1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Firewall/Windows Securiy not starting?

Discussion in 'Virus & Other Malware Removal' started by BillHates, May 4, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    I am sorry but I don't know where to put this....It involves security/windows/internet!

    Ok. This is for my father's computer which is a HP Pavilion XT963 desktop computer. It was hit with a fake AVG-ish anti-virus virus/malware. I manage to clean most of the mess (I used Malwarebytes/Avira/Spyware/Smitfreudfix/Combofix/Spybot) but now the firewall and security center will not start. When I checked the status in the services it says stopped.

    When I click on the Windows Firewall icon in the control panel. I am met with a message like this..."Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?" I click yes on the message and I get another message that goes like this "Windows cannot start "Windows Firewall/Internet Connection Sharing (ICS) service." So I go into the services and try to turn on the firewall...And bam I get a "error 1068: the dependency service or group failed to start". So I am at a dead end and frustrated.

    Here's some pictures...
    This is my father's computer. This is what shows up for security center.
    [​IMG]

    And here's what mine looks like.
    [​IMG]

    I also noticed it has affected broswers (firefox and IE) on my dad's computer. It will not show certain images/backgrounds.
    Here's what the start pages look like Firefox is first and IE is second.
    [​IMG]
    [​IMG]

    Now here's what it is suppose to look like on my computer (just firefox)
    [​IMG]

    Here's what my gmail account looks like on my fathers computer
    [​IMG]

    And here is what it is suppose to look like..
    [​IMG]

    So yeah. Any help with this would be awesome. I haven't slept in 2 days so whoever helps me will be a savior.
     
  2. bicycle bill

    bicycle bill Banned

    Joined:
    Jul 11, 2003
    Messages:
    2,092
  3. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    Tried that solution. And I am still getting the same thing.
     
  4. bicycle bill

    bicycle bill Banned

    Joined:
    Jul 11, 2003
    Messages:
    2,092
  5. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    Just a question....should I be on the admin of the computer or should I be on the profile that this happened on? Would it make a difference?
     
  6. bicycle bill

    bicycle bill Banned

    Joined:
    Jul 11, 2003
    Messages:
    2,092
    Sorry my man I can't help you there. This old man is just fumbling around trying to help you. Hopefully someone
    will jump in and be able to answer your question.
     
  7. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,867
    Your Pc may still be infected - I'd post a Hijack this log in the Virus and Malware removal forum.
    Smitfreudfix/Combofix need to be used wth expert advice.
     
  8. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    Just asked the mod to move this thread...

    Logfile of HijackThis v1.99.1
    Scan saved at 1:35:14 PM, on 5/4/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Alarm Clock\AlarmMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
    C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\WINDOWS.0\tsnpstd3.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS.0\NCLAUNCH.EXe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Stickies\stickies.exe
    C:\Program Files\Alarm Clock\Alarm Tray.exe
    C:\WINDOWS.0\system32\java.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\OpenOffice.org 3\program\swriter.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    E:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Broadband Blaster User Interface] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
    O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS.0\tsnpstd3.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Show missed alarms] C:\Program Files\Alarm Clock\Alarm.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS.0\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Solitaire%20Challenge/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
    O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files\Alarm Clock\AlarmMonitor.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,918
    First Name:
    Karen
    ComboFix should not be used on your own. But since you have run it, please post the first log it generated, if you ran it more than once.

    Also, that's an older version of HijackThis so please uninstall it via the Control Panel - Add or Remove programs and then install that latest version.

    Click here to download HJTsetup.exe.
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  10. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    Sorry but I don't have the combofix log with me. I only used it once. I since then deleted the exe file.

    I will try and dl the new hijackthis program. And post a fresh log.
     
  11. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    ok here's the new hjt log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:14:30 PM, on 5/4/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Alarm Clock\AlarmMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
    C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\WINDOWS.0\tsnpstd3.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS.0\NCLAUNCH.EXe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Stickies\stickies.exe
    C:\Program Files\Alarm Clock\Alarm Tray.exe
    C:\WINDOWS.0\system32\java.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [Broadband Blaster User Interface] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
    O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS.0\tsnpstd3.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Show missed alarms] C:\Program Files\Alarm Clock\Alarm.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS.0\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-21-725345543-1004336348-2145980821-1004\..\Run: [NCLaunch] C:\WINDOWS.0\NCLAUNCH.EXe (User '?')
    O4 - HKUS\S-1-5-21-725345543-1004336348-2145980821-1004\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-725345543-1004336348-2145980821-1004\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - S-1-5-21-725345543-1004336348-2145980821-1004 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User '?')
    O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Solitaire%20Challenge/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files\Alarm Clock\AlarmMonitor.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

    --
    End of file - 8367 bytes
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,918
    First Name:
    Karen
    In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and uncheck "Use a proxy server" and check "Automatically detect settings".

    Remove the reference to 127.0.0.1:5555 under the "Use a proxy server" settings before unchecking.

    In Firefox go to Tools - Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and click on "No proxy".

    Then please do the following:

    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  13. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    Quick question should I do this as the admin or as the profile That caught the virus? I am talking about the combofix.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,918
    First Name:
    Karen
    Please do it while logged on as the user with the problem.
     
  15. BillHates

    BillHates Thread Starter

    Joined:
    Aug 25, 2002
    Messages:
    275
    I did the IE which was there. I didn't have to change the Firefox setting it was what you said it should be. Still experiencing images/backgrounds not loading.

    Here's the combofix log....

    ComboFix 10-05-04.03 - Gary 05/04/2010 16:52:29.2.1 - x86
    Running from: c:\documents and settings\Gary\Desktop\puppy.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
    .

    2010-05-04 23:13 . 2010-05-04 23:13 -------- d-----w- c:\program files\Trend Micro
    2010-05-04 19:53 . 2010-05-04 19:53 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
    2010-05-04 08:25 . 2010-05-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-04 08:25 . 2010-05-04 08:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-05-04 07:09 . 2010-05-04 07:09 -------- d-sh--w- c:\documents and settings\Gary\IECompatCache
    2010-05-03 23:06 . 2010-05-03 23:06 503808 ----a-w- c:\documents and settings\Gary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-185c7d78-n\msvcp71.dll
    2010-05-03 23:06 . 2010-05-03 23:06 348160 ----a-w- c:\documents and settings\Gary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-185c7d78-n\msvcr71.dll
    2010-05-03 23:06 . 2010-05-03 23:06 499712 ----a-w- c:\documents and settings\Gary\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-185c7d78-n\jmc.dll
    2010-05-03 23:06 . 2010-05-03 23:06 61440 ----a-w- c:\documents and settings\Gary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-265cf926-n\decora-sse.dll
    2010-05-03 23:06 . 2010-05-03 23:06 12800 ----a-w- c:\documents and settings\Gary\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-265cf926-n\decora-d3d.dll
    2010-05-03 23:06 . 2010-04-13 00:29 411368 ----a-w- c:\windows.0\system32\deployJava1.dll
    2010-05-03 22:03 . 2010-05-03 22:03 -------- d-----w- C:\VundoFix Backups
    2010-05-03 22:02 . 2010-05-03 22:03 -------- d-----w- c:\program files\Unlocker
    2010-05-03 10:19 . 2010-05-04 02:43 -------- d-----w- c:\windows.0\system32\NtmsData
    2010-05-03 09:50 . 2010-05-03 09:50 -------- d-----w- c:\documents and settings\Gary\Application Data\Avira
    2010-05-03 09:36 . 2010-03-01 16:05 124784 ----a-w- c:\windows.0\system32\drivers\avipbb.sys
    2010-05-03 09:36 . 2010-02-16 20:24 60936 ----a-w- c:\windows.0\system32\drivers\avgntflt.sys
    2010-05-03 09:36 . 2009-05-11 18:49 45416 ----a-w- c:\windows.0\system32\drivers\avgntdd.sys
    2010-05-03 09:36 . 2009-05-11 18:49 22360 ----a-w- c:\windows.0\system32\drivers\avgntmgr.sys
    2010-05-03 09:36 . 2010-05-03 09:36 -------- d-----w- c:\program files\Avira
    2010-05-03 09:36 . 2010-05-03 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-05-03 08:16 . 2010-05-03 08:16 444 ----a-w- c:\windows.0\system32\d3d8caps.dat
    2010-05-03 07:38 . 2010-05-03 07:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-05-02 23:59 . 2010-05-03 09:17 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\hfxcxfime
    2010-04-22 19:27 . 2010-04-22 19:46 -------- d-----w- c:\windows.0\SxsCaPendDel

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-04 23:29 . 2008-05-31 23:16 -------- d-----w- c:\documents and settings\Gary\Application Data\stickies
    2010-05-04 20:41 . 2008-12-23 21:56 1 ----a-w- c:\documents and settings\Gary\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-04 04:04 . 2009-08-08 05:59 2816 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-05-03 23:16 . 2008-05-31 17:56 -------- d-----w- c:\program files\Java
    2010-05-03 23:16 . 2008-05-31 17:55 -------- d-----w- c:\program files\Common Files\Java
    2010-05-03 09:44 . 2009-12-04 00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-03 09:41 . 2010-01-20 18:53 6153352 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-05-01 02:18 . 2010-03-29 18:42 439816 ----a-w- c:\documents and settings\Gary\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-29 22:39 . 2009-12-04 00:37 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
    2010-04-29 22:39 . 2009-12-04 00:37 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys
    2010-04-22 19:29 . 2008-05-31 01:36 -------- d-----w- c:\program files\AVG
    2010-04-20 23:57 . 2009-06-29 02:18 -------- d-----w- c:\documents and settings\Gary\Application Data\HPAppData
    2010-03-22 05:43 . 2009-12-26 17:39 -------- d-----w- c:\documents and settings\Gary\Application Data\HpUpdate
    2010-03-21 01:54 . 2010-03-21 01:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
    2010-03-21 01:49 . 2010-03-21 01:49 75840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-15 01:21 . 2010-03-15 01:17 23109 ----a-w- c:\windows.0\hpqins15.dat
    2010-03-10 06:15 . 2001-08-18 12:00 420352 ----a-w- c:\windows.0\system32\vbscript.dll
    2010-02-25 06:24 . 2001-08-18 12:00 916480 ----a-w- c:\windows.0\system32\wininet.dll
    2010-02-24 12:31 . 2001-08-18 12:00 454016 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
    2010-02-16 13:19 . 2001-08-18 12:00 2181376 ----a-w- c:\windows.0\system32\ntoskrnl.exe
    2010-02-16 12:39 . 2001-08-17 13:48 2058368 ----a-w- c:\windows.0\system32\ntkrnlpa.exe
    2010-02-12 04:47 . 2001-08-18 12:00 100864 ----a-w- c:\windows.0\system32\6to4svc.dll
    2010-02-11 12:01 . 2001-08-18 12:00 226880 ----a-w- c:\windows.0\system32\drivers\tcpip6.sys
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\atapi.sys
    [-] 2001-08-18 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\atapi.sys

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\asyncmac.sys
    [-] 2001-08-18 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\asyncmac.sys

    [-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\beep.sys

    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\kbdclass.sys
    [-] 2001-08-18 . 9C30CD464D87102497FD7C32910E6253 . 23424 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\ndis.sys
    [-] 2001-08-18 . 3EFD4F59BA0A340DE0A3AB984001DBF7 . 161536 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows.0\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows.0\system32\drivers\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB930916$\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ntfs.sys
    [-] 2001-08-18 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ntfs.sys

    [-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\null.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows.0\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows.0\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows.0\$NtUninstallKB951748$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows.0\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB941644$\tcpip.sys
    [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\tcpip.sys
    [-] 2001-08-18 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\tcpip.sys

    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
    [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\browser.dll
    [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows.0\system32\browser.dll
    [-] 2001-08-18 . 1C9CDCAD17F23BB7206451802307C529 . 49152 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\browser.dll

    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
    [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\lsass.exe
    [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows.0\system32\lsass.exe
    [-] 2001-08-18 . 8A590EA109B5E0C7629E022F8A6B17C5 . 11776 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\lsass.exe

    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows.0\system32\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows.0\$hf_mig$\KB905414\SP2QFE\netman.dll
    [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB905414$\netman.dll
    [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\netman.dll
    [-] 2001-08-18 . 2B150D3A00137588EB4D68BB30C25214 . 147968 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\netman.dll

    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
    [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows.0\ServicePackFiles\i386\qmgr.dll
    [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows.0\system32\qmgr.dll
    [-] 2001-08-18 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . c:\windows.0\$NtServicePackUninstall$\qmgr.dll

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows.0\system32\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB956572\SP2QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows.0\$NtUninstallKB956572$\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows.0\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows.0\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows.0\$NtUninstallKB902400$\rpcss.dll
    [-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB894391$\rpcss.dll
    [-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\rpcss.dll
    [-] 2001-08-18 . 3F1C4DC5F03535E544996968DD225837 . 259072 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\rpcss.dll

    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows.0\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB956572\SP2QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
    [-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB956572$\services.exe
    [-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\services.exe
    [-] 2001-08-18 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\services.exe

    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows.0\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows.0\system32\spoolsv.exe
    [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB896423$\spoolsv.exe
    [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\spoolsv.exe
    [-] 2001-08-18 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\spoolsv.exe

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
    [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\winlogon.exe
    [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows.0\system32\winlogon.exe
    [-] 2001-08-18 . 2B0E480E975EE51F2D5CE5F068FED6E2 . 430080 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows.0\system32\comctl32.dll
    [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows.0\$NtUninstallKB923191$\comctl32.dll
    [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows.0\ServicePackFiles\i386\comctl32.dll
    [-] 2001-08-18 . 1C38C4D90DD3C07A1946E4D5005EE928 . 557568 . . [5.82] . . c:\windows.0\$NtServicePackUninstall$\comctl32.dll

    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
    [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\cryptsvc.dll
    [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows.0\system32\cryptsvc.dll
    [-] 2001-08-18 . C1B26CE5483DD20D59BCF608331413E6 . 51200 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\cryptsvc.dll

    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows.0\system32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows.0\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows.0\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows.0\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows.0\$NtUninstallKB950974$\es.dll
    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows.0\$hf_mig$\KB902400\SP2QFE\es.dll
    [-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows.0\$NtUninstallKB902400$\es.dll
    [-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows.0\ServicePackFiles\i386\es.dll
    [-] 2001-08-18 12:00 . F5963768CFD62FDB926FDB588EE69315 . 224768 . . [2001.12.4414.42] . . c:\windows.0\$NtServicePackUninstall$\es.dll

    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
    [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\imm32.dll
    [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows.0\system32\imm32.dll
    [-] 2001-08-18 . E046037FD5BCDF92CE1A122B749B9B09 . 96768 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows.0\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows.0\$hf_mig$\KB959426\SP3GDR\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows.0\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows.0\$hf_mig$\KB959426\SP2QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows.0\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows.0\$NtUninstallKB959426$\kernel32.dll
    [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB935839$\kernel32.dll
    [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\kernel32.dll
    [-] 2001-08-18 . 379B0B31D7F8D2C9F7FF302B454A6C54 . 926720 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\kernel32.dll

    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows.0\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows.0\system32\linkinfo.dll
    [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB900725$\linkinfo.dll
    [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\linkinfo.dll
    [-] 2001-08-18 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\linkinfo.dll

    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll
    [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\lpk.dll
    [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows.0\system32\lpk.dll
    [-] 2001-08-18 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\lpk.dll

    [-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows.0\system32\mshtml.dll
    [-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows.0\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
    [-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows.0\ie8updates\KB980182-IE8\mshtml.dll
    [-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows.0\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
    [-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows.0\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
    [-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows.0\ie8updates\KB978207-IE8\mshtml.dll
    [-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows.0\ie8updates\KB976325-IE8\mshtml.dll
    [-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows.0\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
    [-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows.0\ie8updates\KB976749-IE8\mshtml.dll
    [-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows.0\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
    [-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows.0\ie8updates\KB974455-IE8\mshtml.dll
    [-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows.0\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
    [-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows.0\ie8updates\KB972260-IE8\mshtml.dll
    [-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows.0\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
    [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows.0\ie8updates\KB969897-IE8\mshtml.dll
    [-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows.0\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
    [-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows.0\ie8\mshtml.dll
    [-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows.0\ie7updates\KB963027-IE7\mshtml.dll
    [-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows.0\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
    [-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows.0\ie7updates\KB961260-IE7\mshtml.dll
    [-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows.0\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    [-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows.0\ie7updates\KB960714-IE7\mshtml.dll
    [-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows.0\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
    [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows.0\ie7updates\KB958215-IE7\mshtml.dll
    [-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows.0\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    [-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows.0\ie7updates\KB956390-IE7\mshtml.dll
    [-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows.0\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
    [-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows.0\ie7updates\KB953838-IE7\mshtml.dll
    [-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows.0\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
    [-] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows.0\ie7updates\KB950759-IE7\mshtml.dll
    [-] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows.0\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2GDR\mshtml.dll
    [-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows.0\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    [-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows.0\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2QFE\mshtml.dll
    [-] 2008-02-16 . 77DBF6075405494AD6B6A99E2C732F86 . 3059712 . . [6.00.2900.3314] . . c:\windows.0\ie7\mshtml.dll
    [-] 2008-02-16 . 701A6798DDF875CAA3A5099EE75FD57F . 3066880 . . [6.00.2900.3314] . . c:\windows.0\$hf_mig$\KB947864\SP2QFE\mshtml.dll
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows.0\ie7updates\KB947864-IE7\mshtml.dll
    [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows.0\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\mshtml.dll
    [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows.0\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows.0\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\mshtml.dll
    [-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows.0\ie7updates\KB944533-IE7\mshtml.dll
    [-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows.0\$NtUninstallKB947864$\mshtml.dll
    [-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows.0\ServicePackFiles\i386\mshtml.dll
    [-] 2001-08-18 . 2C8725BBC943212B349B34D11153E5F6 . 2793984 . . [6.00.2600.0000] . . c:\windows.0\$NtServicePackUninstall$\mshtml.dll

    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
    [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows.0\ServicePackFiles\i386\msvcrt.dll
    [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows.0\system32\msvcrt.dll
    [-] 2001-08-18 . EC9057C0640DA2A44B1F47E8515AB972 . 322560 . . [7.0.2600.0] . . c:\windows.0\$NtServicePackUninstall$\msvcrt.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows.0\system32\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows.0\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
    [-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB951748$\mswsock.dll
    [-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\mswsock.dll
    [-] 2001-08-18 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\mswsock.dll

    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
    [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\netlogon.dll
    [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows.0\system32\netlogon.dll
    [-] 2001-08-18 . F41C1602DC79AB72035F2388FCA0255F . 397824 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\netlogon.dll

    [-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows.0\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
    [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows.0\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
    [-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows.0\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows.0\system32\ntoskrnl.exe
    [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows.0\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows.0\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
    [-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows.0\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
    [-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows.0\$NtUninstallKB979683$\ntoskrnl.exe
    [-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows.0\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
    [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows.0\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
    [-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows.0\$NtUninstallKB977165$\ntoskrnl.exe
    [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows.0\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows.0\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
    [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows.0\$NtUninstallKB971486$\ntoskrnl.exe
    [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows.0\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows.0\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    [-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows.0\$NtUninstallKB956572$\ntoskrnl.exe
    [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows.0\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
    [-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows.0\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
    [-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows.0\$NtUninstallKB956841$\ntoskrnl.exe
    [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows.0\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows.0\$NtUninstallKB931784$\ntoskrnl.exe
    [-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB890859$\ntoskrnl.exe
    [-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2001-08-18 . A29222D5281056E497408FCC9062F749 . 1982208 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ntoskrnl.exe

    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
    [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows.0\ServicePackFiles\i386\powrprof.dll
    [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows.0\system32\powrprof.dll
    [-] 2001-08-18 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows.0\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
    [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\scecli.dll
    [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows.0\system32\scecli.dll
    [-] 2001-08-18 . 73968C834C316ADC7A2F07DC4B5F3665 . 174080 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\scecli.dll

    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
    [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\sfc.dll
    [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows.0\system32\sfc.dll
    [-] 2001-08-18 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
    [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\svchost.exe
    [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows.0\system32\svchost.exe
    [-] 2001-08-18 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows.0\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows.0\system32\tapisrv.dll
    [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB893756$\tapisrv.dll
    [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\tapisrv.dll
    [-] 2001-08-18 . 9CD079C25A94D6AB600E0C1C4361281F . 233984 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\tapisrv.dll

    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows.0\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows.0\system32\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows.0\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows.0\$NtUninstallKB925902$\user32.dll
    [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB890859$\user32.dll
    [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\user32.dll
    [-] 2001-08-18 . BE57A5C3ABD240514B98F6BCA872FB21 . 561152 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\user32.dll

    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
    [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\userinit.exe
    [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows.0\system32\userinit.exe
    [-] 2001-08-18 . 585398603F570F9705774D65D292E5D1 . 21504 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\userinit.exe

    [-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows.0\system32\wininet.dll
    [-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows.0\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
    [-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows.0\ie8updates\KB980182-IE8\wininet.dll
    [-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows.0\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
    [-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows.0\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
    [-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows.0\ie8updates\KB978207-IE8\wininet.dll
    [-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows.0\ie8updates\KB976325-IE8\wininet.dll
    [-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows.0\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
    [-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows.0\ie8updates\KB974455-IE8\wininet.dll
    [-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows.0\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
    [-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows.0\ie8updates\KB972260-IE8\wininet.dll
    [-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows.0\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
    [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows.0\ie8updates\KB969897-IE8\wininet.dll
    [-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows.0\ie8\wininet.dll
    [-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows.0\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
    [-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows.0\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    [-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows.0\ie7updates\KB963027-IE7\wininet.dll
    [-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows.0\ie7updates\KB961260-IE7\wininet.dll
    [-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows.0\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows.0\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows.0\ie7updates\KB958215-IE7\wininet.dll
    [-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows.0\ie7updates\KB956390-IE7\wininet.dll
    [-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows.0\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows.0\ie7updates\KB953838-IE7\wininet.dll
    [-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows.0\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
    [-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows.0\ie7updates\KB950759-IE7\wininet.dll
    [-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows.0\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2GDR\wininet.dll
    [-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows.0\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    [-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows.0\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2QFE\wininet.dll
    [-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . c:\windows.0\$hf_mig$\KB947864\SP2QFE\wininet.dll
    [-] 2008-02-16 . 0C690E77C0E924C45B4D7045B182FFF1 . 659456 . . [6.00.2900.3314] . . c:\windows.0\ie7\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows.0\ie7updates\KB947864-IE7\wininet.dll
    [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows.0\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
    [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows.0\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows.0\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
    [-] 2007-08-14 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows.0\ie7updates\KB944533-IE7\wininet.dll
    [-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows.0\$NtUninstallKB947864$\wininet.dll
    [-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows.0\ServicePackFiles\i386\wininet.dll
    [-] 2001-08-18 . CF9F1EEF71F42EDE71B6F4AA05D5CA1A . 593920 . . [6.00.2600.0000] . . c:\windows.0\$NtServicePackUninstall$\wininet.dll

    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
    [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ws2_32.dll
    [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows.0\system32\ws2_32.dll
    [-] 2001-08-18 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows.0\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows.0\explorer.exe
    [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows.0\$NtUninstallKB938828$\explorer.exe
    [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows.0\ServicePackFiles\i386\explorer.exe
    [-] 2001-08-18 . 5A26FC6010886D25B3E412493DD95ED8 . 1000960 . . [6.00.2600.0000] . . c:\windows.0\$NtServicePackUninstall$\explorer.exe

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows.0\system32\srsvc.dll
    [-] 2001-08-18 . E305E78536FA6649299F71FD8EA9A84D . 155136 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
    [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\wscntfy.exe
    [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows.0\system32\wscntfy.exe

    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
    [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\xmlprov.dll
    [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows.0\system32\xmlprov.dll

    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
    [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\eventlog.dll
    [-] 2001-08-18 . A510B91253544D56B5712D66BE8371E9 . 47616 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\eventlog.dll

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
    [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\sfcfiles.dll
    [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows.0\system32\sfcfiles.dll
    [-] 2001-08-18 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows.0\system32\ctfmon.exe
    [-] 2001-08-18 . 85B1054DB58D13AA42D7DCA778C30F57 . 13312 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll
    [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows.0\system32\shsvcs.dll
    [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows.0\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows.0\$NtUninstallKB928255$\shsvcs.dll
    [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows.0\ServicePackFiles\i386\shsvcs.dll
    [-] 2001-08-18 . AB2F114874D9D990A16EBC9372628489 . 114688 . . [6.00.2600.0000] . . c:\windows.0\$NtServicePackUninstall$\shsvcs.dll

    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll
    [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\regsvc.dll
    [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows.0\system32\regsvc.dll
    [-] 2001-08-18 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
    [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\schedsvc.dll
    [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows.0\system32\schedsvc.dll
    [-] 2001-08-18 . F6E2095CBC14522CEACD2853620FAF4D . 158720 . . [4.71.2600.1] . . c:\windows.0\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
    [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows.0\system32\ssdpsrv.dll
    [-] 2001-08-18 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
    [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\termsrv.dll
    [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows.0\system32\termsrv.dll
    [-] 2001-08-18 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\termsrv.dll

    [-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows.0\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows.0\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows.0\Driver Cache\i386\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows.0\system32\drivers\aec.sys
    [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows.0\$NtUninstallKB900485$\aec.sys
    [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows.0\ServicePackFiles\i386\aec.sys
    [-] 2001-07-23 . B45A744CA0A15A59D8B0307CE9741E92 . 122472 . . [5.1.2520.0] . . c:\windows.0\$NtServicePackUninstall$\aec.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
    [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\agp440.sys
    [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\agp440.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows.0\system32\drivers\ip6fw.sys

    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll
    [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows.0\system32\mfc40u.dll
    [-] 2001-08-18 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows.0\$NtUninstallKB924667$\mfc40u.dll

    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll
    [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\msgsvc.dll
    [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows.0\system32\msgsvc.dll
    [-] 2001-08-18 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\msgsvc.dll

    [-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\mspmsnsv.dll
    [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows.0\$NtUninstallWMFDist11$\mspmsnsv.dll
    [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows.0\ServicePackFiles\i386\mspmsnsv.dll

    [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows.0\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
    [-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows.0\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
    [-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows.0\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows.0\system32\ntkrnlpa.exe
    [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows.0\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows.0\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows.0\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe
    [-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows.0\$NtUninstallKB979683$\ntkrnlpa.exe
    [-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows.0\$hf_mig$\KB977165\SP2QFE\ntkrnlpa.exe
    [-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows.0\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows.0\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
    [-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows.0\$NtUninstallKB977165$\ntkrnlpa.exe
    [-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows.0\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
    [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows.0\$NtUninstallKB971486$\ntkrnlpa.exe
    [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows.0\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows.0\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows.0\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    [-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows.0\$NtUninstallKB956572$\ntkrnlpa.exe
    [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows.0\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
    [-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows.0\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
    [-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows.0\$NtUninstallKB956841$\ntkrnlpa.exe
    [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows.0\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows.0\$NtUninstallKB931784$\ntkrnlpa.exe
    [-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB890859$\ntkrnlpa.exe
    [-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2001-08-18 . 46E2E3DCF54B819CFB2EBFE48A22B5C9 . 1896704 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\ntkrnlpa.exe

    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
    [-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows.0\ServicePackFiles\i386\ntmssvc.dll
    [-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows.0\system32\ntmssvc.dll
    [-] 2001-08-18 12:00 . C63415DEFA08D7BD244E636C97B32F3D . 392192 . . [5.1.2400.1] . . c:\windows.0\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows.0\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows.0\system32\upnphost.dll
    [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows.0\$NtUninstallKB931261$\upnphost.dll
    [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows.0\ServicePackFiles\i386\upnphost.dll
    [-] 2001-08-18 . 6FB00F87EA0CDE9A5657F4E800997440 . 162816 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\upnphost.dll

    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dsound.dll
    [-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows.0\ServicePackFiles\i386\dsound.dll
    [-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows.0\system32\dsound.dll
    [-] 2001-08-18 . 9402C9F282AC5FAF8253A4DC2E231B67 . 338944 . . [5.1.2600.0] . . c:\windows.0\$NtServicePackUninstall$\dsound.dll

    c:\windows.0\System32\eventlog.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="c:\windows.0\NCLAUNCH.EXe" [2008-06-02 40960]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadband Blaster User Interface"="c:\program files\Creative\Broadband Blaster UI\bbui.exe" [2004-11-30 274432]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "tsnpstd3"="c:\windows.0\tsnpstd3.exe" [2007-03-10 270336]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "Show missed alarms"="c:\program files\Alarm Clock\Alarm.exe" [2008-05-31 376944]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

    c:\documents and settings\Gary\Start Menu\Programs\Startup\
    Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2004-11-03 21:03 125528 -c--a-w- c:\program files\Common Files\AOL\1227128870\EE\AOLHostManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-03-26 04:27 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms]
    2008-05-31 20:49 376944 ----a-r- c:\program files\Alarm Clock\Alarm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
    2006-09-19 17:07 827392 -c--a-w- c:\windows.0\vsnpstd3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-06 21:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-03-09 02:52 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Creative\\Broadband Blaster UI\\bbui.exe"=
    "c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
    S2 AlarmClockMonitor;Talking Alarm Clock user logon monitor;c:\program files\Alarm Clock\AlarmMonitor.exe [2008-05-31 852144]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    S3 MBAMProtector;MBAMProtector;c:\windows.0\system32\drivers\mbam.sys [2010-04-29 20952]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-11 c:\windows.0\Tasks\1 Breakfast Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 20:49]

    2010-02-03 c:\windows.0\Tasks\2 Lunch Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 20:49]

    2010-02-03 c:\windows.0\Tasks\3 Dinner Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 20:49]

    2010-02-11 c:\windows.0\Tasks\4 Bedtime Alarm.job
    - c:\program files\Alarm Clock\Alarm.exe [2008-05-31 20:49]

    2010-02-11 c:\windows.0\Tasks\4 Bedtime Alarm.job
    - c:\documents and settings\Gary\Desktop\Gary's stuff\Gary's Stuff - MUSIC\MUSIC - CLASSICAL\Blue Danu Waltz.mid [2007-07-30 06:34]

    2009-12-04 c:\windows.0\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\9d4qxt47.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-04 17:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\Gary\LOCALS~1\Temp\catchme.dll

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2292)
    c:\windows.0\system32\WININET.dll
    c:\windows.0\system32\ieframe.dll
    c:\windows.0\system32\webcheck.dll
    c:\windows.0\system32\WPDShServiceObj.dll
    c:\windows.0\system32\PortableDeviceTypes.dll
    c:\windows.0\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-05-04 17:16:50
    ComboFix-quarantined-files.txt 2010-05-05 00:16
    ComboFix2.txt 2010-05-03 22:56

    Pre-Run: 21,565,300,736 bytes free
    Post-Run: 21,546,524,672 bytes free

    - - End Of File - - 9320A3E339CD4B9BC8F5765F3154B156
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920986

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice