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 798720 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.PickList\e468933aa38aab4489634af1a43cdf6b\Act.UI.PickList.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 246784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.GroupCompany#\b732a167002efc75420d4c8e7a4045d6\Act.UI.GroupCompanyPicker.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 241152 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\97f06415770c0fa9f65756cfa73dc0ce\Act.UI.Designer.Report.Data.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Lay#\ea30026b0c35318ae0edaafe6be1c4c6\Act.UI.Designer.Layout.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 524800 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Con#\d87d6c2f10b2221eb1c473f188dc873b\Act.UI.Designer.Controls.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 671744 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Con#\86a1cf7cfa180e436d20fc2b1bb31b02\Act.UI.Designer.Conversion.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 953856 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.DataExchange\a5faa9f9035b6bf62bff89af700caf4c\Act.UI.DataExchange.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 640000 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.DatabaseMain#\d0fbac553229dea64b95b06c7d6db6e9\Act.UI.DatabaseMaintenanceDialogs.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 242688 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.CriteriaDlg\2bd71d521ef7308e4ebacb98e34be1a9\Act.UI.CriteriaDlg.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 774656 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Calendar.Vie#\bffa30aa39d7641460f4b61a7c36a37a\Act.UI.Calendar.Views.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 101888 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.AdvancedQuery\7e57e48445441a72e159ef81aeb397de\Act.UI.AdvancedQuery.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.ActivityView#\852a43992a6b6cbb416c74cf2ab9407f\Act.UI.ActivityViews.Widgets.TimeSelector.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 182784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\d9a5e63b9970711c732b036ff4c276c5\Act.UI.Activities.Views.Shared.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 703488 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\ff37ec2487e0a3786806e4d60a641a50\Act.Shared.Win32.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 882688 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.FDO\5b9c69efaa61fe7f9a335d5f0f678871\Act.Shared.FDO.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 257536 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\e9a5d729f200b21fa2762feb8c9ba1fc\Act.Shared.Diagnostics.DefectLogger.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 150016 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Componen#\88f6599da430c91a956e3dbe17832f2d\Act.Shared.ComponentModel.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Collecti#\672255851bbad7fc9ee16513f2a3ec49\Act.Shared.Collections.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 140288 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Inter#\c25d3389634eb68edc9ea3dee40f8298\Act.Framework.Interop.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\cf9938bff2f18793e147cbeebef6275e\Act.Framework.DataExchange.Act6.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 557568 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\8bc7ecf0c0ef6daa1eda7ffeed2efae2\Act.Framework.DataExchange.OutlookSync.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 894976 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\5d189241ad0fdc900508b79ef744c41b\Act.Framework.DataExchange.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 441344 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\445722d4f30cc837eddcb7dbc0d6f696\Act.Framework.DataExchange.PalmReader.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 224256 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\399b545e46523a301fdee4dc7c753bbd\Act.Framework.ComponentModel.Core.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 195584 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Entities\86eea820f54be762d0d9b9595bbecc92\Act.Devices.Entities.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 645120 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\4355415315380de5b72905a594833855\Act.Devices.Conduit.Records.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 108032 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data\608b5efef2a4b3b140cccf2592c04d72\Act.Data.ni.dll
    + 2011-06-15 09:00 . 2011-06-15 09:00 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-06-15 09:02 . 2011-06-15 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-06-15 09:09 . 2011-06-15 09:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-06-15 09:08 . 2011-06-15 09:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-06-15 09:03 . 2011-06-15 09:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-06-15 09:03 . 2011-06-15 09:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-06-15 09:08 . 2011-06-15 09:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-06-15 09:09 . 2011-06-15 09:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-06-15 09:08 . 2011-06-15 09:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-06-15 09:09 . 2011-06-15 09:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-06-15 09:03 . 2011-06-15 09:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-06-15 09:03 . 2011-06-15 09:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-06-15 09:02 . 2011-06-15 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-06-15 09:06 . 2011-06-15 09:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-06-15 09:00 . 2011-06-15 09:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-06-15 09:03 . 2011-06-15 09:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-06-15 09:00 . 2011-06-15 09:00 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
    - 2009-03-08 09:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
    + 2009-03-08 09:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
    + 2004-08-04 12:00 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-04 12:00 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
    - 2010-02-04 18:17 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2010-02-04 18:17 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
    + 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\3ef52c7.msp
    + 2011-06-15 07:56 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
    + 2011-06-15 07:56 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 2681344 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\d2fb58fe6e89d184cfcde4142e8e2800\XobniFeeds.ni.dll
    + 2011-06-15 09:23 . 2011-06-15 09:23 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
    + 2011-06-15 09:41 . 2011-06-15 09:41 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
    + 2011-06-15 09:21 . 2011-06-15 09:21 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
    + 2011-06-15 09:36 . 2011-06-15 09:36 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:53 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
    + 2011-06-15 09:34 . 2011-06-15 09:34 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
    + 2011-06-15 09:34 . 2011-06-15 09:34 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
    + 2011-06-15 09:33 . 2011-06-15 09:33 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
    + 2011-06-15 09:30 . 2011-06-15 09:30 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\e12e3036e337cbeb2d274b37ff4c1279\System.Data.OracleClient.ni.dll
    + 2011-06-15 09:31 . 2011-06-15 09:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
    + 2011-06-15 09:52 . 2011-06-15 09:52 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
    + 2011-06-15 09:29 . 2011-06-15 09:29 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 1219584 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoService\b9e9dc9176a161be5b20b192e11bef9a\SolutoService.ni.exe
    + 2011-06-15 09:49 . 2011-06-15 09:49 6887936 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoConsole\4a38db8d922b4c56cafdb9cee2360eea\SolutoConsole.ni.exe
    + 2011-06-15 09:48 . 2011-06-15 09:48 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\Soluto\3ba0efbebde92781befb0c198cf79e67\Soluto.ni.exe
    + 2011-06-15 09:28 . 2011-06-15 09:28 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
    + 2011-06-15 09:28 . 2011-06-15 09:28 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
    + 2011-06-15 09:22 . 2011-06-15 09:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 2845696 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\d8f280ab864fdbeb0445d9c210444b2d\PCGPreCompiled.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 2231296 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\d82052bda6bd06d7e672635542828a22\PCGFramework.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 3473920 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\d1028cdf365e59dd81759fe432f645e4\PCGDatabase.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 1231360 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\acf963bc80d26f18a3630332be34908c\PCGCommunication.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 2990592 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\8ace4cc08b638a67d0fe5811f1b33c48\PCGClientCommon.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 1454080 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\8bf0792ad2ff1c6ec305694fe0e9765e\Newtonsoft.Json.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\e807ae9e23cfd75e6e55d5d3167549f8\Microsoft.Office.Interop.Outlook.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\8a4eae223e3c934b32990b83e293d085\Microsoft.Office.Interop.Word.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-06-15 09:51 . 2011-06-15 09:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
    + 2011-06-15 09:54 . 2011-06-15 09:54 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\56b060245f243d664240a16c48d22c9c\Interop.XobniRdo.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 3098112 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Win\1b6a8b5874f2365006d90ec875242ac7\Infragistics.Act.Win.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 2606080 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Wi#\593e20a20f8e92b9f54f96ba74437d4e\Infragistics.Act.Win.UltraWinSchedule.ni.dll
    + 2011-06-15 09:50 . 2011-06-15 09:50 3471872 c:\windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\18eb9d4dad28660604577880a9600f15\DevComponents.DotNetBar.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 2327552 c:\windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\9810405d0d5bce300ed05ee836f4a0c3\Community.CsharpSqlite.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 1306112 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1PrintPrevi#\0b02592fc0db96d85d3f05fe22d360b5\C1.Win.C1PrintPreview.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1315840 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1FlexGrid\9ff8b89433f045e15d62284edd533914\C1.Win.C1FlexGrid.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1195008 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.PrintUtil\52192e06bc45c02eeb5af3f64b17d7f6\C1.PrintUtil.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 3622912 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.C1PrintDocument\74792bbe96dbc581f389ba68626fefa0\C1.C1PrintDocument.ni.dll
    + 2011-06-15 09:49 . 2011-06-15 09:49 1088000 c:\windows\assembly\NativeImages_v2.0.50727_32\AmCharts.Windows\91cd0226f92ea234874a4c37db5c8106\AmCharts.Windows.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 2469376 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.WordProcessor\d41d088ad8d9fbc379c7716afbcd3df0\Act.UI.WordProcessor.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1833472 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.SyncSetup\86633b20ae3326a4dd0d150ee7e2b18f\Act.UI.SyncSetup.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 4532224 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Preferences\11079a6ad3a90e34e03d0c1bea16ae3d\Act.UI.Preferences.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 2776064 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Opportunitie#\d8e2ec34af85528aae45d8b72fc768b5\Act.UI.Opportunities.Views.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1355776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Import\ed6dc8f7c48755a5f1a443aaff3cd74e\Act.UI.Import.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1995776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Groups.Views\a7a23d20d20ffbee9b174ca8b3fc624f\Act.UI.Groups.Views.ni.dll
    + 2011-06-15 09:46 . 2011-06-15 09:46 1334784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Export\8db3dd85a7c22d885d582e0eb92dd866\Act.UI.Export.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 2433024 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\a5055385fe355987df69782f9cd6312c\Act.UI.Designer.Report.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 1128448 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Core\cbf1d2628f963e3bff51cc842d606238\Act.UI.Core.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 2421248 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Contacts.Vie#\b5c97cb06c1a15fe6ea24a192b4206a5\Act.UI.Contacts.Views.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 3868160 c:\windows\assembly\NativeImages_v2.0.50727_32\ACT.UI.Common.Images\111642020bc34d0ac28411e2d94c21d6\ACT.UI.Common.Images.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 2483200 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\62438aa31baa19f719b69357552b1c61\Act.UI.Activities.Views.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 3180544 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\1975bccc92510ca7ce9483db2fe2c5b7\Act.Shared.Windows.Forms.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 1810432 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.LicProvi#\f74ba2fa497c96454bf135f406c8b4d0\Act.Shared.LicProvider.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 4115968 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\2e2e53cbb1ddcdaa4e44dd2bfbbb0e16\Act.Shared.Images.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 7495168 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\2d66fd7c857c74eb17a47e5558540e3b\Act.Framework.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 1287680 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\9164ac743cd889af183d635631d99c0d\Act.Framework.Synchronization.ni.dll
    + 2011-06-15 09:44 . 2011-06-15 09:44 2257408 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\6d78caddd614b2be3749a47a7d458cf3\Act.Framework.ComponentModel.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 1111552 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.UI.Cust#\1411815331301b4b0ddbd6d98f86ef10\Act.Devices.UI.Custom.ni.dll
    + 2011-06-15 09:43 . 2011-06-15 09:43 1000960 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data.Resources\a9cef9185cf4e50ad30fea0009bfcc3b\Act.Data.Resources.ni.dll
    + 2011-06-15 09:07 . 2011-06-15 09:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-06-15 09:08 . 2011-06-15 09:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-06-15 09:00 . 2011-06-15 09:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-06-15 09:01 . 2011-06-15 09:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-06-15 08:59 . 2011-06-15 08:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2011-04-15 07:10 . 2011-04-15 07:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-06-15 09:08 . 2011-06-15 09:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-04-15 07:11 . 2011-04-15 07:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-06-15 09:05 . 2011-06-15 09:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2010-10-01 07:05 . 2011-04-15 07:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2010-02-04 18:18 . 2011-06-15 08:08 47716296 c:\windows\system32\MRT.exe
    + 2009-03-08 09:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
    + 2010-02-04 18:17 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\444057a.msp
    + 2011-06-15 07:56 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
    + 2011-06-15 09:53 . 2011-06-15 09:53 11188736 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\f59f1b488ace707ded3d0494f6bd90d8\XobniCommon.ni.dll
    + 2011-06-15 09:35 . 2011-06-15 09:35 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
    + 2011-06-15 09:48 . 2011-06-15 09:48 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
    + 2011-06-15 09:47 . 2011-06-15 09:47 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
    + 2011-06-15 09:32 . 2011-06-15 09:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
    + 2011-06-15 09:26 . 2011-06-15 09:26 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
    + 2011-06-15 09:24 . 2011-06-15 09:24 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
    + 2011-06-15 09:20 . 2011-06-15 09:20 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    + 2011-06-15 09:45 . 2011-06-15 09:45 21728768 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI\c2db7045ebefc89416e31767475bd3f0\Act.UI.ni.dll
    .
     
  17. rjtj32

    rjtj32 TS Rookie Topic Starter

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    "nwiz"="nwiz.exe" [2006-05-09 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
    backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
    backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
    2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
    2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
    2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
    2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
    2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
    R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [6/15/2011 11:45 AM 49152]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 1:38 PM 366640]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 1:37 PM 22712]
    S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
    S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
    S3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
    S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
    S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
    S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
    .
    2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    2011-06-16 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-16 10:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(472)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-06-16 10:21:36
    ComboFix-quarantined-files.txt 2011-06-16 14:21
    ComboFix2.txt 2011-06-06 17:17
    ComboFix3.txt 2011-06-04 03:33
    .
    Pre-Run: 32,841,347,072 bytes free
    Post-Run: 32,923,766,784 bytes free
    .
    - - End Of File - - 0B4155E4DEF1F5EC39422440B0093468
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try doing a right click> Properties on each of the Network Adapters. See what the message is> Normal on the General tab is "this device is working properly." If or does not show that, note what it says, then select the Advanced tab if the device has that tab. See what the value is.
    ============================================
    Combofix is saying the 'ndis' file is infected. This will affect the adapters. I replaced it once- let's try again.:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    
    FCopy:: c:\windows\ERDNT\cache\ndis.sys | c:\windows\system32\drivers\ndis.sys
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
     
  19. rjtj32

    rjtj32 TS Rookie Topic Starter

    The Device Status for all the Network Adapters listed say "Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)"

    The only one with the advanced tab was my wireless card and here are the properties and their values

    On the Advanced Tab:
    802.11b Preamble - Long and Short
    Map Registers - 256
    Network Address - Not Present
    Power Save mode - Fast PSP
    Radio On/Off - On



    Heres the Combofix log

    ComboFix 11-06-12.04 - Rob 06/17/2011 15:40:22.7.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1299 [GMT -4:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-16 16:54 . 2011-06-16 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\U3
    2011-06-15 15:46 . 2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    2011-06-15 15:45 . 2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll
    2011-06-15 15:45 . 2011-06-15 15:45 -------- d-----w- c:\program files\Belkin
    2011-06-15 02:54 . 2011-06-15 08:05 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-15 02:50 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-14 13:04 . 2011-06-15 04:17 -------- d-----w- c:\windows\system32\NtmsData
    2011-06-09 17:22 . 2011-06-09 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2011-06-09 17:21 . 2011-06-09 17:21 -------- d-----w- c:\program files\Common Files\HP
    2011-06-09 17:20 . 2011-06-09 17:20 -------- d-----w- c:\program files\Hewlett-Packard
    2011-06-09 17:19 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
    2011-06-09 17:19 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
    2011-06-09 17:19 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2011-06-09 17:19 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
    2011-06-09 17:19 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
    2011-06-09 17:18 . 2011-06-09 17:22 -------- d-----w- c:\program files\HP
    2011-06-09 15:14 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-06-08 12:24 . 2011-06-08 12:24 -------- d-----w- C:\_OTM
    2011-06-06 17:35 . 2011-06-06 17:35 -------- d-----w- c:\program files\ESET
    2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
    2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
    2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
    2011-06-05 17:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-05 17:37 . 2011-06-14 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-05 17:37 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-04 23:25 . 2011-06-17 15:19 -------- d-----w- c:\windows\system32\wbem\Logs
    2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
    2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
    2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
    2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
    2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
    2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
    2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
    2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
    2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
    2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
    2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
    2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
    2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
    2011-05-02 15:31 . 2010-02-04 16:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
    2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
    [7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
    .
    c:\windows\System32\drivers\ndis.sys ... is missing !!
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-06-16_14.15.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-16 16:54 . 2011-06-16 16:54 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
    + 2011-06-16 16:54 . 2011-06-16 16:54 109056 c:\windows\Installer\84887a.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    "nwiz"="nwiz.exe" [2006-05-09 1519616]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2011-6-16 22486]
    NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
    backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
    backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
    backup=c:\windows\pss\Orbit.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
    2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
    2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    .
     
  20. rjtj32

    rjtj32 TS Rookie Topic Starter

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
    2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
    2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
    2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
    R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [6/15/2011 11:45 AM 49152]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 1:38 PM 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 1:37 PM 22712]
    S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
    S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
    S3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
    S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
    S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
    S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
    S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
    S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
    .
    2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
    .
    2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    2011-06-17 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-17 16:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(468)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(6360)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-06-17 16:07:14
    ComboFix-quarantined-files.txt 2011-06-17 20:07
    ComboFix2.txt 2011-06-16 14:21
    ComboFix3.txt 2011-06-06 17:17
    ComboFix4.txt 2011-06-04 03:33
    .
    Pre-Run: 32,862,179,328 bytes free
    Post-Run: 32,838,852,608 bytes free
    .
    - - End Of File - - DD9AAE24AD4EB975C834485F845728D6
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Still getting this: c:\windows\System32\drivers\ndis.sys ... is missing !!

    You are going to need to run the System File Checker:
    Have your Windows XP installation CD ready, so that you can it insert it if you are prompted to do so.
    • Click on Staet> Run> type in sfc /scannow (note there is a space between SFC and the forward slash)> enter.
    • Follow any instructions on the screen.
    • SFC should close when finished.
    • Reboot the computer.
    I tried twice to replace the file from you system and didn't succeed. So I'm sure you're need the CD for the OS.
    =======================================
    I noticed this> Did you add this?
    2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
    Related to mdc8021x.sys IEEE 802.1X Protocol Driver from Meetinghouse Data Communications.
    You left this description:
    Did you attemt to update this?
    2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll> Belkin Wireless A/G Desktop Network Card Driver
    ============================
    There is also a deletion in Combofix indicating you may have used an infected Flash drive. What is Drive F?

    .
     
  22. rjtj32

    rjtj32 TS Rookie Topic Starter



    I ran that scan with my installation cd when prompted and it finished and I rebooted. Still same error for adapters.

    as for your other 2 questions I don't remember adding or updating those things. At least not recently since I've been having problems with my computer.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...