Google redirects and system freezes.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
Hello, I just got hit with what I think came from one of those Megaupload ads that have the Java exploit embedded in it. I can't seem to shake it and it's getting pretty aggravating. Here are the symptoms:
- System freezes within two or three minutes on startup unless I disconnect the internet
- System is incredibly slow, CPU usage is at 100% at all times, long loads for everything
- AVG will not load properly at system start up
- Google redirects to various ad websites
- System hangs at "saving your settings" when shutting down
- Intel Active Monitor provides no information on system internals when loaded

Occasionally the system will remain stable if I start it without the internet connected and then connect it later. This at least allows me to run scans and check the internet. However, if left on for much longer than an hour the system will freeze regardless of what is running. I am including my HJT log. Thank you for reading. This is quickly turning into a nightmare.

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:27 AM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINNT\System32\hphmon04.exe
C:\WINNT\System32\ezSP_Px.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: dll
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://putfile.com/includes/ImageUploader4.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 13649 bytes
 
Joined
Oct 12, 2008
Messages
2,392
Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
Thanks for your help. Here is the log:



11:14:46:702 3916 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
11:14:46:702 3916 ================================================================================
11:14:46:702 3916 SystemInfo:

11:14:46:702 3916 OS Version: 5.1.2600 ServicePack: 3.0
11:14:46:702 3916 Product type: Workstation
11:14:46:702 3916 ComputerName: GAMEROOM
11:14:46:702 3916 UserName: Owner
11:14:46:702 3916 Windows directory: C:\WINNT
11:14:46:702 3916 Processor architecture: Intel x86
11:14:46:702 3916 Number of processors: 2
11:14:46:702 3916 Page size: 0x1000
11:14:46:702 3916 Boot type: Normal boot
11:14:46:702 3916 ================================================================================
11:14:47:014 3916 Initialize success
11:14:47:014 3916
11:14:47:014 3916 Scanning Services ...
11:14:47:795 3916 Raw services enum returned 407 services
11:14:47:826 3916
11:14:47:826 3916 Scanning Drivers ...
11:14:48:342 3916 a347bus (1f61cacacb521215f39061789147968c) C:\WINNT\system32\DRIVERS\a347bus.sys
11:14:48:420 3916 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINNT\system32\Drivers\a347scsi.sys
11:14:48:561 3916 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINNT\system32\drivers\ac97intc.sys
11:14:48:639 3916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\DRIVERS\ACPI.sys
11:14:48:701 3916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\drivers\ACPIEC.sys
11:14:48:748 3916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINNT\system32\DRIVERS\adpu160m.sys
11:14:48:811 3916 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINNT\system32\drivers\aeaudio.sys
11:14:48:889 3916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
11:14:48:936 3916 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINNT\System32\drivers\afd.sys
11:14:49:029 3916 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINNT\system32\drivers\AFS2K.sys
11:14:49:076 3916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\system32\DRIVERS\agp440.sys
11:14:49:310 3916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys
11:14:49:482 3916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
11:14:49:545 3916 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINNT\system32\DRIVERS\atapi.sys
11:14:49:654 3916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
11:14:49:732 3916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
11:14:49:826 3916 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINNT\System32\Drivers\avgldx86.sys
11:14:49:888 3916 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINNT\System32\Drivers\avgmfx86.sys
11:14:49:951 3916 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINNT\System32\Drivers\avgtdix.sys
11:14:49:998 3916 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINNT\System32\Drivers\BANTExt.sys
11:14:50:060 3916 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINNT\system32\DRIVERS\BCMDM.sys
11:14:50:154 3916 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\WINNT\system32\drivers\bdfm.sys
11:14:50:216 3916 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\WINNT\system32\drivers\bdfsfltr.sys
11:14:50:310 3916 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
11:14:50:357 3916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
11:14:50:419 3916 BRIDGE (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINNT\system32\DRIVERS\bridge.sys
11:14:50:435 3916 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINNT\system32\DRIVERS\bridge.sys
11:14:50:576 3916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
11:14:50:685 3916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
11:14:50:747 3916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
11:14:50:810 3916 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINNT\system32\drivers\Cdr4_xp.sys
11:14:50:857 3916 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINNT\system32\drivers\Cdralw2k.sys
11:14:50:904 3916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
11:14:50:966 3916 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINNT\system32\drivers\cdudf_xp.sys
11:14:51:138 3916 COMMONFX.DLL (94bf63b33483789c053626ce09f96424) C:\WINNT\system32\COMMONFX.DLL
11:14:51:247 3916 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINNT\system32\CT20XUT.DLL
11:14:51:325 3916 ctac32k (be3b26df6c5cee52ac6574cf0af07acd) C:\WINNT\system32\drivers\ctac32k.sys
11:14:51:404 3916 ctaud2k (382251387a959f0d3cd20b98d263174d) C:\WINNT\system32\drivers\ctaud2k.sys
11:14:51:466 3916 CTAUDFX.DLL (8dda6080c48be400223ab6aa0580c25f) C:\WINNT\system32\CTAUDFX.DLL
11:14:51:544 3916 ctdvda2k (6780608bb5d391161aa70c6db8e004b8) C:\WINNT\system32\drivers\ctdvda2k.sys
11:14:51:638 3916 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINNT\system32\CTEAPSFX.DLL
11:14:51:716 3916 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINNT\system32\CTEDSPFX.DLL
11:14:51:841 3916 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINNT\system32\CTEDSPIO.DLL
11:14:52:091 3916 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINNT\system32\CTEDSPSY.DLL
11:14:52:263 3916 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINNT\system32\CTERFXFX.DLL
11:14:52:356 3916 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINNT\system32\CTEXFIFX.DLL
11:14:52:419 3916 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINNT\system32\CTHWIUT.DLL
11:14:52:497 3916 ctprxy2k (2837eaee69a322005722a9881f2371a5) C:\WINNT\system32\drivers\ctprxy2k.sys
11:14:52:559 3916 CTSBLFX.DLL (6e7fee4a22bd76b850d58fca13616bf5) C:\WINNT\system32\CTSBLFX.DLL
11:14:52:622 3916 ctsfm2k (fb5642c8bf5804dbed0cb7562fe3c4b5) C:\WINNT\system32\drivers\ctsfm2k.sys
11:14:52:809 3916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
11:14:52:887 3916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
11:14:52:966 3916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\drivers\dmio.sys
11:14:53:012 3916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
11:14:53:059 3916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
11:14:53:153 3916 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINNT\system32\DRIVERS\hphid411.sys
11:14:53:215 3916 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINNT\system32\DRIVERS\hphipr11.sys
11:14:53:247 3916 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINNT\system32\Drivers\hphs2k11.sys
11:14:53:294 3916 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINNT\system32\drivers\hphius11.sys
11:14:53:356 3916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
11:14:53:403 3916 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINNT\system32\drivers\dvd_2K.sys
11:14:53:481 3916 E100B (98b46b331404a951cabad8b4877e1276) C:\WINNT\system32\DRIVERS\e100b325.sys
11:14:53:528 3916 emupia (7c45da777832884fab03bf6af27262d5) C:\WINNT\system32\drivers\emupia2k.sys
11:14:53:590 3916 ENTECH (bdd170fecb0e496a914318009d85b819) C:\WINNT\system32\DRIVERS\ENTECH.SYS
11:14:53:637 3916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
11:14:53:668 3916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\DRIVERS\fdc.sys
11:14:53:700 3916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
11:14:53:762 3916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\DRIVERS\flpydisk.sys
11:14:53:809 3916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
11:14:53:872 3916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
11:14:53:903 3916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
11:14:53:965 3916 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINNT\system32\DRIVERS\gameenum.sys
11:14:54:028 3916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
11:14:54:090 3916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
11:14:54:168 3916 GTWModem (2b34e4aacb5734bfd663c803335b11ea) C:\WINNT\system32\DRIVERS\GWMDM.sys
11:14:54:262 3916 ha10kx2k (d835a46eb92bddfdd77b411204db3803) C:\WINNT\system32\drivers\ha10kx2k.sys
11:14:54:309 3916 hap16v2k (d1cba647e9e3b8c13b189b278c240804) C:\WINNT\system32\drivers\hap16v2k.sys
11:14:54:356 3916 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINNT\system32\drivers\hap17v2k.sys
11:14:54:418 3916 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
11:14:54:528 3916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
11:14:54:621 3916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
11:14:54:668 3916 iaStor (18e3972d9632485d80d609d4674f9d83) C:\WINNT\system32\DRIVERS\iaStor.sys
11:14:54:699 3916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
11:14:54:746 3916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINNT\system32\DRIVERS\intelide.sys
11:14:54:793 3916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
11:14:54:856 3916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
11:14:54:918 3916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
11:14:54:965 3916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
11:14:55:012 3916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
11:14:55:074 3916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
11:14:55:121 3916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
11:14:55:168 3916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys
11:14:55:215 3916 Jukebox3 (7c9259e4d0e98c99e30d7d8f0e548cff) C:\WINNT\system32\DRIVERS\ctpdusb.sys
11:14:55:277 3916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
11:14:55:309 3916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINNT\system32\DRIVERS\kbdhid.sys
11:14:55:371 3916 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINNT\system32\drivers\klmd.sys
11:14:55:434 3916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
11:14:55:496 3916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
11:14:55:543 3916 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINNT\system32\DRIVERS\Lbd.sys
11:14:55:621 3916 LCcfltr (8d26e30c111288f6f12e1903adddd3fb) C:\WINNT\system32\Drivers\LCcFltr.Sys
11:14:55:668 3916 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINNT\system32\Drivers\LHidUsb.Sys
11:14:55:715 3916 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINNT\system32\drivers\mmc_2K.sys
11:14:55:762 3916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
11:14:55:824 3916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
11:14:55:887 3916 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINNT\system32\drivers\MODEMCSA.sys
11:14:55:918 3916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
11:14:55:949 3916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
11:14:55:965 3916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
11:14:56:027 3916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
11:14:56:074 3916 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINNT\system32\DRIVERS\mrxsmb.sys
11:14:56:136 3916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
11:14:56:183 3916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
11:14:56:215 3916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
11:14:56:246 3916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
11:14:56:308 3916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
11:14:56:340 3916 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys
11:14:56:402 3916 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINNT\system32\drivers\MxlW2k.sys
11:14:56:480 3916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
11:14:56:511 3916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys
11:14:56:558 3916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
11:14:56:589 3916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
11:14:56:621 3916 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINNT\system32\drivers\NDProxy.sys
11:14:56:668 3916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
11:14:56:699 3916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
11:14:56:777 3916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys
11:14:56:839 3916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
11:14:56:917 3916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
11:14:56:964 3916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
11:14:57:214 3916 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINNT\system32\DRIVERS\nv4_mini.sys
11:14:57:308 3916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
11:14:57:370 3916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
11:14:57:417 3916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys
11:14:57:480 3916 ossrv (b03666648f0af986b964346cb45c06db) C:\WINNT\system32\drivers\ctoss2k.sys
11:14:57:558 3916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\DRIVERS\parport.sys
11:14:57:574 3916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
11:14:57:636 3916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
11:14:57:777 3916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys
11:14:57:823 3916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
11:14:57:870 3916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\drivers\Pcmcia.sys
11:14:58:089 3916 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINNT\system32\drivers\PfModNT.sys
11:14:58:167 3916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
11:14:58:214 3916 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINNT\system32\DRIVERS\processr.sys
11:14:58:292 3916 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
11:14:58:339 3916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINNT\system32\DRIVERS\psched.sys
11:14:58:401 3916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
11:14:58:464 3916 pwd_2k (1840112f3f3b7ece84dbbd93a70c4135) C:\WINNT\system32\drivers\pwd_2k.sys
11:14:58:526 3916 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINNT\system32\DRIVERS\PxHelp20.sys
11:14:58:683 3916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
11:14:58:714 3916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
11:14:58:761 3916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
11:14:58:808 3916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
11:14:58:870 3916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
11:14:58:933 3916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
11:14:58:979 3916 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys
11:14:59:026 3916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys
11:14:59:120 3916 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:14:59:151 3916 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:14:59:214 3916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
11:14:59:276 3916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINNT\system32\DRIVERS\serenum.sys
11:14:59:307 3916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\DRIVERS\serial.sys
11:14:59:354 3916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys
11:14:59:417 3916 SIODRV (20f6649d168567a66c25662171bf4fe8) C:\WINNT\system32\drivers\SIODRV.SYS
11:14:59:464 3916 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINNT\system32\DRIVERS\SMBios.sys
11:14:59:495 3916 smbusp (067114712715d88e1fccaba33e418e24) C:\WINNT\system32\DRIVERS\smb.sys
11:14:59:573 3916 smwdm (eba50c8f7efd8178e8c4bde6b74e744c) C:\WINNT\system32\drivers\smwdm.sys
11:14:59:651 3916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
11:14:59:729 3916 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINNT\system32\Drivers\sptd.sys
11:14:59:807 3916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
11:14:59:854 3916 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINNT\system32\DRIVERS\srv.sys
11:14:59:932 3916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
11:14:59:979 3916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
11:15:00:135 3916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
11:15:00:213 3916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
11:15:00:276 3916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
11:15:00:338 3916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
11:15:00:385 3916 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
11:15:00:432 3916 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINNT\system32\drivers\tiehdusb.sys
11:15:00:573 3916 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
11:15:00:635 3916 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINNT\system32\drivers\UdfReadr_xp.sys
11:15:00:682 3916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
11:15:00:729 3916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINNT\system32\DRIVERS\ultra.sys
11:15:00:807 3916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
11:15:00:885 3916 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINNT\system32\Drivers\usbaapl.sys
11:15:00:948 3916 usbaudio (e919708db44ed8543a7c017953148330) C:\WINNT\system32\drivers\usbaudio.sys
11:15:01:010 3916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
11:15:01:057 3916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
11:15:01:104 3916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys
11:15:01:151 3916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
11:15:01:197 3916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
11:15:01:260 3916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys
11:15:01:291 3916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
11:15:01:307 3916 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINNT\system32\DRIVERS\viaide.sys
11:15:01:354 3916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
11:15:01:401 3916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
11:15:01:463 3916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
11:15:01:510 3916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINNT\System32\drivers\ws2ifsl.sys
11:15:01:557 3916 WudfPf (443f0a35cb3be5d176053da39157a898) C:\WINNT\system32\DRIVERS\WudfPf.sys
11:15:01:557 3916
11:15:01:557 3916 Completed
11:15:01:572 3916
11:15:01:572 3916 Results:
11:15:01:572 3916 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:15:01:572 3916 File objects infected / cured / cured on reboot: 0 / 0 / 0
11:15:01:572 3916
11:15:01:572 3916 KLMD(ARK) unloaded successfully
 
Joined
Oct 12, 2008
Messages
2,392
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
ComboFix detected rootkit activity and rebooted the machine. The system stalled at "saving your settings" but after a manual restart ComboFix continued running. I have attached the log to this post.
 

Attachments

Joined
Oct 12, 2008
Messages
2,392
can you post this log, C:\qoobox\combofix

then do this

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
Here is the ComboFix log from the Qoobox directory. This is from the first time I ran ComboFix about a week ago while combating this same problem. Everything seemed to be cleared up after that until just a day or two ago when I was either reinfected or the same thing cropped up again, which is why I am now here. I noticed the original ComboFix log does not show the rootkit infection, which makes me wonder if this is a separate infection but with the same symptoms? I'm not as adept at interpreting the logs so I figured I should get some professional guidance from here on out.

Either way, I've included the log and will begin the mbr fix. Thanks again for your patience and wisdom.
 

Attachments

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
I ran the fix you posted, it deleted the HelpAssistant directory and removed the hidden rootkit. Upon restart the system seems to be in normal condition. CPU usage is at a steady 0%, Intel Active Monitor is properly displaying system internals, Google has not redirected, and the system seems much faster. I am including the fix log and will await any further instructions. So far, so good :)
 

Attachments

Joined
Oct 12, 2008
Messages
2,392
progress :)

don't attach the logs by the way

download combofix again, run it, post that log
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
I restarted the computer and the system no longer hangs at "Saving your settings". Started fine, loaded normal apps as quickly as ever. Just finished running ComboFix and have included the log. It did not detect any rootkits and everything looks clean to me. In the meantime I have removed all old versions of Adobe Reader and Java and installed the latest versions, disabled Java in IE and Firefox, and installed the Noscript add-on in Firefox to prevent future exploits. I have also had System Restore off the entire time to prevent this thing from duplicating itself. At what point should I be alright to turn it back on and create a new restore point?







ComboFix 10-06-09.01 - Owner 06/09/2010 21:47:49.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1433 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-09 23:21 . 2007-12-17 03:00 143872 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-06-09 23:21 . 2007-01-11 03:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-06-09 22:59 . 2010-06-09 22:59 -------- d-----w- c:\documents and settings\Owner\Application Data\EPSON
2010-06-09 22:44 . 2008-04-13 17:47 25856 ----a-w- c:\winnt\system32\drivers\usbprint.sys
2010-06-09 22:38 . 2010-06-09 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-06-09 22:37 . 2008-11-17 04:00 342016 ----a-w- c:\winnt\system32\eswiaud.dll
2010-06-09 22:37 . 2010-06-09 22:37 -------- d-----w- c:\program files\epson
2010-06-09 20:37 . 2010-06-09 20:38 -------- d-----w- c:\program files\SpywareGuard
2010-06-09 19:02 . 2010-06-09 19:02 -------- d-----w- C:\HelpAsst_backup
2010-06-09 03:18 . 2010-04-29 19:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-06-09 03:18 . 2010-04-29 19:39 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-06-09 03:03 . 2010-06-09 03:06 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-09 03:03 . 2010-06-09 03:03 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-09 03:03 . 2010-06-09 03:06 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-09 03:02 . 2010-06-09 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-09 03:02 . 2010-06-09 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-09 03:02 . 2010-06-09 03:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-08 01:48 . 2010-06-08 01:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-06-08 01:48 . 2010-06-08 01:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-07 23:31 . 2010-06-08 00:55 15944 ----a-w- c:\winnt\system32\drivers\hitmanpro35.sys
2010-06-07 23:23 . 2010-06-08 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-07 23:23 . 2010-06-07 23:23 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-01 02:01 . 2010-06-01 02:01 -------- d-----w- c:\winnt\system32\wbem\Repository
2010-06-01 02:01 . 2010-06-01 02:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-01 01:19 . 2010-06-01 02:01 -------- d-----w- c:\program files\Common Files\Adobe AIR(2)
2010-06-01 01:15 . 2010-06-01 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-01 00:10 . 2010-06-10 01:38 81984 ----a-w- c:\winnt\system32\bdod.bin
2010-05-31 22:25 . 2010-05-31 22:25 -------- d-----w- c:\documents and settings\Owner\Application Data\BitDefender
2010-05-31 22:24 . 2010-05-31 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-05-31 22:24 . 2010-05-31 22:24 -------- d-----w- c:\program files\BitDefender
2010-05-31 22:23 . 2010-05-31 22:24 -------- d-----w- c:\program files\Common Files\BitDefender
2010-05-31 21:49 . 2010-05-31 17:27 15880 ----a-w- c:\winnt\system32\lsdelete.exe
2010-05-31 17:28 . 2010-02-04 15:53 64288 ----a-w- c:\winnt\system32\drivers\Lbd.sys
2010-05-31 17:28 . 2010-05-31 17:27 95024 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2010-05-31 16:52 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-05-31 14:04 . 2010-05-31 16:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-31 02:34 . 2010-05-31 02:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-05-31 02:33 . 2010-05-31 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-31 02:33 . 2010-06-09 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 01:31 . 2010-05-26 01:31 51792 ---ha-w- c:\winnt\system32\mlfcache.dat
2010-05-24 21:25 . 2010-05-24 21:25 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20e8f561-n\decora-sse.dll
2010-05-24 21:25 . 2010-05-24 21:25 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10b5c3bb-n\msvcp71.dll
2010-05-24 21:25 . 2010-05-24 21:25 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10b5c3bb-n\jmc.dll
2010-05-24 21:25 . 2010-05-24 21:25 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-10b5c3bb-n\msvcr71.dll
2010-05-24 21:25 . 2010-05-24 21:25 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20e8f561-n\decora-d3d.dll
2010-05-17 16:28 . 2010-05-17 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-05-15 20:48 . 2010-05-24 23:35 -------- d-----w- c:\program files\iTunes Library Updater
2010-05-15 20:31 . 2010-05-15 20:31 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2010-05-15 18:55 . 2010-05-15 18:55 -------- d-----w- c:\program files\iPod
2010-05-15 18:54 . 2010-05-15 20:31 -------- d-----w- c:\program files\iTunes
2010-05-15 18:54 . 2010-05-15 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-15 18:43 . 2010-05-15 18:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2010-05-15 17:59 . 2010-05-15 17:59 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-15 17:59 . 2010-05-15 17:59 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-15 17:58 . 2010-05-22 17:54 -------- d-----w- c:\program files\MSECACHE
2010-05-15 17:34 . 2010-06-09 23:17 -------- dc----w- c:\winnt\system32\DRVSTORE
2010-05-15 17:34 . 2010-04-16 12:33 41472 ----a-w- c:\winnt\system32\drivers\usbaapl.sys
2010-05-15 17:34 . 2010-04-16 12:33 3003680 ----a-w- c:\winnt\system32\usbaaplrc.dll
2010-05-15 17:34 . 2010-05-15 17:34 -------- d-----w- c:\program files\Bonjour
2010-05-15 17:33 . 2010-05-15 18:55 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 17:33 . 2010-05-15 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-14 18:07 . 2010-06-10 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\PodPuppy
2010-05-14 18:06 . 2010-05-14 18:06 -------- d-----w- c:\program files\PodPuppy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 01:39 . 2008-03-23 21:30 288 ----a-w- c:\winnt\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2010-06-10 01:39 . 2008-03-23 21:30 288 ----a-w- c:\winnt\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2010-06-10 00:31 . 2003-11-26 00:29 42852 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-06-09 23:44 . 2009-11-25 03:06 -------- d-----w- c:\program files\Paint.NET
2010-06-09 22:39 . 2010-06-09 22:39 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-06-09 22:24 . 2009-11-25 21:45 -------- d-----w- c:\program files\JDownloader
2010-06-09 22:23 . 2009-12-17 04:30 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-06-09 19:22 . 2010-05-31 17:28 0 ----a-w- c:\documents and settings\Owner\ntuser.tmp
2010-06-09 04:13 . 2003-09-15 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-09 00:16 . 2004-01-26 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-09 00:16 . 2003-07-08 13:15 -------- d-----w- c:\program files\Viewpoint
2010-06-08 03:14 . 2003-10-04 22:47 -------- d-----w- c:\program files\AIM
2010-06-08 02:17 . 2010-05-01 03:48 411368 ----a-w- c:\winnt\system32\deployJava1.dll
2010-06-08 02:01 . 2004-09-03 02:39 -------- d-----w- c:\program files\Java
2010-06-07 22:59 . 2008-04-16 01:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-07 22:59 . 2006-01-19 22:11 -------- d-----w- c:\program files\SpywareBlaster
2010-06-02 22:14 . 2008-06-22 16:01 242896 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2010-06-02 22:13 . 2007-03-02 06:15 29584 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2010-06-01 21:21 . 2009-04-15 19:13 146312 ----a-w- c:\winnt\system32\drivers\bdfm.sys
2010-06-01 21:20 . 2004-12-14 23:38 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2010-06-01 02:13 . 2003-07-08 13:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-31 16:53 . 2003-09-19 22:28 -------- d-----w- c:\program files\Lavasoft
2010-05-31 01:32 . 2006-10-22 06:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-05-29 03:44 . 2005-04-02 19:26 -------- d-----w- c:\program files\Soulseek
2010-05-28 22:56 . 2005-01-14 21:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-25 04:50 . 2003-12-28 18:25 -------- d-----w- c:\program files\TES_Map
2010-05-22 17:56 . 2005-10-15 20:47 -------- d-----w- c:\program files\atmospherelite
2010-05-22 17:56 . 2006-03-24 01:06 -------- d-----w- c:\program files\Media Catalog Studio
2010-05-17 16:27 . 2006-07-21 18:20 -------- d-----w- c:\program files\Soulseek-Test
2010-05-15 20:31 . 2009-06-19 01:08 275 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2010-05-15 18:54 . 2005-09-10 17:52 -------- d-----w- c:\program files\QuickTime
2010-05-15 18:43 . 2006-09-16 17:10 -------- d-----w- c:\program files\Apple Software Update
2010-05-01 03:49 . 2010-05-01 03:49 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-400d455d-n\msvcp71.dll
2010-05-01 03:49 . 2010-05-01 03:49 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-400d455d-n\jmc.dll
2010-05-01 03:49 . 2010-05-01 03:49 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-400d455d-n\msvcr71.dll
2010-05-01 03:49 . 2010-05-01 03:49 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d387eb8-n\decora-sse.dll
2010-05-01 03:49 . 2010-05-01 03:49 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3d387eb8-n\decora-d3d.dll
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 20:53 . 2010-04-25 20:53 323624 ----a-w- c:\winnt\system32\wiaaut.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\winnt\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2010-03-16 16:55 . 2010-03-16 16:55 12464 ----a-w- c:\winnt\system32\avgrsstx.dll
2010-03-16 16:53 . 2008-06-22 16:01 216200 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2006-03-11 03:01 . 2006-03-11 03:02 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\ERDNT\cache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys

[-] 2003-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\ERDNT\cache\beep.sys
[-] 2003-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2003-04-15 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys
[-] 2003-04-15 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\winnt\system32\ReinstallBackups\0015\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\winnt\system32\ReinstallBackups\0017\DriverFiles\i386\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\winnt\system32\ReinstallBackups\0020\DriverFiles\i386\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys
[-] 2003-04-15 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallKB826942$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys

[-] 2003-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\ERDNT\cache\null.sys
[-] 2003-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2003-04-15 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\winnt\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\winnt\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\winnt\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\winnt\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\winnt\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\winnt\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll
[-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\winnt\$NtUninstallKB842773$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\winnt\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB873333$\rpcss.dll
[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\winnt\$NtUninstallKB828741$\rpcss.dll
[-] 2003-04-15 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallKB826939$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\ERDNT\cache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\winnt\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\winnt\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\winnt\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\dllcache\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\system32\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\winnt\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-04-15 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallQ817287$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-04-15 13:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\winnt\$NtUninstallKB828741$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\dllcache\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\winnt\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll

[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\winnt\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3GDR\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\winnt\system32\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\winnt\system32\dllcache\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\winnt\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\winnt\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\winnt\ERDNT\cache\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\winnt\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\winnt\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\winnt\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\winnt\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\winnt\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\winnt\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\winnt\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\winnt\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\winnt\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\winnt\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\winnt\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\winnt\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\winnt\ie8\mshtml.dll
[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\winnt\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\winnt\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\winnt\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\winnt\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\winnt\$NtServicePackUninstall$\mshtml.dll
[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\winnt\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\winnt\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\winnt\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\winnt\$NtUninstallKB963027$\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\winnt\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . 9C2C058E341E6B627789EF88D3B98445 . 3059712 . . [6.00.2900.3462] . . c:\winnt\$NtUninstallKB960714_0$\mshtml.dll
[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\winnt\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\winnt\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\winnt\$NtUninstallKB960714$\mshtml.dll
[-] 2008-08-20 . B83EB71C2052E05D13D690A224357441 . 3060224 . . [6.00.2900.3429] . . c:\winnt\$NtUninstallKB958215_0$\mshtml.dll
[-] 2008-08-20 . 20D44D1A5A406CD8E129D3D4F0B5717C . 3067392 . . [6.00.2900.3429] . . c:\winnt\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\winnt\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\winnt\$NtUninstallKB958215$\mshtml.dll
[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\winnt\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:\winnt\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . 1FC693A4EE1D9D9CD78DDA6C87232F6F . 3067392 . . [6.00.2900.3395] . . c:\winnt\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 . 74B5A84AC8FCF52C249B74C3D2A3E7B8 . 3059712 . . [6.00.2900.3395] . . c:\winnt\$NtUninstallKB956390_0$\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\winnt\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\winnt\$NtUninstallKB956390$\mshtml.dll
[-] 2008-04-21 . C75C6AD32C28BCE0D14E1CA2AB4862DC . 3059712 . . [6.00.2900.3354] . . c:\winnt\$NtUninstallKB953838_0$\mshtml.dll
[-] 2008-04-21 . 083B967E6B0B2BB539CE6B08D45D631F . 3066880 . . [6.00.2900.3354] . . c:\winnt\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[-] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\winnt\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\winnt\$NtUninstallKB953838$\mshtml.dll
[-] 2008-04-21 . 46A61BA430110F00DD990D058AA3D054 . 3067392 . . [6.00.2900.5583] . . c:\winnt\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\winnt\$NtUninstallKB950759$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\mshtml.dll
[-] 2008-02-16 . 77DBF6075405494AD6B6A99E2C732F86 . 3059712 . . [6.00.2900.3314] . . c:\winnt\$NtUninstallKB950759_0$\mshtml.dll
[-] 2008-02-16 . 701A6798DDF875CAA3A5099EE75FD57F . 3066880 . . [6.00.2900.3314] . . c:\winnt\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[-] 2007-12-07 . DA9377A57A277170C78095C0E8BD8C85 . 3059200 . . [6.00.2900.3268] . . c:\winnt\$NtUninstallKB947864$\mshtml.dll
[-] 2007-12-07 . 8A4DD074DEC1B0C063C8493ABF654CBC . 3066368 . . [6.00.2900.3268] . . c:\winnt\$hf_mig$\KB944533\SP2QFE\mshtml.dll
[-] 2007-10-30 . DA077E334961230C12E3E4D62626286E . 3058688 . . [6.00.2900.3243] . . c:\winnt\$NtUninstallKB944533$\mshtml.dll
[-] 2007-10-30 . 79314A0A6B0DA78AFE491FF2D8B117BA . 3065856 . . [6.00.2900.3243] . . c:\winnt\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-08-22 . 591449BD8F2C8090B9259E88C78AE61D . 3058176 . . [6.00.2900.3199] . . c:\winnt\$NtUninstallKB942615$\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\winnt\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . c:\winnt\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-06-14 . F049C52772FC86FD5F6C16D77A2A6204 . 3058688 . . [6.00.2900.3157] . . c:\winnt\$NtUninstallKB939653$\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\winnt\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-05-04 . 4D92717B5BBCE85F1254BAD23B0D357C . 3058688 . . [6.00.2900.3132] . . c:\winnt\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-20 . 6B9D083C0D4C4555FE011B01A98872DA . 3056640 . . [6.00.2900.3086] . . c:\winnt\$NtUninstallKB933566$\mshtml.dll
[-] 2007-02-20 . 2991727809C7AC3A33E4178CC73244D8 . 3063296 . . [6.00.2900.3086] . . c:\winnt\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\winnt\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\winnt\$NtUninstallKB931768$\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\winnt\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\winnt\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\winnt\$NtUninstallKB925454$\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\winnt\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\winnt\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\winnt\$NtUninstallKB922760$\mshtml.dll
[-] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\winnt\$NtUninstallKB918899$\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\winnt\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\winnt\$NtUninstallKB916281$\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\winnt\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\winnt\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\winnt\$NtUninstallKB912812$\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\winnt\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-04 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\winnt\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\winnt\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\winnt\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\winnt\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\winnt\$NtUninstallKB896727$\mshtml.dll
[-] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\winnt\$NtUninstallKB883939$\mshtml.dll
[-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\winnt\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\winnt\$NtUninstallKB890923$\mshtml.dll
[-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\winnt\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\winnt\$NtUninstallKB867282$\mshtml.dll
[-] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\winnt\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB834707$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\winnt\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\winnt\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\winnt\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\winnt\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\winnt\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\winnt\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\winnt\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\winnt\$NtUninstallKB977165-v2$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\winnt\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\winnt\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\winnt\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\winnt\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\winnt\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\winnt\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\winnt\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\winnt\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\winnt\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8318ED54797F3E513FD5817A1D4BBD18 . 2136064 . . [5.1.2600.3051] . . c:\winnt\$NtUninstallKB931784_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2003-04-15 . 25A90EB7D1EEE12AB198DC9421BFA353 . 1891840 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallQ811493$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\dllcache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\dllcache\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2003-04-15 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallKB824141$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe

[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\winnt\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3GDR\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\winnt\system32\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\winnt\system32\dllcache\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\winnt\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\winnt\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\winnt\ERDNT\cache\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\winnt\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\winnt\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\winnt\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\winnt\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\winnt\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\winnt\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\winnt\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\winnt\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\winnt\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\winnt\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\winnt\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\winnt\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\winnt\ie8\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\winnt\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\winnt\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\winnt\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\winnt\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\winnt\$NtServicePackUninstall$\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\winnt\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\winnt\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\winnt\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\winnt\$NtUninstallKB963027$\wininet.dll
[-] 2008-08-20 . 87E694D09893978F22024FEEEDF35342 . 659456 . . [6.00.2900.3429] . . c:\winnt\$NtUninstallKB958215_0$\wininet.dll
[-] 2008-08-20 . C91E3A6EF094202F6B5CA8960DFCF243 . 667648 . . [6.00.2900.3429] . . c:\winnt\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\winnt\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\winnt\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\winnt\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . c:\winnt\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 . 9EEA04BC4C3FA521D256D89940FAB4DB . 659456 . . [6.00.2900.3395] . . c:\winnt\$NtUninstallKB956390_0$\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\winnt\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\winnt\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\winnt\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . 1EFB8A3EA8454AEC1BB8A240A2845598 . 659456 . . [6.00.2900.3354] . . c:\winnt\$NtUninstallKB953838_0$\wininet.dll
[-] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\winnt\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\winnt\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\winnt\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\winnt\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\winnt\$NtUninstallKB950759$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\wininet.dll
[-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . c:\winnt\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-02-16 . 0C690E77C0E924C45B4D7045B182FFF1 . 659456 . . [6.00.2900.3314] . . c:\winnt\$NtUninstallKB950759_0$\wininet.dll
[-] 2007-12-07 . 57D1B5150CF6331FAC6B3E04C1FCB966 . 659456 . . [6.00.2900.3268] . . c:\winnt\$NtUninstallKB947864$\wininet.dll
[-] 2007-12-07 . 085A7C37F9C6EDE1BA870B7DBEC06399 . 666112 . . [6.00.2900.3268] . . c:\winnt\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2007-10-11 . 2005AD86A22AEE68E21EE59F9CCB77F2 . 659456 . . [6.00.2900.3231] . . c:\winnt\$NtUninstallKB944533$\wininet.dll
[-] 2007-10-11 . 80D660A49E0D118144423099B2A9F5DA . 666112 . . [6.00.2900.3231] . . c:\winnt\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-08-22 . 1901AD51DA8BE9F8B38D5D526E5D1788 . 658944 . . [6.00.2900.3199] . . c:\winnt\$NtUninstallKB942615$\wininet.dll
[-] 2007-08-22 . A1BC17EB3758D73C3938B2318820F5B4 . 665600 . . [6.00.2900.3199] . . c:\winnt\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . c:\winnt\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-06-26 . 184E47C8F7B331025E6DC92740DB188F . 658944 . . [6.00.2900.3164] . . c:\winnt\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\winnt\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\winnt\$NtUninstallKB937143$\wininet.dll
[-] 2007-02-20 . B258C922D22DEEC880B60720531D7627 . 665600 . . [6.00.2900.3086] . . c:\winnt\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-02-20 . 30D1C47E40EFBB792FF8D3C3B51CE507 . 658944 . . [6.00.2900.3086] . . c:\winnt\$NtUninstallKB933566$\wininet.dll
[-] 2007-01-04 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\winnt\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-01-04 . 8C393DF5234CBCBFF1EE31902D6B40AE . 658944 . . [6.00.2900.3059] . . c:\winnt\$NtUninstallKB931768$\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\winnt\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 6B2735ADFF5A5D3B9130CA4A794722F0 . 658944 . . [6.00.2900.3020] . . c:\winnt\$NtUninstallKB928090$\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\winnt\$NtUninstallKB925454$\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\winnt\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\winnt\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\winnt\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\winnt\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\winnt\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\winnt\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\winnt\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\winnt\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\winnt\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\winnt\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\winnt\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\winnt\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\winnt\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-02 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\winnt\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-05-02 . 1A078AF3F85D10BA56444C23B3A18E74 . 657920 . . [6.00.2900.2668] . . c:\winnt\$NtUninstallKB896727$\wininet.dll
[-] 2005-03-10 . 6F018D6319BE4F96426EA829B79E05D5 . 656896 . . [6.00.2900.2627] . . c:\winnt\$NtUninstallKB883939$\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\winnt\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . c:\winnt\$NtUninstallKB890923$\wininet.dll
[-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\winnt\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . c:\winnt\$NtUninstallKB867282$\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\winnt\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB834707$\wininet.dll
[-] 1996-08-26 14:39 . BC06EB9D08AA7080B650A71914607A07 . 289552 . . [4.70.1157] . . c:\winnt\system\WININET.DLL

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\dllcache\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll
[-] 2003-04-15 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\winnt\$NtUninstallKB817778$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\system32\dllcache\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe
[-] 2003-04-15 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\winnt\$NtUninstallKB820291$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\winnt\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\winnt\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll
[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallKB841873$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll

[-] 2003-04-15 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\ERDNT\cache\acpiec.sys
[-] 2003-04-15 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\acpiec.sys
[-] 2003-04-15 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ERDNT\cache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\winnt\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\winnt\$NtServicePackUninstall$\mfc40u.dll
[-] 2003-04-15 13:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-04-15 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\winnt\$NtUninstallKB828035$\msgsvc.dll

[-] 2006-04-19 06:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . c:\winnt\ERDNT\cache\MsPMSNSv.dll
[-] 2006-04-19 06:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . c:\winnt\system32\MsPMSNSv.dll
[-] 2006-04-19 06:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . c:\winnt\system32\dllcache\MsPMSNSv.dll
[-] 2004-08-11 06:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\winnt\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-11 06:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\ServicePackFiles\i386\mspmsnsv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\winnt\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\winnt\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\winnt\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\winnt\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\winnt\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\winnt\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\winnt\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\winnt\ERDNT\cache\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\winnt\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\winnt\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\winnt\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\winnt\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\winnt\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . 501FDE895F35DF1DAE49FD54BBF9D396 . 2020864 . . [5.1.2600.3427] . . c:\winnt\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\winnt\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\winnt\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\winnt\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BBB2322EB14AD9AD55B1024FFD4D88BF . 2015744 . . [5.1.2600.3051] . . c:\winnt\$NtUninstallKB931784_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2003-04-15 . 71FF7EC0EEEA4896DD219C661C90DB29 . 1920512 . . [5.1.2600.1106] . . c:\winnt\$NtUninstallQ811493$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ERDNT\cache\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll
[-] 2002-12-12 05:14 . CA6CC3A47D8813208CEE02EB40DACA21 . 355328 . . [5.3.0000000.900 built by: DIRECTX] . . c:\winnt\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PodPuppy"="c:\program files\PodPuppy\PodPuppy.exe" [2008-06-03 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-05-16 13529088]
"CTHelper"="CTHELPER.EXE" [2008-07-20 28672]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 90112]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-08-06 53248]
"HPDJ Taskbar Utility"="c:\winnt\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\winnt\System32\hphmon04.exe" [2002-11-22 348160]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"ezShieldProtector for Px"="c:\winnt\System32\ezSP_Px.exe" [2002-08-20 40960]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"IMONTRAY"="c:\program files\Intel\Intel(R) Active Monitor\imontray.exe" [2005-05-03 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-05-16 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2008-07-20 49152]
"NvMediaCenter"="c:\winnt\System32\NVMCTRAY.DLL" [2008-05-16 86016]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2008-07-20 49152]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 16:55 12464 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Alert 4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PC Alert 4.lnk
backup=c:\winnt\pss\PC Alert 4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Army Men World War(TM).lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Army Men World War(TM).lnk
backup=c:\winnt\pss\Army Men World War(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^CoolMon.exe]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\CoolMon.exe
backup=c:\winnt\pss\CoolMon.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2003-03-26 16:15 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-06-01 21:21 782336 ----a-w- c:\program files\BitDefender\BitDefender 2009\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F.lux]
2009-08-29 06:00 966656 ----a-w- c:\documents and settings\Owner\Local Settings\Apps\F.lux\flux.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PodPuppy]
2008-06-03 02:22 380928 ----a-w- c:\program files\PodPuppy\PodPuppy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-18 17:26 2397424 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2006-04-07 19:02 1343488 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\ultimate doom\\ultimate.bat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18407:TCP"= 18407:TCP:BitComet 18407 TCP
"18407:UDP"= 18407:UDP:BitComet 18407 UDP

R0 a347scsi;a347scsi;c:\winnt\system32\drivers\a347scsi.sys [10/23/2005 11:20 AM 5248]
R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [5/31/2010 1:28 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [6/22/2008 12:01 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [6/22/2008 12:01 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/16/2010 12:53 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 12:54 PM 308064]
R3 bdfm;BDFM;c:\winnt\system32\drivers\bdfm.sys [4/15/2009 3:13 PM 146312]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S4 a347bus;a347bus;c:\winnt\system32\drivers\a347bus.sys [10/23/2005 11:20 AM 160640]
S4 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [1/12/2008 3:20 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:27]

2010-05-18 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8wi535pj.Test Profile\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 22:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\system32\Drivers\HNPsSdk.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1100)
c:\winnt\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
Completion time: 2010-06-09 22:10:55
ComboFix-quarantined-files.txt 2010-06-10 02:10

Pre-Run: 37,107,785,728 bytes free
Post-Run: 37,091,344,384 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=2,3,4,5,6
- - End Of File - - F7569AB3C76EB2E92113558D3E050C2A
 
Joined
Oct 12, 2008
Messages
2,392
you need to uninstall service pack 3, then re-install it


then do this

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
I tried uninstalling SP3 earlier today (running spuninst in the uninstall folder) but got an error message saying "the system could not find the specified file" when choosing to remove SP3. Apparently it was not installed properly. Shortly after I ran the standard SP3 installer from Microsoft and it installed fully without a hitch. Ran the temp file cleaner then MBAM and the Kaspersky scan, neither of which found anything. Here are the logs:




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4187

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/10/2010 2:53:21 PM
mbam-log-2010-06-10 (14-53-21).txt

Scan type: Quick scan
Objects scanned: 130204
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 10, 2010 07:44:50
Records in database: 4247200
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 180138
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:00:23


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\WINNT\Downloaded Program Files\button.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.be 1

Selected area has been scanned.
 
Joined
Oct 12, 2008
Messages
2,392
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    
    :Services
    
    :Reg
    
    :Files
    C:\WINNT\Downloaded Program Files\button.inf
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.


  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
 

qbsean10

Thread Starter
Joined
Jan 1, 2004
Messages
36
Everything seems to be in perfect working condition. I cant offer enough thanks for your help. Here is the OTM log, looks like the file was moved properly. Thanks again, it's a relief to have everything back to normal.




All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINNT\Downloaded Program Files\button.inf moved successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 67604 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 169441432 bytes
->Temporary Internet Files folder emptied: 9799347 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 86428337 bytes
->Flash cache emptied: 3178 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 281229 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 367474688 bytes

Total Files Cleaned = 604.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.12.2 log created on 06112010_193740

Files moved on Reboot...

Registry entries deleted on Reboot...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top