Inactive Blue Screen/Redirect

[rjtj32]

Hi,

I've had an issue with search engine redirects and BSOD on restarts. I've been searching the web and have done random cleaning program (alot used on threads I've looked at quickly) and even though the redirects have stopped the antivirus scans still show up as infected. I found this site and see how thorough you guys are with removal of all issues until your computer is totally clean and would like to get my computer to that state. Thanks for your time.

I have followed the 7 steps. Malwarebytes and DDS scans went fine. Malwarebytes after the 1st scan it found threats and upon reboot I received an error 2. Not sure of the error and if threats were removed right I did another quick scan to check and no threats were found. As for the Gmer, I've tried the scan many times and it would crash deep into the scan and the BSOD would pop up and my computer would restart. I then ran it in safe mode and it completed but didnt allow me to produce/save a log. So I have pasted the Malwarebytes (both scans) and DDS scan logs...


Scan1
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6774

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/5/2011 9:58:18 AM
mbam-log-2011-06-05 (09-58-18).txt

Scan type: Quick scan
Objects scanned: 231760
Time elapsed: 13 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\adgj.agHlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.agHlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J40NOZ44HU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SECURITY SOLUTION 2011 (Rogue.SecuritySolution) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Security Solution 2011\SoftID (Rogue.SecuritySolution) -> Value: SoftID -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Rob\application data\security solution 2011 (Rogue.SecuritySolution) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Rob\application data\security solution 2011\icoactivate.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.
c:\documents and settings\Rob\application data\security solution 2011\IcoHelp.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.
c:\documents and settings\Rob\application data\security solution 2011\icouninstall.ico (Rogue.SecuritySolution) -> Quarantined and deleted successfully.




Scan 2
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6776

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/5/2011 2:02:05 PM
mbam-log-2011-06-05 (14-02-05).txt

Scan type: Quick scan
Objects scanned: 237043
Time elapsed: 22 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Rob at 8:52:53 on 2011-06-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.318 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\hp\hp software update\hpwuschd2.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\qtace09p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\qtace09p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-1 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-1 353168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\belkin\belkin wireless ag desktop network card\wireless utility\WLService.exe [2010-2-4 49152]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-6-1 51144]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-5-28 364576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-1 30368]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-1 16080]
S3 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
S4 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-1 239472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
.
=============== Created Last 30 ================
.
2011-06-05 17:38:16 -------- d-----w- c:\documents and settings\rob\application data\Malwarebytes
2011-06-05 17:38:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:37:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 17:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 17:37:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 23:25:03 -------- d-----w- c:\windows\system32\wbem\Logs
2011-06-04 20:24:53 -------- d--h--w- C:\$AVG
2011-06-04 13:03:03 -------- d-----w- c:\documents and settings\rob\application data\AVG10
2011-06-04 12:54:23 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-04 12:54:23 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-04 12:52:19 -------- d-----w- c:\program files\AVG
2011-06-04 12:46:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-03 20:04:53 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
2011-06-03 19:38:04 2 --shatr- c:\windows\winstart.bat
2011-06-03 19:37:24 -------- d-----w- c:\program files\UnHackMe
2011-06-03 19:08:06 388096 ----a-r- c:\documents and settings\rob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-03 19:08:03 -------- d-----w- c:\program files\Trend Micro
2011-06-03 12:01:37 -------- d-----w- c:\documents and settings\rob\application data\SUPERAntiSpyware.com
2011-06-03 12:01:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 03:01:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-06-03 01:06:26 -------- d-----w- C:\AVGTemp
2011-06-02 02:44:43 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-02 02:44:11 -------- d-----w- c:\program files\Soluto
2011-06-02 02:43:07 -------- d-----w- c:\documents and settings\all users\application data\Soluto
2011-06-01 23:24:02 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-01 23:23:48 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-01 23:19:06 -------- d-----w- c:\documents and settings\rob\application data\IObit
2011-06-01 23:19:01 -------- d-----w- c:\program files\IObit
2011-05-26 00:09:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 23:25:17 -------- d-----w- c:\program files\iPod
2011-05-10 23:24:55 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-05-28 17:34:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-28 17:07:34 215424 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-19 20:17:28 47360 ----a-w- c:\documents and settings\rob\application data\pcouffin.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 8:54:20.93 ===============

 

[rjtj32]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2010 11:48:28 AM
System Uptime: 6/6/2011 7:21:16 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 939 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 31.832 GiB free.
D: is CDROM ()
E: is Removable
H: is Removable
I: is FIXED (FAT32) - 7 GiB total, 0.392 GiB free.
K: is Removable
M: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: HP Photosmart C4400
Device ID: USB\VID_03F0&PID_6C11&MI_00\6&2EE527E8&0&0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart C4400
PNP Device ID: USB\VID_03F0&PID_6C11&MI_00\6&2EE527E8&0&0000
Service: usbscan
.
Class GUID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A3A103C&REV_A1\3&2411E6FE&0&A0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_2A3A103C&REV_A1\3&2411E6FE&0&A0
Service:
.
==== System Restore Points ===================
.
RP23: 6/5/2011 10:02:49 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
A4DeskPro v5.01
abgx360 v1.0.2
Acrobat.com
ACT! by Sage for Real Estate 2008 (10.0)
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 4 Design Premium
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS5
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 4
AIM 7
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 2011
AVS Video Converter 7
Belkin Wireless A/G Desktop Network Card
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
Bonjour
BufferChm
C4400
C4400_Help
Canon Camera WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Cards_Calendar_OrderGift_DoMorePlugout
Chief Architect X1
Chief Architect X2
Connect
ConvertXtoDVD 4.1.10.348
Copy
CustomerResearchQFolder
CyberLink PhotoNow
CyberLink PowerDirector
Desktop Calendar Tools
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
DVD Decrypter (Remove Only)
DVD Identifier
DynDNS Updater
eSupportQFolder
EventPro Planner
FastStone Photo Resizer 3.0
FileZilla Client 3.3.5.1
Free WMA to MP3 Converter 1.16
Google Earth
Google SketchUp 8
Google Update Helper
GPBaseService
GPL MPEG-1/2 DirectShow Decoder Filter
Guitar Pro 5.2
HiJackThis
Home Designer Suite 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iBBDemo2
ImgBurn
IObit Malware Fighter
iTunes
Java Auto Updater
Java(TM) 6 Update 20
JDownloader
K-Lite Codec Pack 5.7.0 (Basic)
kuler
LightScribe System Software
LoopBe1 - Internal MIDI Port
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NETGEAR WG311v2 802.11g Wireless PCI Adapter
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Orbit Downloader
PanoStandAlone
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
PlayFLV
PowerISO
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickBooks
QuickBooks Customer Manager Version 2.5
QuickBooks Pro 2010
Quicken 2010
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Registry Clean Expert
Rosetta Stone Version 3
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Shop for HP Supplies
Smart Defrag 2
SmartSound Quicktracks Plugin
SmartWebPrintingOC
SolutionCenter
Soluto
SoulSeek 157 NS 13e
Spelling Dictionaries Support For Adobe Reader 9
Status
Suite Shared Configuration CS4
SUPERAntiSpyware
Toolbox
ToolkitCMA
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual Studio 2005 Tools for Office Second Edition Runtime
Vuze
Vuze_Remote Toolbar
WebFldrs XP
WebReg
Windows Essentials Media Codec Pack 3.4 [32-Bit]
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinImage
WinRAR archiver
Xilisoft DVD Ripper Ultimate
Xobni
Xobni Core
XP Codec Pack
XPort 360
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 11:23:15 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
6/5/2011 10:48:08 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/5/2011 10:47:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/4/2011 11:46:22 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\D.
6/4/2011 10:42:08 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:42:08 AM, error: Service Control Manager [7034] - The HASP License Manager service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:42:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Belkin Wireless Desktop Card Service service to connect.
6/4/2011 10:42:08 AM, error: Service Control Manager [7000] - The Belkin Wireless Desktop Card Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/4/2011 10:41:38 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:41:38 AM, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:41:32 AM, error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:41:32 AM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2011 9:12:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
6/3/2011 9:12:35 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 9:06:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
6/3/2011 9:06:25 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 2 time(s).
6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 2 time(s).
6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s).
6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
6/3/2011 8:02:05 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/3/2011 8:02:05 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 3:04:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
6/3/2011 3:04:22 PM, error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/3/2011 3:03:25 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/3/2011 3:03:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service service to connect.
6/3/2011 3:03:15 PM, error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 2:57:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/3/2011 2:57:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/3/2011 12:44:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SASDIFSV SASKUTIL SCDEmu Soluto
6/3/2011 12:15:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/3/2011 12:15:25 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 11:18:36 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/3/2011 11:15:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
6/3/2011 11:15:36 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 10:22:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit QuickBooks FCS service to connect.
6/3/2011 10:22:38 AM, error: Service Control Manager [7000] - The Intuit QuickBooks FCS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2011 10:21:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
6/3/2011 10:21:32 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/2/2011 8:47:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/2/2011 8:26:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SCDEmu Soluto
6/2/2011 7:25:02 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2011 5:34:52 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
6/2/2011 10:13:15 PM, error: Service Control Manager [7031] - The Belkin Wireless Desktop Card Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/1/2011 8:44:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor SCDEmu
6/1/2011 8:16:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
6/1/2011 8:15:59 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/1/2011 8:04:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DynDNS Updater service to connect.
6/1/2011 8:04:49 AM, error: Service Control Manager [7000] - The DynDNS Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2011 12:49:15 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2011 12:46:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/1/2011 11:30:17 AM, error: Print [19] - Sharing printer failed + 1722, Printer Send To OneNote 2007 share name Printer.
5/31/2011 8:00:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/31/2011 7:55:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips ohci1394 Processor SCDEmu
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware.

The main malware is Rogue SecuritySolution Malwarbytes has remove much of it. Here's a description:

Rogue security solutions, also called fake AV or scareware, are malicious programs that trick the user into buying useless licenses for non-functioning antivirus programs. While masquerading as legitimate security products, scareware use deceptive tactics to convince users that their machines are infected when it’s not the case, and attempt to scare them into paying for a license to have inexistent threats removed. Security Essentials 2010, which is also being known as Internet Security 2010, is a rogue security program belonging to the Win32/Fakeinit malware family.

These rogue programs update to reflect the current year, but they are still the same program.There will be other entries. For instance, it appears that this has been reset:
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,.
======================================
I will need you to run the following scans in order to help find the additional entries for removal:
AVG has not left any way to disable it to run Combofix and the program won't run with it on. So you will remove it temporarily:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
Please follow with this online scan:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
Please Note: Advise uninstall Registry Clean Expert. We do not advise anyone to use a registry cleaner.
You have file sharing programs on the system> I notices Vuze and the Vuze Toolbar. Please either uninstall or disable them. Do not do any 'file sharing' while I am helping you.

Please leave lgo for Combofix and the Eset scan in your next reply.

Observe: Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[rjtj32]

Thanks for your help. Sorry it took so long to reply the Eset scan took a long time. Here are my Logs.


ComboFix 11-06-06.01 - Rob 06/06/2011 12:32:40.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.504 [GMT -4:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2011-06-05 17:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-05 17:37 . 2011-06-05 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 17:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 23:25 . 2011-06-06 15:46 -------- d-----w- c:\windows\system32\wbem\Logs
2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-28 17:07 . 2011-05-28 17:07 215424 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:48 . 2011-05-16 17:48 -------- d-----w- c:\documents and settings\Rob\Application Data\U3
2011-05-10 23:25 . 2011-05-10 23:25 -------- d-----w- c:\program files\iPod
2011-05-10 23:24 . 2011-05-10 23:27 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
2011-05-28 17:34 . 2011-01-04 20:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-28 17:07 . 2004-08-04 12:00 215424 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
.
[-] 2011-05-28 17:07 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2011-05-28 17:07 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
.
[-] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
.
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
.
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
.
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie8\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\ERDNT\cache\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
.
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
.
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
.
[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
.
[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
.
[-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll
[-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll

 

[rjtj32]

.
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [2/4/2010 1:42 PM 49152]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
R3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*NewlyCreated* - SSMDRV
*Deregistered* - pxtdqpoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
.
2011-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-06-06 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(5736)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\system32\xpsp3res.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-06-06 13:17:47
ComboFix-quarantined-files.txt 2011-06-06 17:17
ComboFix2.txt 2011-06-04 03:33
.
Pre-Run: 34,760,572,928 bytes free
Post-Run: 34,754,551,808 bytes free
.
- - End Of File - - 70481C1CAE405EEF5B2CC79415C1CF99


Eset Found this 1 threat

C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar multiple threats

 

[Bobbye]

For the Eset entry, usually this type is in the Java cache. But this doesn't appear to be there:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files  
  C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
I need to replace a file so we have to find a good copy:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  ndis.*

  =
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
=================================
I'll try to get back later to review Combofix. If I don't, I'll do it first thing in the morning.

 

[rjtj32]

Here are the next 2 logs


All processes killed
========== FILES ==========
C:\Documents and Settings\Rob\My Documents\Downloads\vsoConvertXtoDVD4.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: -
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 61688035 bytes
->Apple Safari cache emptied: 34163712 bytes

User: --
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 2278961 bytes

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8503430 bytes

User: Rob
->Temp folder emptied: 641721 bytes
->Temporary Internet Files folder emptied: 1397498 bytes
->FireFox cache emptied: 88363596 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 14463 bytes

User: TEMP
->FireFox cache emptied: 45002271 bytes
->Apple Safari cache emptied: 214016 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4305425 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 662717 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 236.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06082011_082418

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...







SystemLook 04.09.10 by jpshortstuff
Log created at 08:39 on 08/06/2011 by Rob
Administrator - Elevation successful

========== filefind ==========

Searching for "ndis.*"
C:\WINDOWS\ERDNT\cache\ndis.sys --a---- 182656 bytes [01:28 15/11/2010] [05:50 14/04/2008] (Unable to calculate MD5)
C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys --a---- 182656 bytes [08:17 05/02/2010] [19:20 13/04/2008] (Unable to calculate MD5)
C:\WINDOWS\ServicePackFiles\i386\ndis.sys ------- 182656 bytes [22:30 08/02/2010] [05:50 14/04/2008] (Unable to calculate MD5)
C:\WINDOWS\system32\dllcache\ndis.sys --a--c- 215424 bytes [17:07 28/05/2011] [17:07 28/05/2011] (Unable to calculate MD5)
C:\WINDOWS\system32\drivers\ndis.sys --a---- 215424 bytes [12:00 04/08/2004] [17:07 28/05/2011] (Unable to calculate MD5)

-= EOF =

 

[Bobbye]

Okay- so no available file found. Need to check this please:

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:

FileLook::
c:\windows\system32\drivers\ndis.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[rjtj32]

Sorry I was away for the weekend.

I dragged the file into Combofix and it ran but asked for an update. I updated Combofix and it restarted automatically so I'm not sure if it ran a normal scan after the restart or continued with what it was supposed to do after I dragged the file into it. Here's the posted log of the scan it ran. If its not the right thing let me know and I'll drag the file in again.


ComboFix 11-06-12.04 - Rob 06/13/2011 7:41:33.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1305 [GMT -4:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\ndis.sys . . . is infected!!


((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))


2011-06-09 17:22:30 . 2011-06-09 17:22:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2011-06-09 17:21:00 . 2011-06-09 17:21:00 -------- d-----w- C:\Program Files\Common Files\HP
2011-06-09 17:20:47 . 2011-06-09 17:20:47 -------- d-----w- C:\Program Files\Hewlett-Packard
2011-06-09 17:19:16 . 2007-10-31 00:22:51 303104 ----a-w- C:\WINDOWS\system32\hpovst14.dll
2011-06-09 17:19:16 . 2007-10-31 00:22:50 970752 ----a-w- C:\WINDOWS\system32\hpotiop6.dll
2011-06-09 17:19:15 . 2007-10-31 00:25:52 372736 ----a-w- C:\WINDOWS\system32\hppldcoi.dll
2011-06-09 17:19:15 . 2007-10-31 00:25:52 309760 ----a-w- C:\WINDOWS\system32\difxapi.dll
2011-06-09 17:19:15 . 2007-10-31 00:22:51 729088 ----a-w- C:\WINDOWS\system32\hpowiax8.dll
2011-06-09 17:18:48 . 2011-06-09 17:22:30 -------- d-----w- C:\Program Files\HP
2011-06-09 15:14:10 . 2008-04-14 04:15:36 15104 ----a-w- C:\WINDOWS\system32\drivers\usbscan.sys
2011-06-08 12:24:18 . 2011-06-08 12:24:18 -------- d-----w- C:\_OTM
2011-06-06 17:35:22 . 2011-06-06 17:35:22 -------- d-----w- C:\Program Files\ESET
2011-06-06 15:16:59 . 2011-06-06 15:16:59 -------- d-----w- C:\Documents and Settings\Rob\Application Data\Avira
2011-06-06 15:13:52 . 2011-04-01 21:07:59 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-06-06 15:13:52 . 2011-04-01 21:07:59 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-06-06 15:13:52 . 2010-06-17 19:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-06-06 15:13:52 . 2010-06-17 19:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-06-06 15:13:51 . 2011-06-06 15:13:51 -------- d-----w- C:\Program Files\Avira
2011-06-06 15:13:51 . 2011-06-06 15:13:51 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-06-05 17:38:16 . 2011-06-05 17:38:16 -------- d-----w- C:\Documents and Settings\Rob\Application Data\Malwarebytes
2011-06-05 17:38:00 . 2010-12-20 22:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-05 17:37:58 . 2011-06-05 17:37:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-06-05 17:37:54 . 2011-06-05 17:38:04 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-05 17:37:54 . 2010-12-20 22:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-04 23:25:03 . 2011-06-12 18:56:05 -------- d-----w- C:\WINDOWS\system32\wbem\Logs
2011-06-04 13:03:03 . 2011-06-04 13:03:03 -------- d-----w- C:\Documents and Settings\Rob\Application Data\AVG10
2011-06-04 12:54:23 . 2011-06-06 15:37:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG10
2011-06-04 12:54:23 . 2011-06-06 15:06:56 -------- d-----w- C:\WINDOWS\system32\drivers\AVG
2011-06-04 12:52:19 . 2011-06-04 12:52:19 -------- d-----w- C:\Program Files\AVG
2011-06-04 12:46:27 . 2011-06-06 15:11:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2011-06-03 20:04:53 . 2011-06-03 20:04:54 54016 ----a-w- C:\WINDOWS\system32\drivers\cspbefgt.sys
2011-06-03 19:38:04 . 2011-06-03 19:38:04 2 --shatr- C:\WINDOWS\winstart.bat
2011-06-03 19:37:24 . 2011-06-04 13:27:40 -------- d-----w- C:\Program Files\UnHackMe
2011-06-03 19:08:06 . 2011-06-03 19:08:06 388096 ----a-r- C:\Documents and Settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-03 19:08:03 . 2011-06-03 19:08:03 -------- d-----w- C:\Program Files\Trend Micro
2011-06-03 12:01:37 . 2011-06-03 12:01:37 -------- d-----w- C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com
2011-06-03 12:01:10 . 2011-06-03 12:02:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-03 03:01:49 . 2011-06-03 03:01:49 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2011-06-03 01:06:26 . 2011-06-03 01:06:26 -------- d-----w- C:\AVGTemp
2011-06-02 02:44:43 . 2011-05-28 20:47:42 51144 ----a-w- C:\WINDOWS\system32\drivers\Soluto.sys
2011-06-02 02:44:11 . 2011-06-02 02:45:09 -------- d-----w- C:\Program Files\Soluto
2011-06-02 02:43:07 . 2011-06-02 12:04:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Soluto
2011-06-01 23:24:02 . 2011-02-23 20:54:12 29520 ----a-w- C:\WINDOWS\system32\SmartDefragBootTime.exe
2011-06-01 23:23:48 . 2011-02-23 21:04:32 13496 ----a-w- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys
2011-06-01 23:19:06 . 2011-06-02 12:31:30 -------- d-----w- C:\Documents and Settings\Rob\Application Data\IObit
2011-06-01 23:19:01 . 2011-06-01 23:22:37 -------- d-----w- C:\Program Files\IObit
2011-06-01 16:00:31 . 2011-06-01 16:00:31 -------- d-----w- C:\Documents and Settings\Rob\Application Data\HPAppData
2011-05-28 20:16:33 . 2011-05-28 20:16:33 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2011-05-28 17:07:34 . 2011-05-28 17:07:34 215424 -c--a-w- C:\WINDOWS\system32\dllcache\ndis.sys
2011-05-26 00:09:09 . 2011-05-26 00:09:09 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:48:03 . 2011-05-16 17:48:03 -------- d-----w- C:\Documents and Settings\Rob\Application Data\U3
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-06-03 20:04:53 . 2011-06-03 20:04:53 194 ----a-w- C:\WINDOWS\Fonts\cqhr
2011-05-28 17:07:34 . 2004-08-04 12:00:00 215424 ----a-w- C:\WINDOWS\system32\drivers\ndis.sys
2011-04-06 20:20:16 . 2011-04-06 20:20:16 91424 ----a-w- C:\WINDOWS\system32\dnssd.dll
2011-04-06 20:20:16 . 2011-04-06 20:20:16 107808 ----a-w- C:\WINDOWS\system32\dns-sd.exe
2011-03-27 23:37:27 . 2011-03-26 02:43:20 69632 ----a-r- C:\Documents and Settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
2011-03-19 20:17:28 . 2011-03-19 20:17:28 47360 ----a-w- C:\Documents and Settings\Rob\Application Data\pcouffin.sys


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


--- c:\windows\system32\drivers\ndis.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 215424
Created time: 2004-08-04 12:00:00
Modified time: 2011-05-28 17:07:34
MD5: 36D8454FD712060F6D2355C669CD9EB3
SHA1: 9E959AA2317EB97370E57BBEA7991CDE53594EA8


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\atapi.sys
[-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[-] 2008-04-14 05:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[-] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\asyncmac.sys
[-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-14 05:27:28 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys

[-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\beep.sys
[-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\beep.sys
[-] 2004-08-04 12:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 05:09:48 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[-] 2008-04-13 18:39:47 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys

[-] 2011-05-28 17:07:34 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . C:\WINDOWS\system32\dllcache\ndis.sys
[-] 2011-05-28 17:07:34 . 36D8454FD712060F6D2355C669CD9EB3 . 215424 . . [------] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2008-04-14 05:50:38 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ndis.sys
[-] 2008-04-14 05:50:38 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys

[-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\ntfs.sys
[-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-14 05:45:54 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys

[-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\null.sys
[-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\dllcache\null.sys
[-] 2004-08-04 12:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\ERDNT\cache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[-] 2008-04-14 05:50:18 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys

[-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\browser.dll
[-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 10:41:52 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\browser.dll
[-] 2008-04-14 00:11:50 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll

[-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\lsass.exe
[-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 10:42:26 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2008-04-14 00:12:24 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe

[-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\netman.dll
[-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 10:42:02 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2008-04-14 00:12:01 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll

[-] 2008-04-14 10:41:52 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 10:41:52 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll
[-] 2008-04-14 00:11:51 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll

[-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\qmgr.dll
[-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[-] 2008-04-14 10:42:04 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2008-04-14 00:12:03 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll

[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\ERDNT\cache\rpcss.dll
[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
[-] 2009-02-09 12:10:48 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
[-] 2008-04-14 10:42:06 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 00:12:04 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll

[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\ERDNT\cache\services.exe
[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
[-] 2009-02-06 11:11:05 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
[-] 2008-04-14 10:42:36 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
[-] 2008-04-14 00:12:34 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe

[-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\ERDNT\cache\spoolsv.exe
[-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\spoolsv.exe
[-] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\dllcache\spoolsv.exe
[-] 2008-04-14 10:42:38 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12:36 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe

[-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\winlogon.exe
[-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 10:42:40 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2008-04-14 00:12:39 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

[-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\ERDNT\cache\comctl32.dll
[-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\comctl32.dll
[-] 2010-08-23 16:12:04 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
[-] 2010-08-23 16:12:02 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 10:42:52 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 10:41:52 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:12:51 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 00:11:51 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[-] 2004-08-04 12:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 12:00:00 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 10:41:52 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2008-04-14 00:11:51 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll

[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\ERDNT\cache\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[-] 2008-07-07 20:26:58 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[-] 2008-04-14 10:41:54 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2008-04-14 00:11:53 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll

[-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\imm32.dll
[-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 10:41:56 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2008-04-14 00:11:54 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll

[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\ERDNT\cache\kernel32.dll
[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\kernel32.dll
[-] 2009-03-21 14:06:58 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
[-] 2008-04-14 10:41:58 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 00:11:56 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll

[-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 10:41:58 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2008-04-14 00:11:56 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll

[-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\lpk.dll
[-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 10:41:58 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2008-04-14 00:11:56 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll

[-] 2011-02-22 23:06:29 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046 (longhorn_ie8_gdr.110216-1700)] . . C:\WINDOWS\system32\mshtml.dll
[-] 2011-02-22 23:06:29 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046 (longhorn_ie8_gdr.110216-1700)] . . C:\WINDOWS\system32\dllcache\mshtml.dll
[-] 2010-12-20 23:59:20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)] . . C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-11-06 00:26:58 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999 (longhorn_ie8_gdr.101101-1700)] . . C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 05:58:08 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\ERDNT\cache\mshtml.dll
[-] 2010-09-10 05:58:08 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975 (longhorn_ie8_gdr.100907-1700)] . . C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-06-24 12:22:01 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 10:41:52 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)] . . C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-02-25 06:24:36 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)] . . C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-12-21 19:14:04 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)] . . C:\WINDOWS\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-10-29 07:45:37 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-03-08 09:41:16 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 10:42:00 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-14 00:11:59 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[-] 2004-08-04 12:00:00 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\ie8\mshtml.dll

[-] 2008-04-14 10:42:52 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 10:42:02 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[-] 2008-04-14 00:12:51 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-04 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 12:00:00 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 17:46:57 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\ERDNT\cache\mswsock.dll
[-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[-] 2008-06-20 16:02:47 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[-] 2008-04-14 10:42:02 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 00:12:01 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll

[-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\netlogon.dll
[-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 10:42:02 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2008-04-14 00:12:01 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\powrprof.dll
[-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 10:42:04 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2008-04-14 00:12:03 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll

[-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\scecli.dll
[-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 10:42:06 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2008-04-14 00:12:05 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

[-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\sfc.dll
[-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 10:42:06 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2008-04-14 00:12:05 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll

[-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\svchost.exe
[-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 10:42:38 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2008-04-14 00:12:36 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe

[-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 10:42:08 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2008-04-14 00:12:07 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll

[-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\user32.dll
[-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 10:42:10 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2008-04-14 00:12:08 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll

[-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\userinit.exe
[-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 10:42:40 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

[-] 2011-02-22 23:06:29 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044 (longhorn_ie8_gdr.110211-1700)] . . C:\WINDOWS\system32\wininet.dll
[-] 2011-02-22 23:06:29 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044 (longhorn_ie8_gdr.110211-1700)] . . C:\WINDOWS\system32\dllcache\wininet.dll
[-] 2010-12-20 23:59:20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)] . . C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-11-06 00:26:58 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992 (longhorn_ie8_gdr.101015-1700)] . . C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 05:58:08 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\ERDNT\cache\wininet.dll
[-] 2010-09-10 05:58:08 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)] . . C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-06-24 12:22:03 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 10:41:53 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-02-25 06:24:37 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)] . . C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-12-21 19:14:05 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)] . . C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-10-29 07:45:38 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-03-08 09:34:58 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 10:42:10 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 00:12:08 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[-] 2004-08-04 12:00:00 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\ie8\wininet.dll

[-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 10:42:12 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2008-04-14 00:12:10 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll

[-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ws2help.dll
[-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 10:42:12 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
[-] 2008-04-14 00:12:10 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll

[-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\explorer.exe
[-] 2008-04-14 10:42:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[-] 2008-04-14 10:42:34 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe
[-] 2008-04-14 10:42:34 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 00:12:32 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe

[-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\ERDNT\cache\ole32.dll
[-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\ole32.dll
[-] 2010-07-16 12:05:55 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\system32\dllcache\ole32.dll
[-] 2008-04-14 10:42:04 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 00:12:02 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll

 

[rjtj32]

[-] 2010-04-16 15:36:56 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\usp10.dll
[-] 2010-04-16 15:36:56 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\dllcache\usp10.dll
[-] 2008-04-14 10:42:10 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 00:12:08 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll

[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\srsvc.dll
[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 10:42:42 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
[-] 2008-04-14 00:12:41 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe

[-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 10:42:12 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2008-04-14 00:12:11 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll

[-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\eventlog.dll
[-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 10:41:54 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2008-04-14 00:11:53 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 10:42:06 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2008-04-14 00:12:05 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll

[-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 10:42:18 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2008-04-14 00:12:16 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe

[-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\shsvcs.dll
[-] 2009-07-27 23:17:41 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
[-] 2008-04-14 10:42:06 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 10:42:06 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12:05 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\shsvcs.dll

[-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\regsvc.dll
[-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 10:42:06 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2008-04-14 00:12:04 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll

[-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 10:42:06 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2008-04-14 00:12:05 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll

[-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 10:42:08 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2008-04-14 00:12:07 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll

[-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\termsrv.dll
[-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 10:42:08 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2008-04-14 00:12:07 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll

[-] 2008-04-14 10:41:56 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 10:41:56 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
[-] 2008-04-14 00:11:54 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll

[-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\appmgmts.dll
[-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 10:41:50 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\appmgmts.dll
[-] 2008-04-14 00:11:49 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll

[-] 2004-08-04 12:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\ERDNT\cache\acpiec.sys
[-] 2004-08-04 12:00:00 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ERDNT\cache\aec.sys
[-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[-] 2008-04-14 03:09:24 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys

[-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\agp440.sys
[-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[-] 2008-04-14 05:06:40 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys
[-] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\ip6fw.sys
[-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 05:23:36 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys

[-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\ERDNT\cache\mfc40u.dll
[-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
[-] 2010-09-18 06:53:25 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
[-] 2008-04-14 10:41:58 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11:56 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll


[-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 10:42:00 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2008-04-14 00:11:59 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll

[-] 2008-04-14 00:12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mspmsnsv.dll
[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[-] 2006-10-19 02:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\dllcache\mspmsnsv.dll

[-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntkrnlpa.exe
[-] 2010-12-09 13:07:05 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-27 13:05:00 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\ERDNT\cache\ntkrnlpa.exe
[-] 2008-04-14 05:01:22 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31:21 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe

[-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 10:42:04 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2008-04-14 00:12:02 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll

[-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ERDNT\cache\upnphost.dll
[-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 10:42:10 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2008-04-14 00:12:08 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\upnphost.dll

[-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\dsound.dll
[-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 10:41:54 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2008-04-14 00:11:52 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll

[-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\d3d9.dll
[-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 10:41:52 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
[-] 2008-04-14 00:11:51 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll

[-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ERDNT\cache\ddraw.dll
[-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 10:41:52 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
[-] 2008-04-14 00:11:51 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll

[-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ERDNT\cache\olepro32.dll
[-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 10:42:04 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
[-] 2008-04-14 00:12:02 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll

[-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\perfctrs.dll
[-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 10:42:04 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
[-] 2008-04-14 00:12:02 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll

[-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ERDNT\cache\version.dll
[-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
[-] 2008-04-14 10:42:10 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
[-] 2008-04-14 00:12:08 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll

[-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntoskrnl.exe
[-] 2010-12-09 13:38:47 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 02:25:02 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[-] 2008-04-14 05:57:54 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 19:27:53 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe

[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ERDNT\cache\srsvc.dll
[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 10:42:08 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2008-04-14 00:12:07 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

[-] 2008-04-14 10:42:10 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 10:42:10 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\w32time.dll
[-] 2008-04-14 00:12:08 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll

[-] 2008-04-14 10:42:10 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 10:42:10 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wiaservc.dll
[-] 2008-04-14 00:12:08 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wiaservc.dll

[-] 2008-04-14 10:41:58 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 10:41:58 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\midimap.dll
[-] 2008-04-14 00:11:57 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll

[-] 2008-04-14 10:42:04 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 10:42:04 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\rasadhlp.dll
[-] 2008-04-14 00:12:03 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rasadhlp.dll



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 14:32:14 18085888]
"nwiz"="nwiz.exe" [2006-05-09 20:50:00 1519616]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 20:50:00 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 20:50:00 86016]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 20:15:29 281768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 21:38:18 421888]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 01:17:32 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 20:31:16 80896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:42:18 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=C:\WINDOWS\pss\DynDNS Updater Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
backup=C:\WINDOWS\pss\LoopBe1 Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11:26 640440 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-10-24 04:18:29 393216 ------w- C:\Program Files\ACT\Act for Windows\ActSage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-10-24 03:55:18 9728 ------w- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:42:13 38840 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57:28 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-02-12 18:44:42 500208 ------w- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58:34 611712 ----a-w- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57:06 406992 ----a-w- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04:49 3972440 ----a-w- C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45:26 1164584 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 02:04:46 1087752 ----a-w- c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22:56 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 16:31:54 2736128 ----a-w- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
2009-12-10 14:12:32 625184 ----a-w- C:\Program Files\Starfield\Desktop Calendar Tools\OutSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40:16 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-08-15 16:03:45 32960 ----a-w- C:\Program Files\Starfield\starfieldupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37:14 517096 ----a-w- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 00:31:06 202256 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 03:15:16 218408 ----a-w- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
2010-07-07 16:33:20 1076432 ----a-w- C:\Program Files\Starfield\wben.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\SoulseekNS\\slsk.exe"=
"C:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [3/4/2010 1:45:28 PM 64288]
R0 SmartDefragDriver;SmartDefragDriver;C:\WINDOWS\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23:48 PM 13496]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25:48 PM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41:30 PM 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19:03 PM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14:02 AM 136360]
R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [2/4/2010 1:42:34 PM 49152]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run --> C:\WINDOWS\system32\hasplms.exe -run [?]
R2 IMFservice;IMF Service;C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23:05 PM 821080]
S0 Soluto;Soluto;C:\WINDOWS\system32\drivers\Soluto.sys [6/1/2011 10:44:43 PM 51144]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [5/28/2011 5:03:44 PM 364576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46:20 AM 284016]
S3 File Backup;File Backup Service;C:\Program Files\Starfield\offSyncService.exe [7/16/2010 1:47:26 PM 1310960]
S3 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01:39 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01:39 PM 136176]
S3 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29:54 AM 29178224]
S3 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200;C:\Program Files\Nero\Update\NASvc.exe [5/4/2010 12:07:22 PM 503080]
S3 RegFilter;RegFilter;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23:28 PM 30368]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37:14 PM 517096]
S3 UrlFilter;UrlFilter;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23:28 PM 16080]
S3 XobniService;XobniService;C:\Program Files\Xobni\XobniService.exe [10/12/2009 12:33:26 PM 46824]
S4 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19:28 PM 103800]
S4 FileMonitor;FileMonitor;C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23:28 PM 239472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52:57 AM 1352832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29:54 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-06-12 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52:58 . 2010-06-17 16:46:11]

2011-06-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2011-06-12 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01:39 . 2010-12-09 01:01:28]

2011-06-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01:39 . 2010-12-09 01:01:28]

2011-06-10 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

2011-06-13 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

2011-06-12 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

2011-06-13 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09:42 . 2010-02-25 02:09:42]

2011-06-13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 09:31:54 . 2009-03-08 09:31:54]

2011-06-10 C:\WINDOWS\Tasks\Windows Codec Update Service.job
- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06:00 . 2011-02-27 10:06:00]


------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

- - - - ORPHANS REMOVED - - - -

AddRemove-Shop for HP Supplies - C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe

 

[Bobbye]

Please remove all of these domains from the Trusted Zone. Nothing needs to be in that zone. The security is lower.
Control Panel or Tools in IE: Internet Options> Security tab> Trusted sites> Sites> Find each pf the following in the Web Sites box and click on Remove for each. Click on OK> Apply> OK when through.
realtytools.com
toolkitcma.com
toolkitcma2.com
===================================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  ndis.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[rjtj32]

Having a little problem connecting to the internet. I'm getting a code 39 error for all of my network adapters. I downloaded systemlook from my laptop and will move it to the desktop of my pc via usb and run it as said.

How do I fix the code 39 error so my wireless adapters work again so I can connect to the internet via my pc?

 

[rjtj32]

SystemLook 04.09.10 by jpshortstuff
Log created at 12:41 on 15/06/2011 by Rob
Administrator - Elevation successful

========== filefind ==========

Searching for "ndis.*"
C:\ComboFix\ndis.sys.ND_ --a---- 14 bytes [12:00 13/06/2011] [12:00 13/06/2011] 4669A9D0F7726595DD6FDF8B14BDAAFE
C:\WINDOWS\ERDNT\cache\ndis.sys --a---- 182656 bytes [01:28 15/11/2010] [05:50 14/04/2008] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys --a---- 182656 bytes [08:17 05/02/2010] [19:20 13/04/2008] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\ServicePackFiles\i386\ndis.sys ------- 182656 bytes [22:30 08/02/2010] [05:50 14/04/2008] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\system32\dllcache\ndis.sys --a--c- 215424 bytes [17:07 28/05/2011] [17:07 28/05/2011] (Unable to calculate MD5)

-= EOF =-

 

[Bobbye]

For this:

code 39 error for all of my network adapters.

Device Manager

Using Safe Mode and Device Manager to troubleshoot.

1) Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

2) Access the Device Manager: Control Panel> System> Hardware tab> Device Manager

• Double-click (or highlight a device> Properties> This will show Device Status and Device Usage
• Disable the drivers for the following devices (if present) using theDevice Usage for each
  [o] Display Adapters
  [o] Floppy Disk Controllers
  [o] Hard Disk Controllers
  [o] Keyboard
  [o] Mouse
  [o] Network Adapters
  [o] PCMCIA Socket
  [o] Ports
  [o] SCSI Controllers
  [o] Sound, Video, and Game Controllers
  
  This icon
  
  appears on devices that aren't responding or whose drivers aren't installed properly.
  This icon
  
  appears on devices that have been disabled.

3) Reboot the computer into normal mode.

• If the computer successfully boots into normal mode, reenable half of the device drivers that were disabled and reboot.
• Continue rebooting and reenabling successively more devices until Windows no longer boots normally.
• One of the device drivers in the most recently reenabled group of drivers is causing the problem.

============================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

FCopy:: C:\WINDOWS\ServicePackFiles\i386\ndis.sys | C:\WINDOWS\system32\drivers\ndis.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[rjtj32]

I disabled everything I had on the list and rebooted and enabled them and its boots fine but I still have the yellow ! next to all of my network drivers in Device Manager.

He's the Combofix log after following your steps


ComboFix 11-06-12.04 - Rob 06/16/2011 9:53.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1252 [GMT -4:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
-- Previous Run --
.
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-15 15:46 . 2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2011-06-15 15:45 . 2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll
2011-06-15 15:45 . 2011-06-15 15:45 -------- d-----w- c:\program files\Belkin
2011-06-15 02:54 . 2011-06-15 08:05 -------- d--h--w- c:\windows\$hf_mig$
2011-06-15 02:50 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 13:04 . 2011-06-15 04:17 -------- d-----w- c:\windows\system32\NtmsData
2011-06-09 17:22 . 2011-06-09 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-06-09 17:21 . 2011-06-09 17:21 -------- d-----w- c:\program files\Common Files\HP
2011-06-09 17:20 . 2011-06-09 17:20 -------- d-----w- c:\program files\Hewlett-Packard
2011-06-09 17:19 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
2011-06-09 17:19 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2011-06-09 17:19 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-06-09 17:19 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-06-09 17:19 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2011-06-09 17:18 . 2011-06-09 17:22 -------- d-----w- c:\program files\HP
2011-06-09 15:14 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-08 12:24 . 2011-06-08 12:24 -------- d-----w- C:\_OTM
2011-06-06 17:35 . 2011-06-06 17:35 -------- d-----w- c:\program files\ESET
2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2011-06-05 17:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-05 17:37 . 2011-06-14 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 17:37 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 23:25 . 2011-06-16 13:34 -------- d-----w- c:\windows\system32\wbem\Logs
2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
2011-05-02 15:31 . 2010-02-04 16:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
.
c:\windows\System32\drivers\ndis.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-06-13_12.05.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2010-02-04 18:17 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-02-04 18:17 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-02-04 18:17 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-02-04 18:17 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-06-15 09:41 . 2011-06-15 09:41 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 43520 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\e092208b746d81afc2ff5ac2b975505d\stdole.ni.dll
+ 2011-06-15 09:25 . 2011-06-15 09:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-15 09:23 . 2011-06-15 09:23 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 64512 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\6c1e702cfaea8a9fee7e7661aa3d89c9\PCGUsersCenter.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\3bb7879d09007e1a8be12d36f0e7ed66\PCGRSPProbe.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\7d5fbc89175a1d8e0feae7a63c334aed\PCGHIDProbe.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGEntities\a82c51ea15ef1e630607a89b0c6c4dbc\PCGEntities.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 57344 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\314ccfb409e3738d19ce6eecfb2f08ad\PCGConfiguration.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 20480 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\2a65ea688eab99831a8bf3ff91eb89eb\PCGAzureEntityFramework.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dcf12a13a1b26f3ea197cbaae05f9330\Microsoft.SqlServer.CustomControls.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Common\ecee0b5af8291763194d5994cd63935c\Infralution.Common.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\5f89641c7f9efd0b9d630a89ddacda4c\Extensibility.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-15 09:46 . 2011-06-15 09:46 33280 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Remoting.Com#\3403ddf611c5d686b8e8048040bc5f4d\Act.UI.Remoting.Common.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.LookupsResou#\83d4919f1c9c89c310c3fbb62cd748f6\Act.UI.LookupsResources.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 72192 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Email\8bcd0d78eac993fc21a089dff4fac39b\Act.UI.Email.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Dialogs\e106c92d675f4a697a955bbfcd323400\Act.UI.Dialogs.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\eebdac9fe1ce0754365527cbfd8a8721\Act.UI.Designer.Report.Resources.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\5819a18241da48c9370eb8a2e173a2cd\Act.Shared.Windows.Forms.NotificationItem.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 54272 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\2ba54c117cdaf521dfdf86435d924503\Act.Shared.Windows.Forms.StyleEnforcer.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\3689e5756fe1811e39aa3ecd291f716f\Act.Shared.Utilities.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.UI.Utili#\7ec4b88e05201eaa2a4f19a2519a48e9\Act.Shared.UI.Utilities.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 40448 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Messaging\5e04b87a59f0ad79916bebe5d026292b\Act.Shared.Messaging.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Messagin#\5ca99e05533d7973ce7645d9616fd839\Act.Shared.Messaging.Types.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Licensing\406104f799abc7663d59ad86f2fed992\Act.Shared.Licensing.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 46592 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\59d36b134c8091094ec23dfa57859a0c\Act.Shared.Diagnostics.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 79360 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\37af54e7c1c35a61afb827f1e2108a64\Act.Shared.Config.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 13824 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.PluginFactory\37ac7db656f8f064087f75ac1a4619f7\Act.PluginFactory.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\a2a84f87e76ab9c9c55f8a8cfc8b526e\Act.Framework.Synchronization.Remoting.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Stand#\06fb91f57f5fb22918cb524c228000be\Act.Framework.StandaloneActivityRecurUtility.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 27648 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Messa#\ec075b8f714da5c86ff46bfb7df6a3f9\Act.Framework.Messaging.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Synchro#\b08c4cf5153170a44c4fef275485d43b\Act.Devices.Synchronization.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Plugin\78f7f683693edf927f30070effcc9056\Act.Devices.Plugin.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 64000 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\413d748fdf995e50ab01823d8b4a4f1e\Act.Devices.Conduit.Config.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data.ActDb\efb2b1474aaa067eb1d94ef7d7330eb8\Act.Data.ActDb.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Application.Int#\c27984ef969b045f2d300774128ddcd3\Act.Application.Interop.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-06-15 09:02 . 2011-06-15 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-06-15 09:01 . 2011-06-15 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-15 09:02 . 2011-06-15 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-15 09:02 . 2011-06-15 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-15 09:05 . 2011-06-15 09:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-15 09:05 . 2011-06-15 09:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-06-15 09:05 . 2011-06-15 09:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-15 09:05 . 2011-06-15 09:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:10 . 2011-04-15 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 07:10 . 2011-04-15 07:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2011-06-05 15:25 561318 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-06-15 09:14 561318 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-06-05 15:25 113758 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-06-15 09:14 113758 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 10:42 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
- 2010-02-04 17:42 . 2003-12-16 02:17 396608 c:\windows\system32\drivers\ar5211.sys
+ 2010-02-04 17:42 . 2003-12-16 01:17 396608 c:\windows\system32\drivers\ar5211.sys
+ 2004-08-04 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-02-04 16:43 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-02-04 18:17 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-04 18:17 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-05 02:33 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-05 02:33 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-02-05 02:33 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-02-04 18:17 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-02-04 18:17 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 22:16 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 22:16 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-02-05 02:34 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
- 2010-02-05 02:34 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-06-15 07:03 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-15 07:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-15 07:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-15 07:56 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-15 07:57 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-15 07:57 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-15 07:56 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-15 07:56 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2010-02-05 02:33 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-06-15 09:54 . 2011-06-15 09:54 747008 c:\windows\assembly\NativeImages_v2.0.50727_32\ZedGraph\749c0b6c41eb134d26f557bc8e5a3e88\ZedGraph.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\9aeb95d79c2da10a5c309b52fc77dc20\XobniStatistics.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 487936 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniPluginAPI\81966a64bc543f6077ca85d31f4b5a95\XobniPluginAPI.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\c1c1125342421095c76b12fabef356ea\Xobni.XMapiAccessor.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-06-15 09:41 . 2011-06-15 09:41 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 777728 c:\windows\assembly\NativeImages_v2.0.50727_32\Utilities\2e4f5d3536d6f4e9968bad94608a679c\Utilities.ni.dll
+ 2011-06-15 09:41 . 2011-06-15 09:41 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-06-15 09:40 . 2011-06-15 09:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 432128 c:\windows\assembly\NativeImages_v2.0.50727_32\TAPIEx_Wrap\6fbc7289aea10c0367f0c3eeffa63be7\TAPIEx_Wrap.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\cdf4f4c280e68227acdd53a4f13d8995\System.Messaging.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-06-15 09:34 . 2011-06-15 09:34 208384 c:\windows\assembly

 

[rjtj32]

\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\b1ef036a0ff708e6f8f3cf2a4acf18a7\System.Data.SqlServerCe.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 463360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\f49a4b07c930fde1eb011069f6fa8f89\System.Data.SQLite.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\c69fcf0346bee942bbed92652d143c97\SolutoUpdateService.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 675840 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\67f71165d2b1986616de73cda28b1d6b\SolutoCleanup.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-06-15 09:48 . 2011-06-15 09:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-06-15 09:27 . 2011-06-15 09:27 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-06-15 09:27 . 2011-06-15 09:27 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-06-15 09:27 . 2011-06-15 09:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-06-15 09:27 . 2011-06-15 09:27 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\d338c74c9c857395d1b85f1d4b27936e\PCGUpgrader.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\cd87b102320a6ead6932a22588eef9dd\PCGSAProbe.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 644096 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\710539fbf39f9f3feddc062bf5a01b99\PCGPostBootResources.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\7b066dc83d02ff75c6a45f32f76d091b\PCGDriverProbe.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 510464 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\05d4a3044bb1440d520f1817f28eeb0b\PCGDataAggregation.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 879616 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\b6fb12b236a2f48e55d6764db3187147\PCGClientCommunication.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 408576 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\4002300fd91c210310d369fafb9b22c0\PCGCatalogItemFootprint.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\6cb9a06fcbf6242f7e8c0e26aa34186e\PCGCatalogItemCache.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 717312 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\37cdccd56253559bce35f9fdbdcf75d6\PCGBrowsersProbe.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 380416 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\40b9f5e03c4ef17760b1a7a1d093cc4a\PCGBootVisualizingCore.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 189440 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\25e8c99f1f15369bdaae9257ad0a254c\PCGBootVisualizingCommon.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 672256 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\ec67d2d4f2dcf06983540177ea375d8a\PCGAzureShared.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 506880 c:\windows\assembly\NativeImages_v2.0.50727_32\office\f5c76bd9abadeabebdc1851f26baa01c\office.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 963072 c:\windows\assembly\NativeImages_v2.0.50727_32\office\35ef41f982149a3a548ef62e49dfbee7\office.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\e7390b11f43b107f2987811db284ec17\Newtonsoft.Json.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-06-15 09:51 . 2011-06-15 09:51 466944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a39938cfc4be0e73feabccdf81c81e0e\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\22b5dda86c257126acbe465f55b39652\Microsoft.Vbe.Interop.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fab4e67e0cd7f82fd55752a208f7f8d5\Microsoft.SqlServer.Setup.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c78b055d2be9adef22101a8b140a1722\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9c61807848ad3aad31dfc1e71fd0f409\Microsoft.SqlServer.GridControl.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.ServiceHo#\01f9bff44989f75b09885555fa068bc2\Microsoft.ServiceHosting.ServiceRuntime.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\3895ba5a853b78ebd2775e6a55ec66c4\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 572928 c:\windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\147eba82477c1b6b4e9d5148648d47a0\Ionic.Zip.Reduced.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\513afc91d31de50e6b3569add6ae280f\Interop.shdocvw.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 100864 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\2d54f480d0481219d626964c7c388e0a\Interop.IWshRuntimeLibrary.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 132096 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.DartMail\60a0ed7041ec3e6159ede19cd1aed3fc\Interop.DartMail.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 126976 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\e83dd444e538309154ffa72f6fd6322d\Interop.ADChronopher.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 424448 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Controls\18463e61b1d02f08895113acc2d21912\Infralution.Controls.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 784384 c:\windows\assembly\NativeImages_v2.0.50727_32\Infralution.Control#\eac87682fb65efb4c55d884150c93898\Infralution.Controls.VirtualTree.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Wi#\1550a97a04bea7112987e540c2d51462\Infragistics.Act.Win.UltraWinListBar.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 323072 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Sh#\bb27aa84e485bad190a516c4c8c9696e\Infragistics.Act.Shared.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 517120 c:\windows\assembly\NativeImages_v2.0.50727_32\Genghis\d91844820c423914af27aa4d5238b7c7\Genghis.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 392704 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraNavB#\3ea3a83c3995ca6cc092e269ba89eac3\DevExpress.XtraNavBar.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 570880 c:\windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils\a2702114232759abceda84d0ed0900f7\DevExpress.Utils.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-06-15 09:47 . 2011-06-15 09:47 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Thesaurus\439f41c5b3fbaed817f2b136e0d83a5d\C1.Win.C1Thesaurus.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 585216 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Spell\6eb0863773ef9e0c9c41120b9694dc2d\C1.Win.C1Spell.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Common\51dde9cc6928cefe9c4f974825e9bdeb\C1.Common.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 207360 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.C1Zip\7d2269ff5c8dfd4de8989bd751e27716\C1.C1Zip.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\autocomplete\00c749f1f9a4abff328bb1adf7d580ab\autocomplete.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\902cf1c2bb0956093d005cf3684176bb\Antlr3.Runtime.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 147456 c:\windows\assembly\NativeImages_v2.0.50727_32\actmigration\e5c3f0984c4861036f32ca29dc0ca593\actmigration.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 745984 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.WordProcesso#\9f6e6b76b7a9197d935483d29463eb2a\Act.UI.WordProcessorDialogs.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 653312 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Widgets\c6bade17ed3a45b95524ff9c834bc53b\Act.UI.Widgets.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 153088 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Updater\f2c74f975cceb24effd1a0ad8d90c1c9\Act.UI.Updater.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 798720 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.PickList\e468933aa38aab4489634af1a43cdf6b\Act.UI.PickList.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 246784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.GroupCompany#\b732a167002efc75420d4c8e7a4045d6\Act.UI.GroupCompanyPicker.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 241152 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\97f06415770c0fa9f65756cfa73dc0ce\Act.UI.Designer.Report.Data.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Lay#\ea30026b0c35318ae0edaafe6be1c4c6\Act.UI.Designer.Layout.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 524800 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Con#\d87d6c2f10b2221eb1c473f188dc873b\Act.UI.Designer.Controls.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 671744 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Con#\86a1cf7cfa180e436d20fc2b1bb31b02\Act.UI.Designer.Conversion.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 953856 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.DataExchange\a5faa9f9035b6bf62bff89af700caf4c\Act.UI.DataExchange.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 640000 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.DatabaseMain#\d0fbac553229dea64b95b06c7d6db6e9\Act.UI.DatabaseMaintenanceDialogs.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 242688 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.CriteriaDlg\2bd71d521ef7308e4ebacb98e34be1a9\Act.UI.CriteriaDlg.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 774656 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Calendar.Vie#\bffa30aa39d7641460f4b61a7c36a37a\Act.UI.Calendar.Views.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 101888 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.AdvancedQuery\7e57e48445441a72e159ef81aeb397de\Act.UI.AdvancedQuery.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.ActivityView#\852a43992a6b6cbb416c74cf2ab9407f\Act.UI.ActivityViews.Widgets.TimeSelector.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 182784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\d9a5e63b9970711c732b036ff4c276c5\Act.UI.Activities.Views.Shared.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 703488 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\ff37ec2487e0a3786806e4d60a641a50\Act.Shared.Win32.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 882688 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.FDO\5b9c69efaa61fe7f9a335d5f0f678871\Act.Shared.FDO.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 257536 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\e9a5d729f200b21fa2762feb8c9ba1fc\Act.Shared.Diagnostics.DefectLogger.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 150016 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Componen#\88f6599da430c91a956e3dbe17832f2d\Act.Shared.ComponentModel.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Collecti#\672255851bbad7fc9ee16513f2a3ec49\Act.Shared.Collections.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 140288 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Inter#\c25d3389634eb68edc9ea3dee40f8298\Act.Framework.Interop.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\cf9938bff2f18793e147cbeebef6275e\Act.Framework.DataExchange.Act6.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 557568 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\8bc7ecf0c0ef6daa1eda7ffeed2efae2\Act.Framework.DataExchange.OutlookSync.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 894976 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\5d189241ad0fdc900508b79ef744c41b\Act.Framework.DataExchange.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 441344 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.DataE#\445722d4f30cc837eddcb7dbc0d6f696\Act.Framework.DataExchange.PalmReader.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 224256 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\399b545e46523a301fdee4dc7c753bbd\Act.Framework.ComponentModel.Core.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 195584 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Entities\86eea820f54be762d0d9b9595bbecc92\Act.Devices.Entities.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 645120 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\4355415315380de5b72905a594833855\Act.Devices.Conduit.Records.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 108032 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data\608b5efef2a4b3b140cccf2592c04d72\Act.Data.ni.dll
+ 2011-06-15 09:00 . 2011-06-15 09:00 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-15 09:02 . 2011-06-15 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-15 09:09 . 2011-06-15 09:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-06-15 09:08 . 2011-06-15 09:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-15 09:03 . 2011-06-15 09:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-15 09:03 . 2011-06-15 09:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-15 09:08 . 2011-06-15 09:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-06-15 09:09 . 2011-06-15 09:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-15 09:08 . 2011-06-15 09:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-15 09:09 . 2011-06-15 09:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-06-15 09:03 . 2011-06-15 09:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-06-15 09:03 . 2011-06-15 09:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-15 09:02 . 2011-06-15 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-06-15 09:06 . 2011-06-15 09:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-06-15 09:00 . 2011-06-15 09:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-06-15 09:03 . 2011-06-15 09:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-15 09:04 . 2011-06-15 09:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-15 09:00 . 2011-06-15 09:00 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
- 2009-03-08 09:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
- 2010-02-04 18:17 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-04 18:17 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\3ef52c7.msp
+ 2011-06-15 07:56 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-15 07:56 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 2681344 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\d2fb58fe6e89d184cfcde4142e8e2800\XobniFeeds.ni.dll
+ 2011-06-15 09:23 . 2011-06-15 09:23 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-06-15 09:41 . 2011-06-15 09:41 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-06-15 09:21 . 2011-06-15 09:21 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-06-15 09:36 . 2011-06-15 09:36 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:53 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-06-15 09:34 . 2011-06-15 09:34 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-06-15 09:34 . 2011-06-15 09:34 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-06-15 09:33 . 2011-06-15 09:33 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-06-15 09:30 . 2011-06-15 09:30 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\e12e3036e337cbeb2d274b37ff4c1279\System.Data.OracleClient.ni.dll
+ 2011-06-15 09:31 . 2011-06-15 09:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-06-15 09:52 . 2011-06-15 09:52 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-06-15 09:29 . 2011-06-15 09:29 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 1219584 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoService\b9e9dc9176a161be5b20b192e11bef9a\SolutoService.ni.exe
+ 2011-06-15 09:49 . 2011-06-15 09:49 6887936 c:\windows\assembly\NativeImages_v2.0.50727_32\SolutoConsole\4a38db8d922b4c56cafdb9cee2360eea\SolutoConsole.ni.exe
+ 2011-06-15 09:48 . 2011-06-15 09:48 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\Soluto\3ba0efbebde92781befb0c198cf79e67\Soluto.ni.exe
+ 2011-06-15 09:28 . 2011-06-15 09:28 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-06-15 09:28 . 2011-06-15 09:28 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-06-15 09:22 . 2011-06-15 09:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 2845696 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\d8f280ab864fdbeb0445d9c210444b2d\PCGPreCompiled.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 2231296 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\d82052bda6bd06d7e672635542828a22\PCGFramework.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 3473920 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\d1028cdf365e59dd81759fe432f645e4\PCGDatabase.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 1231360 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\acf963bc80d26f18a3630332be34908c\PCGCommunication.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 2990592 c:\windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\8ace4cc08b638a67d0fe5811f1b33c48\PCGClientCommon.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 1454080 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\8bf0792ad2ff1c6ec305694fe0e9765e\Newtonsoft.Json.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 1028608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\e807ae9e23cfd75e6e55d5d3167549f8\Microsoft.Office.Interop.Outlook.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\8a4eae223e3c934b32990b83e293d085\Microsoft.Office.Interop.Word.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-15 09:51 . 2011-06-15 09:51 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
+ 2011-06-15 09:54 . 2011-06-15 09:54 1445888 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.XobniRdo\56b060245f243d664240a16c48d22c9c\Interop.XobniRdo.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 3098112 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Win\1b6a8b5874f2365006d90ec875242ac7\Infragistics.Act.Win.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 2606080 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics.Act.Wi#\593e20a20f8e92b9f54f96ba74437d4e\Infragistics.Act.Win.UltraWinSchedule.ni.dll
+ 2011-06-15 09:50 . 2011-06-15 09:50 3471872 c:\windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\18eb9d4dad28660604577880a9600f15\DevComponents.DotNetBar.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 2327552 c:\windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\9810405d0d5bce300ed05ee836f4a0c3\Community.CsharpSqlite.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 1306112 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1PrintPrevi#\0b02592fc0db96d85d3f05fe22d360b5\C1.Win.C1PrintPreview.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1315840 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1FlexGrid\9ff8b89433f045e15d62284edd533914\C1.Win.C1FlexGrid.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1195008 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.PrintUtil\52192e06bc45c02eeb5af3f64b17d7f6\C1.PrintUtil.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 3622912 c:\windows\assembly\NativeImages_v2.0.50727_32\C1.C1PrintDocument\74792bbe96dbc581f389ba68626fefa0\C1.C1PrintDocument.ni.dll
+ 2011-06-15 09:49 . 2011-06-15 09:49 1088000 c:\windows\assembly\NativeImages_v2.0.50727_32\AmCharts.Windows\91cd0226f92ea234874a4c37db5c8106\AmCharts.Windows.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 2469376 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.WordProcessor\d41d088ad8d9fbc379c7716afbcd3df0\Act.UI.WordProcessor.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1833472 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.SyncSetup\86633b20ae3326a4dd0d150ee7e2b18f\Act.UI.SyncSetup.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 4532224 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Preferences\11079a6ad3a90e34e03d0c1bea16ae3d\Act.UI.Preferences.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 2776064 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Opportunitie#\d8e2ec34af85528aae45d8b72fc768b5\Act.UI.Opportunities.Views.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1355776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Import\ed6dc8f7c48755a5f1a443aaff3cd74e\Act.UI.Import.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1995776 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Groups.Views\a7a23d20d20ffbee9b174ca8b3fc624f\Act.UI.Groups.Views.ni.dll
+ 2011-06-15 09:46 . 2011-06-15 09:46 1334784 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Export\8db3dd85a7c22d885d582e0eb92dd866\Act.UI.Export.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 2433024 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Designer.Rep#\a5055385fe355987df69782f9cd6312c\Act.UI.Designer.Report.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 1128448 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Core\cbf1d2628f963e3bff51cc842d606238\Act.UI.Core.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 2421248 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Contacts.Vie#\b5c97cb06c1a15fe6ea24a192b4206a5\Act.UI.Contacts.Views.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 3868160 c:\windows\assembly\NativeImages_v2.0.50727_32\ACT.UI.Common.Images\111642020bc34d0ac28411e2d94c21d6\ACT.UI.Common.Images.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 2483200 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Activities.V#\62438aa31baa19f719b69357552b1c61\Act.UI.Activities.Views.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 3180544 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\1975bccc92510ca7ce9483db2fe2c5b7\Act.Shared.Windows.Forms.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 1810432 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.LicProvi#\f74ba2fa497c96454bf135f406c8b4d0\Act.Shared.LicProvider.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 4115968 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\2e2e53cbb1ddcdaa4e44dd2bfbbb0e16\Act.Shared.Images.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 7495168 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\2d66fd7c857c74eb17a47e5558540e3b\Act.Framework.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 1287680 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\9164ac743cd889af183d635631d99c0d\Act.Framework.Synchronization.ni.dll
+ 2011-06-15 09:44 . 2011-06-15 09:44 2257408 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Compo#\6d78caddd614b2be3749a47a7d458cf3\Act.Framework.ComponentModel.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 1111552 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.UI.Cust#\1411815331301b4b0ddbd6d98f86ef10\Act.Devices.UI.Custom.ni.dll
+ 2011-06-15 09:43 . 2011-06-15 09:43 1000960 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.Data.Resources\a9cef9185cf4e50ad30fea0009bfcc3b\Act.Data.Resources.ni.dll
+ 2011-06-15 09:07 . 2011-06-15 09:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-15 09:08 . 2011-06-15 09:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-15 09:00 . 2011-06-15 09:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-15 09:01 . 2011-06-15 09:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-15 08:59 . 2011-06-15 08:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-15 07:10 . 2011-04-15 07:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-06-15 09:08 . 2011-06-15 09:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-15 07:11 . 2011-04-15 07:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-15 09:05 . 2011-06-15 09:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-01 07:05 . 2011-04-15 07:10 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-02-04 18:18 . 2011-06-15 08:08 47716296 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
+ 2010-02-04 18:17 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\444057a.msp
+ 2011-06-15 07:56 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
+ 2011-06-15 09:53 . 2011-06-15 09:53 11188736 c:\windows\assembly\NativeImages_v2.0.50727_32\XobniCommon\f59f1b488ace707ded3d0494f6bd90d8\XobniCommon.ni.dll
+ 2011-06-15 09:35 . 2011-06-15 09:35 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-06-15 09:48 . 2011-06-15 09:48 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-06-15 09:47 . 2011-06-15 09:47 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-06-15 09:32 . 2011-06-15 09:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-06-15 09:26 . 2011-06-15 09:26 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-06-15 09:24 . 2011-06-15 09:24 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-06-15 09:20 . 2011-06-15 09:20 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
+ 2011-06-15 09:45 . 2011-06-15 09:45 21728768 c:\windows\assembly\NativeImages_v2.0.50727_32\Act.UI\c2db7045ebefc89416e31767475bd3f0\Act.UI.ni.dll
.

 

[rjtj32]

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [6/15/2011 11:45 AM 49152]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 1:38 PM 366640]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 1:37 PM 22712]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
.
2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-06-16 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-06-16 10:21:36
ComboFix-quarantined-files.txt 2011-06-16 14:21
ComboFix2.txt 2011-06-06 17:17
ComboFix3.txt 2011-06-04 03:33
.
Pre-Run: 32,841,347,072 bytes free
Post-Run: 32,923,766,784 bytes free
.
- - End Of File - - 0B4155E4DEF1F5EC39422440B0093468

 

[Bobbye]

Try doing a right click> Properties on each of the Network Adapters. See what the message is> Normal on the General tab is "this device is working properly." If or does not show that, note what it says, then select the Advanced tab if the device has that tab. See what the value is.
============================================
Combofix is saying the 'ndis' file is infected. This will affect the adapters. I replaced it once- let's try again.:

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::

FCopy:: c:\windows\ERDNT\cache\ndis.sys | c:\windows\system32\drivers\ndis.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================

 

[rjtj32]

The Device Status for all the Network Adapters listed say "Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)"

The only one with the advanced tab was my wireless card and here are the properties and their values

On the Advanced Tab:
802.11b Preamble - Long and Short
Map Registers - 256
Network Address - Not Present
Power Save mode - Fast PSP
Radio On/Off - On



Heres the Combofix log

ComboFix 11-06-12.04 - Rob 06/17/2011 15:40:22.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1299 [GMT -4:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-16 16:54 . 2011-06-16 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\U3
2011-06-15 15:46 . 2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2011-06-15 15:45 . 2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll
2011-06-15 15:45 . 2011-06-15 15:45 -------- d-----w- c:\program files\Belkin
2011-06-15 02:54 . 2011-06-15 08:05 -------- d--h--w- c:\windows\$hf_mig$
2011-06-15 02:50 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 13:04 . 2011-06-15 04:17 -------- d-----w- c:\windows\system32\NtmsData
2011-06-09 17:22 . 2011-06-09 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-06-09 17:21 . 2011-06-09 17:21 -------- d-----w- c:\program files\Common Files\HP
2011-06-09 17:20 . 2011-06-09 17:20 -------- d-----w- c:\program files\Hewlett-Packard
2011-06-09 17:19 . 2007-10-31 00:22 303104 ----a-w- c:\windows\system32\hpovst14.dll
2011-06-09 17:19 . 2007-10-31 00:22 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2011-06-09 17:19 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-06-09 17:19 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-06-09 17:19 . 2007-10-31 00:22 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2011-06-09 17:18 . 2011-06-09 17:22 -------- d-----w- c:\program files\HP
2011-06-09 15:14 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-08 12:24 . 2011-06-08 12:24 -------- d-----w- C:\_OTM
2011-06-06 17:35 . 2011-06-06 17:35 -------- d-----w- c:\program files\ESET
2011-06-06 15:16 . 2011-06-06 15:16 -------- d-----w- c:\documents and settings\Rob\Application Data\Avira
2011-06-06 15:13 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-06 15:13 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-06 15:13 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-06 15:13 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\program files\Avira
2011-06-06 15:13 . 2011-06-06 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-05 17:38 . 2011-06-05 17:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2011-06-05 17:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:37 . 2011-06-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-05 17:37 . 2011-06-14 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 17:37 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 23:25 . 2011-06-17 15:19 -------- d-----w- c:\windows\system32\wbem\Logs
2011-06-04 13:03 . 2011-06-04 13:03 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-04 12:54 . 2011-06-06 15:06 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-04 12:52 . 2011-06-04 12:52 -------- d-----w- c:\program files\AVG
2011-06-04 12:46 . 2011-06-06 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-03 20:04 . 2011-06-03 20:04 54016 ----a-w- c:\windows\system32\drivers\cspbefgt.sys
2011-06-03 19:38 . 2011-06-03 19:38 2 --shatr- c:\windows\winstart.bat
2011-06-03 19:37 . 2011-06-04 13:27 -------- d-----w- c:\program files\UnHackMe
2011-06-03 19:08 . 2011-06-03 19:08 388096 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-03 19:08 . 2011-06-03 19:08 -------- d-----w- c:\program files\Trend Micro
2011-06-03 12:01 . 2011-06-03 12:01 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2011-06-03 12:01 . 2011-06-03 12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 03:01 . 2011-06-03 03:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-06-03 01:06 . 2011-06-03 01:06 -------- d-----w- C:\AVGTemp
2011-06-02 02:44 . 2011-05-28 20:47 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-06-02 02:44 . 2011-06-02 02:45 -------- d-----w- c:\program files\Soluto
2011-06-02 02:43 . 2011-06-02 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2011-06-01 23:24 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-01 23:23 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-01 23:19 . 2011-06-02 12:31 -------- d-----w- c:\documents and settings\Rob\Application Data\IObit
2011-06-01 23:19 . 2011-06-01 23:22 -------- d-----w- c:\program files\IObit
2011-06-01 16:00 . 2011-06-01 16:00 -------- d-----w- c:\documents and settings\Rob\Application Data\HPAppData
2011-05-28 20:16 . 2011-05-28 20:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-26 00:09 . 2011-05-26 00:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 20:04 . 2011-06-03 20:04 194 ----a-w- c:\windows\Fonts\cqhr
2011-05-02 15:31 . 2010-02-04 16:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-27 23:37 . 2011-03-26 02:43 69632 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{A7D66EC2-0424-4715-9F2F-4655B6212C34}\BlackBerry.exe
2011-03-19 20:17 . 2011-03-19 20:17 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SD_OLD\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
.
c:\windows\System32\drivers\ndis.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2011-06-16_14.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-16 16:54 . 2011-06-16 16:54 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
+ 2011-06-16 16:54 . 2011-06-16 16:54 109056 c:\windows\Installer\84887a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2011-6-16 22486]
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^-^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\-\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
backup=c:\windows\pss\LoopBe1 Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-10-24 04:18 393216 ------w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-10-24 03:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-02-12 18:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.

 

[rjtj32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-11-26 02:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 16:31 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogcsn]
2009-12-10 14:12 625184 ----a-w- c:\program files\Starfield\Desktop Calendar Tools\OutSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-08-15 16:03 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 00:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 03:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]
2010-07-07 16:33 1076432 ----a-w- c:\program files\Starfield\wben.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 1:45 PM 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/1/2011 7:23 PM 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/1/2011 7:19 PM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2011 11:14 AM 136360]
R2 BLKWLDESKTOP;Belkin Wireless Desktop Card Service;c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe [6/15/2011 11:45 AM 49152]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/1/2011 7:23 PM 821080]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/5/2011 1:38 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/5/2011 1:37 PM 22712]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [6/1/2011 10:44 PM 51144]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [5/28/2011 5:03 PM 364576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2010 9:01 PM 136176]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S3 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/1/2011 7:23 PM 30368]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/1/2011 7:23 PM 16080]
S3 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [10/12/2009 12:33 PM 46824]
S4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [4/16/2010 12:19 PM 103800]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/1/2011 7:23 PM 239472]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:46]
.
2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 01:01]
.
2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1202660629-839522115-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-06-17 c:\windows\Tasks\User_Feed_Synchronization-{61C25F6A-AC62-4F6F-AEE5-4C47DB6DA5CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-06-17 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-02-27 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://securitysolution2011win.com/uninstall.php?machine=4kensaeqeo49
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qtace09p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 16:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(6360)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-06-17 16:07:14
ComboFix-quarantined-files.txt 2011-06-17 20:07
ComboFix2.txt 2011-06-16 14:21
ComboFix3.txt 2011-06-06 17:17
ComboFix4.txt 2011-06-04 03:33
.
Pre-Run: 32,862,179,328 bytes free
Post-Run: 32,838,852,608 bytes free
.
- - End Of File - - DD9AAE24AD4EB975C834485F845728D6

 

[Bobbye]

Still getting this: c:\windows\System32\drivers\ndis.sys ... is missing !!

You are going to need to run the System File Checker:
Have your Windows XP installation CD ready, so that you can it insert it if you are prompted to do so.

• Click on Staet> Run> type in sfc /scannow (note there is a space between SFC and the forward slash)> enter.
• Follow any instructions on the screen.
• SFC should close when finished.
• Reboot the computer.

I tried twice to replace the file from you system and didn't succeed. So I'm sure you're need the CD for the OS.
=======================================
I noticed this> Did you add this?
2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
Related to mdc8021x.sys IEEE 802.1X Protocol Driver from Meetinghouse Data Communications.
You left this description:

On the Advanced Tab:
802.11b Preamble - Long and Short
Map Registers - 256
Network Address - Not Present
Power Save mode - Fast PSP
Radio On/Off - On

Did you attemt to update this?
2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll> Belkin Wireless A/G Desktop Network Card Driver
============================
There is also a deletion in Combofix indicating you may have used an infected Flash drive. What is Drive F?

.

 

[rjtj32]

Still getting this: c:\windows\System32\drivers\ndis.sys ... is missing !!

You are going to need to run the System File Checker:
Have your Windows XP installation CD ready, so that you can it insert it if you are prompted to do so.

• Click on Staet> Run> type in sfc /scannow (note there is a space between SFC and the forward slash)> enter.
• Follow any instructions on the screen.
• SFC should close when finished.
• Reboot the computer.

I tried twice to replace the file from you system and didn't succeed. So I'm sure you're need the CD for the OS.
=======================================
I noticed this> Did you add this?
2011-06-15 15:46 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
Related to mdc8021x.sys IEEE 802.1X Protocol Driver from Meetinghouse Data Communications.
You left this description:

Did you attemt to update this?
2004-04-30 19:12 40960 ----a-w- c:\windows\system32\Bknpci.dll> Belkin Wireless A/G Desktop Network Card Driver
============================
There is also a deletion in Combofix indicating you may have used an infected Flash drive. What is Drive F?

.

I ran that scan with my installation cd when prompted and it finished and I rebooted. Still same error for adapters.

as for your other 2 questions I don't remember adding or updating those things. At least not recently since I've been having problems with my computer.