System Security - NT Authority

View previous topic View next topic Go down

Solved System Security - NT Authority

Post by Scorch on 4th June 2010, 12:11 am

OK,

I am trying to help my sister-in-law get her computer up and running again. She had a problem with getting her computer online. A lot of files, drivers, etc. were missing. The only way I could get any of the files back was to reinstall windows.

She is now back online. However, I think that the original problem may have been virus related. Can you tell me where to start to check and see if there are viruses present, and what I need to do to get rid of them?

Thanks!

LATEST UPDATE - I received a message that the system had to shutdown. initiated by NT Authority DCOM launcher terminated unexpectedly (or something similar to that) and now I cannot get to the internet with that computer.

Any ideas?

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 4th June 2010, 9:20 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 4th June 2010, 10:09 pm

First part of OTL. Had to run in safe mode, from USB drive. Could not copy OTL to hard drive.


OTL logfile created on: 6/4/2010 5:50:35 PM - Run 2
OTL by OldTimer - Version 3.2.5.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 73.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.56 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.92 Gb Total Space | 0.54 Gb Free Space | 28.14% Space Free | Partition Type: FAT
Drive F: | 3.74 Gb Total Space | 3.65 Gb Free Space | 97.64% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-3FC54A9D74
Current User Name: Mama
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/30 18:27:40 | 000,571,392 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/01/05 19:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/01/05 19:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 18:27:40 | 000,571,392 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 19:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/01/05 19:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/01/05 19:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 19:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 15:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/05 19:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 19:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/01/05 19:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/05 19:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/05 19:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/01/05 19:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/01/05 19:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/05 19:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/01/05 19:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/05 19:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 B9 AE 21 7F 53 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 21:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 20:24:39 | 000,000,000 | ---D | M]

[2010/05/26 21:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mama\Application Data\Mozilla\Extensions
[2010/06/03 22:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\7ghzwri7.default\extensions
[2010/05/26 21:05:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\7ghzwri7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/26 23:51:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\7ghzwri7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/03 22:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 20:24:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/02/25 11:02:13 | 000,380,355 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 13105 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100301074949.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.150.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/18 08:56:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8b265a4f-2275-11df-a3f9-001111b6f57e}\Shell\AutoRun\command - "" = StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/04 17:47:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/04 17:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/03 23:52:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mama\Recent
[2010/06/03 22:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/06/03 20:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mama\Application Data\HPAppData
[2010/06/03 20:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/03 20:24:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/03 20:24:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/03 20:24:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/03 20:24:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/03 20:17:57 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/06/03 20:12:44 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/06/03 20:12:44 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/06/03 20:12:42 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/06/03 20:08:25 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/06/03 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mama\Application Data\Malwarebytes
[2010/06/03 19:50:06 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/06/03 19:43:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/03 19:30:53 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/06/03 19:30:53 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/06/03 19:30:53 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/06/03 19:30:53 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/06/03 19:30:53 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/06/03 19:30:53 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/06/03 19:30:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/06/03 19:30:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/06/03 19:30:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/06/03 19:30:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/06/03 19:30:28 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/06/03 19:30:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/06/03 19:30:27 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/06/03 19:30:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/06/03 19:30:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/06/03 19:30:25 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/06/03 19:30:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/06/03 19:30:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/06/03 19:30:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/06/03 19:30:23 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/06/03 19:30:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/06/03 19:30:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/06/03 19:30:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/06/03 19:30:22 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/06/03 19:30:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/06/03 19:30:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/06/03 19:30:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/06/03 19:30:18 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/06/03 19:30:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/06/03 19:30:18 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/06/03 19:30:17 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/06/03 19:30:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/06/03 19:30:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/06/03 19:30:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/06/03 19:30:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/06/03 19:30:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/06/03 19:30:14 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/06/03 19:30:14 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/06/03 19:30:14 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/06/03 19:30:13 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/06/03 19:30:13 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/06/03 19:30:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/06/03 19:30:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/06/03 19:30:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/06/03 19:30:09 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/06/03 19:30:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/06/03 19:30:07 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/06/03 19:30:06 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/06/03 19:30:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/06/03 19:30:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/06/03 19:30:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/06/03 19:30:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/06/03 19:30:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/06/03 19:30:04 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/06/03 19:30:04 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/06/03 19:30:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/06/03 19:30:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/06/03 19:30:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/06/03 19:30:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/06/03 19:30:03 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/06/03 19:30:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/06/03 19:30:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/06/03 19:30:02 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/06/03 19:30:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/06/03 19:30:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/06/03 19:30:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/06/03 19:30:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/06/03 19:30:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/06/03 19:30:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/06/03 19:30:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/06/03 19:30:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/06/03 19:30:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/06/03 19:30:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/06/03 19:30:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/06/03 19:30:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/06/03 19:30:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/06/03 19:30:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/06/03 19:30:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/06/03 19:30:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/06/03 19:30:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/06/03 19:29:59 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/06/03 19:29:59 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/06/03 19:29:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/06/03 19:29:54 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/06/03 19:29:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/06/03 19:29:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/06/03 19:29:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/06/03 19:29:51 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/06/03 19:29:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/03 19:29:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/03 19:29:51 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/06/03 19:29:51 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/06/03 19:29:51 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/03 19:29:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/06/03 19:29:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/06/03 19:29:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/06/03 19:29:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/06/03 19:29:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/06/03 19:29:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/06/03 19:29:45 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/06/03 19:29:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/06/03 19:29:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/06/03 19:29:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/06/03 19:29:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/06/03 19:29:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/06/03 19:29:41 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/06/03 19:29:41 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/06/03 19:29:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/06/03 19:29:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/06/03 19:29:40 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/06/03 19:29:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/06/03 19:29:40 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/06/03 19:29:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/06/03 19:29:38 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/06/03 19:29:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/06/03 19:29:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/06/03 19:29:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/06/03 19:29:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/06/03 19:29:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/06/03 19:29:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/06/03 19:29:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/06/03 19:29:28 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/06/03 19:29:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/06/03 19:29:23 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/06/03 19:29:21 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/06/03 19:29:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/06/03 19:29:18 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/06/03 19:29:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/06/03 19:29:10 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/06/03 19:29:10 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/06/03 19:29:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/06/03 19:29:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/06/03 19:29:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/06/03 19:29:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/06/03 19:29:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/06/03 19:29:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/06/03 19:29:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/06/03 19:29:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/06/03 19:29:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/06/03 19:29:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/06/03 19:29:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/06/03 19:29:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/06/03 19:29:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/06/03 19:29:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/06/03 19:29:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/06/03 19:29:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/06/03 19:29:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/06/03 19:29:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/06/03 19:29:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/06/03 19:29:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/06/03 19:29:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/06/03 19:29:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/06/03 19:29:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/06/03 19:29:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/06/03 19:29:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/06/03 19:29:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/06/03 19:29:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/06/03 19:29:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/06/03 19:29:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 4th June 2010, 10:11 pm

Second part. Also, and EXTRAS file was not created, only this file.

[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/06/03 19:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/06/03 19:28:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/06/03 19:28:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/06/03 19:28:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/06/03 19:28:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/06/03 19:28:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/06/03 19:28:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/06/03 19:28:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/06/03 19:28:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/06/03 19:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/06/03 19:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/06/03 19:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/06/03 19:28:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/06/03 19:28:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/06/03 19:28:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/06/03 19:28:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/06/03 19:28:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/06/03 19:28:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/06/03 19:28:56 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/06/03 19:28:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/06/03 19:28:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/06/03 19:28:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/06/03 19:28:52 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/06/03 19:28:51 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/06/03 19:28:51 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/06/03 19:28:50 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/06/03 19:28:49 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/06/03 19:28:49 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/06/03 19:28:49 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/06/03 19:28:49 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/06/03 19:28:49 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/06/03 19:28:48 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/06/03 19:28:48 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/06/03 19:28:48 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/06/03 19:28:48 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/06/03 19:28:48 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/06/03 19:28:47 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/06/03 19:28:47 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/06/03 19:28:47 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/06/03 19:28:47 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/06/03 19:28:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/06/03 19:28:46 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/06/03 19:28:46 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/06/03 19:28:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/06/03 19:28:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/06/03 19:28:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/06/03 19:28:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/06/03 19:28:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/06/03 19:28:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/06/03 19:28:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/06/03 19:28:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/06/03 19:28:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/06/03 19:28:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/06/03 19:28:38 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/06/03 19:28:31 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/06/03 19:28:30 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/06/03 19:28:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/06/03 19:28:30 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/06/03 19:28:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/06/03 19:28:29 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/06/03 19:28:29 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/06/03 19:28:29 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/06/03 19:28:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/06/03 19:28:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/06/03 19:28:27 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/06/03 19:28:25 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/06/03 19:28:25 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/06/03 19:28:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/06/03 19:28:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/06/03 19:28:25 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/06/03 19:28:24 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/06/03 19:28:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/06/03 19:28:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/06/03 19:28:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/06/03 19:28:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/06/03 19:28:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/06/03 19:28:24 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/06/03 19:28:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/06/03 19:28:23 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/06/03 19:28:23 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/06/03 19:28:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/06/03 19:28:23 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/06/03 19:28:23 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/06/03 19:28:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/06/03 19:28:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/06/03 19:28:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/06/03 19:28:22 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/06/03 19:28:22 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/06/03 19:28:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/06/03 19:28:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/06/03 19:28:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/06/03 19:28:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/06/03 19:28:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/06/03 19:28:21 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/06/03 19:28:20 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/06/03 19:28:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/06/03 19:28:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/06/03 19:28:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/06/03 19:28:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/06/03 19:28:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/06/03 19:28:17 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/06/03 19:28:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/06/03 19:28:16 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/06/03 19:28:16 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/06/03 19:28:16 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/06/03 19:28:16 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/06/03 19:28:05 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2010/06/03 19:28:03 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/06/03 19:28:02 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/06/03 19:28:00 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/06/03 19:28:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/06/03 19:28:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/06/03 19:27:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/06/03 19:27:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/06/03 19:27:58 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/06/03 19:27:58 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/06/03 19:27:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/06/03 19:27:57 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/06/03 19:27:56 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/06/03 19:27:56 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/06/03 19:27:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/06/03 19:27:55 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/06/03 19:27:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/06/03 19:27:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/06/03 19:27:54 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/06/03 19:27:54 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/06/03 19:27:54 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/06/03 19:27:54 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/06/03 19:27:54 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/06/03 19:27:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/06/03 19:27:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/06/03 19:27:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/06/03 19:27:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/06/03 19:27:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/06/03 19:27:52 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/03 19:27:51 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/06/03 19:27:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/06/03 19:27:51 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/06/03 19:27:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/06/03 19:27:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/06/03 19:27:40 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/06/03 19:27:40 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/06/03 19:27:40 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/06/03 19:27:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/06/03 19:27:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/06/03 19:27:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/06/03 19:27:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/06/03 19:27:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/06/03 19:27:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/06/03 19:27:36 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/06/03 19:27:36 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/06/03 19:27:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/06/03 19:27:35 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/06/03 19:27:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/06/03 19:27:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/06/03 19:27:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/06/03 19:27:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/06/03 19:27:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/06/03 19:27:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/06/03 19:27:32 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/06/03 19:27:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/06/03 19:27:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/06/03 19:27:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2010/06/03 19:27:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2010/06/03 19:27:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/06/03 19:27:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/06/03 19:27:24 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/06/03 19:27:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/06/03 19:27:23 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/06/03 19:27:23 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/06/03 19:27:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/06/03 19:27:22 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/06/03 19:27:22 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/06/03 19:27:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/06/03 19:27:15 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/06/03 19:27:15 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/06/03 19:27:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/06/03 19:27:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/06/03 19:27:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/06/03 19:27:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/06/03 19:27:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/06/03 19:27:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/06/03 19:27:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/06/03 19:27:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/06/03 19:27:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/06/03 19:27:13 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/06/03 19:27:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/06/03 19:27:13 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/06/03 19:27:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/06/03 19:27:12 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/06/03 19:27:12 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/06/03 19:27:12 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/06/03 19:27:12 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/06/03 19:27:12 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/06/03 19:27:12 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/06/03 19:27:12 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/06/03 19:27:11 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/06/03 19:27:11 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/06/03 19:27:11 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/06/03 19:27:11 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/06/03 19:27:11 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/06/03 19:27:11 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/06/03 19:27:11 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/06/03 19:27:09 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/06/03 19:27:09 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/06/03 19:27:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/06/03 19:27:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/06/03 19:27:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/06/03 19:27:08 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/06/03 19:27:08 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/06/03 19:27:08 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/06/03 19:27:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/06/03 19:27:07 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/06/03 19:27:05 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/06/03 19:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/06/03 19:24:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/06/03 19:22:35 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2010/06/03 19:22:35 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2010/06/03 19:04:22 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/06/03 19:04:22 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/06/03 19:04:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/06/03 19:04:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/05/31 21:15:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 21:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 21:15:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 16:05:06 | 000,036,864 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\e100bmsg.dll
[2010/05/31 16:05:00 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2010/05/31 16:05:00 | 000,023,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IntelNic.dll
[2010/05/26 23:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/26 21:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla
[2010/05/26 21:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mama\Application Data\Mozilla
[2010/05/26 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/04 17:46:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 17:46:22 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Mama\NTUSER.DAT
[2010/06/04 17:46:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mama\ntuser.ini
[2010/06/04 17:46:11 | 004,830,282 | -H-- | M] () -- C:\Documents and Settings\Mama\Local Settings\Application Data\IconCache.db
[2010/06/03 23:36:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 23:35:24 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/03 23:33:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{03690AD5-85A1-4AE5-A86A-0CF6805F348F}.job
[2010/06/03 23:32:47 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/06/03 23:32:38 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/03 23:32:08 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 20:32:15 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/06/03 20:04:42 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/03 20:04:41 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/03 20:04:40 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/03 19:54:47 | 000,139,163 | ---- | M] () -- C:\WINDOWS\hpoins15.dat
[2010/06/03 19:54:44 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Photosmart C4200 series.job
[2010/06/03 19:43:21 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 19:33:31 | 000,041,691 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/03 19:26:47 | 000,000,659 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/03 19:26:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/03 19:26:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/03 19:26:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/03 19:26:27 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/03 19:24:44 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/03 19:24:44 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/03 19:23:09 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/03 19:21:46 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/06/03 19:04:40 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/03 19:04:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/03 18:46:16 | 000,274,534 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/06/01 12:56:03 | 000,001,226 | ---- | M] () -- C:\Documents and Settings\Mama\Local Settings\Application Data\FASTWiz.html
[2010/05/31 21:15:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:50:52 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Mama\Desktop\CCleaner.lnk
[2010/05/26 21:49:34 | 000,023,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IntelNic.dll
[2010/05/26 21:47:28 | 000,005,178 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/26 21:47:10 | 000,036,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e100bmsg.dll
[2010/05/26 21:45:10 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2010/05/26 21:03:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/26 21:03:09 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 22:10:35 | 000,000,256 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/03 20:32:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/06/03 20:32:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/06/03 20:02:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/06/03 19:54:44 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Photosmart C4200 series.job
[2010/06/03 19:30:38 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/03 19:29:42 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/03 19:29:42 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/03 19:29:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/03 19:29:05 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/03 19:29:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/03 19:28:51 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/03 19:28:48 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/03 19:28:46 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/03 19:28:34 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/03 19:28:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/03 19:28:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/03 19:27:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/03 19:27:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/06/03 19:27:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/06/03 19:27:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/06/03 19:27:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/06/03 19:27:49 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/06/03 19:27:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/03 19:27:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/06/03 19:27:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/06/03 19:27:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/06/03 19:27:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/06/03 19:27:48 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/06/03 19:27:48 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/06/03 19:27:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/06/03 19:27:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/06/03 19:27:46 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/06/03 19:27:46 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/06/03 19:27:46 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/06/03 19:27:46 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/06/03 19:27:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/06/03 19:27:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/06/03 19:27:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/06/03 19:27:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/06/03 19:27:45 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/06/03 19:27:45 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/06/03 19:27:45 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/06/03 19:27:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/06/03 19:27:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/06/03 19:27:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/06/03 19:27:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/06/03 19:27:43 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/06/03 19:27:43 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/06/03 19:27:43 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/06/03 19:27:43 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/06/03 19:27:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/06/03 19:27:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/06/03 19:27:41 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/03 19:27:40 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/03 19:24:44 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/03 19:24:38 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/03 19:04:40 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/06/03 19:04:09 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/06/03 19:04:09 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/06/03 19:04:09 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/06/03 19:04:09 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/03 19:04:09 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/03 19:04:09 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/03 19:04:09 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/03 19:04:09 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/03 19:04:09 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/03 19:04:08 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/03 19:04:08 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/06/03 19:04:07 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/02 23:55:49 | 000,274,534 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/06/01 12:56:03 | 000,001,226 | ---- | C] () -- C:\Documents and Settings\Mama\Local Settings\Application Data\FASTWiz.html
[2010/05/31 22:48:49 | 000,108,559 | ---- | C] () -- C:\Documents and Settings\Mama\Local Settings\Application Data\FASTWiz.log
[2010/05/31 21:15:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 16:05:00 | 000,005,178 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/05/26 23:58:54 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/26 23:58:54 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/26 23:58:54 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/05/26 23:50:52 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Mama\Desktop\CCleaner.lnk
[2010/05/26 21:03:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/26 21:03:09 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/25 15:18:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/16 18:59:08 | 000,001,082 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/29 09:09:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/03/29 09:08:17 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/03/29 09:08:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/01/08 19:05:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/14 20:40:24 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/14 20:40:24 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\8C26637AC3.sys
[2008/09/18 10:49:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/18 09:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
< End of report >

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 7th June 2010, 3:41 am

Bump

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 7th June 2010, 10:37 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 7th June 2010, 11:16 pm

I cannot get malwarebytes to run, either from the hard drive, or USB drive, in normal mode, or in safe mode. I get an error message:

Run Time Error '372'.
Failed to load control 'vbalgrid' from vbalsgrid6.ocx
your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

I was able to run Malwarebytes the other day however, and the following is the report from then. I just don't know what has changed since then.


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/3/2010 11:30:20 PM
mbam-log-2010-06-03 (23-30-20).txt

Scan type: Quick scan
Objects scanned: 155859
Time elapsed: 16 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsageC:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESystemCurrentControlSetServises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTpopcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsRunDll32Policyf3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMultimediaWMPlayerSchemesf3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:Documents and SettingsAll UsersStart MenuCS (Rogue.CyberSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:WINDOWSDownloaded Program Filespopcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:Program FilesSharedlib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 8th June 2010, 4:54 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 8th June 2010, 6:17 pm

Should I be able to update Malwarebytes on the USB drive? The computer I am trying to work on will not connect to the internet at the moment. But if I can update Malwarebytes on the USB and run it from there, maybe it will work.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 8th June 2010, 10:08 pm

OK,
I downloaded the new Malwarebytes, updated, and tried it on the infected computer. I am getting the same error message as soon as I click on the malwarebytes icon.

When I tried to start the program from the USB drive on another computer, it started just fine.

I tried in both normal mode and safe mode. I even tried again to connect to the internet from safe mode, and I am getting nothing.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 9th June 2010, 12:01 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 9th June 2010, 3:33 am

I tried several different times and several different ways to disable the McAfee virus protection, but was unable. I could not right click on it to disable, I could not left click and do anything, and I could not use task manager.


ComboFix 10-06-08.02 - Mama 06/08/2010 22:44:41.1.1 - x86
Running from: F:Combo-Fix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesShared
c:windowsDownloaded Program Filespopcaploader.inf
c:windowssystem32AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-04 02:10 . 2010-06-04 02:10 -------- d-----w- c:windowssystem32KB905474
2010-06-04 00:32 . 2010-06-04 00:32 -------- d-----w- c:documents and settingsMamaApplication DataHPAppData
2010-06-04 00:24 . 2010-04-12 21:29 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-06-04 00:17 . 2008-06-13 11:05 272128 -c----w- c:windowssystem32dllcachebthport.sys
2010-06-04 00:12 . 2010-02-17 13:10 2189952 -c----w- c:windowssystem32dllcachentoskrnl.exe
2010-06-04 00:12 . 2010-02-16 14:08 2146304 -c----w- c:windowssystem32dllcachentkrnlmp.exe
2010-06-04 00:12 . 2010-02-16 13:25 2024448 -c----w- c:windowssystem32dllcachentkrpamp.exe
2010-06-04 00:08 . 2010-02-24 13:11 455680 -c----w- c:windowssystem32dllcachemrxsmb.sys
2010-06-03 23:57 . 2010-06-03 23:57 -------- d-----w- c:documents and settingsMamaApplication DataMalwarebytes
2010-06-03 23:50 . 2005-09-20 13:31 135168 ----a-w- c:windowssystem32igfxres.dll
2010-06-03 23:29 . 2008-04-13 23:00 66113 -c--a-w- c:windowssystem32dllcacheshvl.dll
2010-06-03 23:28 . 2008-04-13 23:00 6144 -c--a-w- c:windowssystem32dllcachekbdax2.dll
2010-06-03 23:27 . 2008-04-13 23:00 56320 -c--a-w- c:windowssystem32dllcacheconvlog.exe
2010-06-03 23:24 . 2008-04-13 23:00 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe
2010-06-03 23:22 . 2008-04-13 23:00 92672 -c--a-w- c:windowssystem32dllcachepolicman.dll
2010-06-03 23:22 . 2008-04-13 23:00 92672 ----a-w- c:windowssystem32wbempolicman.dll
2010-06-03 23:22 . 2008-04-13 23:00 358912 -c--a-w- c:windowssystem32dllcachewmic.exe
2010-06-03 23:22 . 2008-04-13 23:00 358912 ----a-w- c:windowssystem32wbemwmic.exe
2010-06-03 23:04 . 2008-04-13 23:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 24661 ----a-w- c:windowssystem32spxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 ----a-w- c:windowssystem32irclass.dll
2010-06-01 01:15 . 2010-04-29 19:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-01 01:15 . 2010-06-01 01:15 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-06-01 01:15 . 2010-04-29 19:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-01 01:15 . 2010-06-07 23:03 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-05-31 20:05 . 2010-05-27 01:47 36864 ----a-w- c:windowssystem32e100bmsg.dll
2010-05-31 20:05 . 2010-05-27 01:49 23040 ----a-w- c:windowssystem32IntelNic.dll
2010-05-31 20:05 . 2010-05-27 01:45 126976 ----a-w- c:windowssystem32Prounstl.exe
2010-05-31 20:04 . 2010-05-27 01:43 162816 ----a-w- c:windowssystem32driverse100b325.sys
2010-05-27 03:50 . 2010-05-27 03:51 -------- d-----w- c:program filesCCleaner
2010-05-27 01:03 . 2010-05-27 01:03 0 ----a-w- c:windowsnsreg.dat
2010-05-27 01:03 . 2010-05-27 01:03 -------- d-----w- c:documents and settingsMamaLocal SettingsApplication DataMozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 00:32 . 2008-10-16 04:54 -------- d-----w- c:documents and settingsAll UsersApplication DataYahoo!
2010-06-04 00:31 . 2010-06-04 00:31 862872 ------w- c:documents and settingsMamaApplication DataYahoo!SearchProtectionfudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-06-04 00:25 . 2008-09-18 17:20 -------- d-----w- c:program filesCommon FilesJava
2010-06-04 00:25 . 2010-06-04 00:25 503808 ----a-w- c:documents and settingsMamaApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-317d2f00-nmsvcp71.dll
2010-06-04 00:25 . 2010-06-04 00:25 499712 ----a-w- c:documents and settingsMamaApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-317d2f00-njmc.dll
2010-06-04 00:25 . 2010-06-04 00:25 348160 ----a-w- c:documents and settingsMamaApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-317d2f00-nmsvcr71.dll
2010-06-04 00:25 . 2010-06-04 00:25 61440 ----a-w- c:documents and settingsMamaApplication DataSunJavaDeploymentSystemCache6.0505535ab32-79a38fe7-ndecora-sse.dll
2010-06-04 00:25 . 2010-06-04 00:25 12800 ----a-w- c:documents and settingsMamaApplication DataSunJavaDeploymentSystemCache6.0505535ab32-79a38fe7-ndecora-d3d.dll
2010-06-04 00:24 . 2008-09-18 17:20 -------- d-----w- c:program filesJava
2010-06-03 23:54 . 2008-09-21 20:44 139163 ----a-w- c:windowshpoins15.dat
2010-06-03 23:25 . 2010-06-03 23:25 87601 ----a-w- c:windowspchealthhelpctrOfflineCacheindex.dat
2010-06-03 23:23 . 2008-09-18 12:54 23348 ----a-w- c:windowssystem32emptyregdb.dat
2010-04-16 14:13 . 2010-03-01 12:49 -------- d-----w- c:program filesMcAfee
2010-04-15 09:06 . 2010-04-15 09:06 -------- d-----w- c:documents and settingsMamaApplication DataTaxCut
2010-04-15 07:55 . 2010-04-15 07:16 -------- d-----w- c:documents and settingsMamaApplication DataICAClient
2010-04-15 07:16 . 2010-04-15 07:16 -------- d-----w- c:documents and settingsAll UsersApplication DataCitrix
2010-04-15 07:15 . 2010-04-15 07:15 -------- d-----w- c:program filesCitrix
2010-04-15 06:41 . 2010-04-15 06:30 -------- d-----w- c:documents and settingsAll UsersApplication DataDriverCure
2010-04-15 06:36 . 2010-04-15 06:18 -------- d-----w- c:documents and settingsAll UsersApplication DataRegCure
2010-04-15 06:35 . 2010-04-15 06:30 -------- d-----w- c:documents and settingsMamaApplication DataDriverCure
2010-04-15 06:30 . 2010-04-15 06:30 -------- d-----w- c:program filesParetoLogic
2010-04-15 06:30 . 2010-04-15 06:30 -------- d-----w- c:documents and settingsAll UsersApplication DataParetoLogic
2010-03-19 11:32 . 2008-10-15 00:40 2516 --sha-w- c:windowssystem32KGyGaAvL.sys
2008-10-15 00:40 . 2008-10-15 00:40 8 --sha-r- c:windowssystem328C26637AC3.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:windowssystem32driversatapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:windowssystem32dllcacheasyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:windowssystem32driversasyncmac.sys

[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:windowssystem32dllcachebeep.sys
[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:windowssystem32driversbeep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:windowssystem32driverskbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:windowssystem32dllcachendis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:windowssystem32driversndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:windowssystem32dllcachentfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:windowssystem32driversntfs.sys

[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:windowssystem32dllcachenull.sys
[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:windowssystem32driversnull.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowsSoftwareDistributionDownloadad744bdeedce85bf37a096f34577ff3asp3gdrtcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32dllcachetcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:windowssystem32driverstcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:windows$NtUninstallKB951748$tcpip.sys

[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:windowssystem32browser.dll
[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:windowssystem32dllcachebrowser.dll

[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:windowssystem32lsass.exe
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:windowssystem32dllcachelsass.exe

[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:windowssystem32netman.dll
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:windowssystem32dllcachenetman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:windowssystem32qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:windowssystem32bitsqmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:windowssystem32dllcacheqmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3GDRrpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:windowssystem32rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:windowssystem32dllcacherpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:windows$hf_mig$KB956572SP3QFErpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3QFErpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2GDRrpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2QFErpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:windows$NtUninstallKB956572$rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2GDRservices.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3GDRservices.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:windowssystem32services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:windowssystem32dllcacheservices.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:windows$hf_mig$KB956572SP3QFEservices.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3QFEservices.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2QFEservices.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:windows$NtUninstallKB956572$services.exe

[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:windowssystem32spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:windowssystem32dllcachespoolsv.exe

[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:windowssystem32winlogon.exe
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:windowssystem32dllcachewinlogon.exe

[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:windowssystem32comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:windowssystem32dllcachecomctl32.dll

[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:windowssystem32cryptsvc.dll
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:windowssystem32dllcachecryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:windowsSoftwareDistributionDownload8cac00e8efc87d728c0261686f85c975sp3gdres.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:windowssystem32es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:windowssystem32dllcachees.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:windows$hf_mig$KB950974SP3QFEes.dll
[-] 2008-04-13 23:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:windows$NtUninstallKB950974$es.dll

[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:windowssystem32imm32.dll
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:windowssystem32dllcacheimm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:windowsSoftwareDistributionDownload�22593ca08eb4cd8e9681a7116f902d9sp3gdrkernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:windowssystem32kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:windowssystem32dllcachekernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:windows$hf_mig$KB959426SP3QFEkernel32.dll
[-] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:windows$NtUninstallKB959426$kernel32.dll

[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:windowssystem32linkinfo.dll
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:windowssystem32dllcachelinkinfo.dll

[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:windowssystem32lpk.dll
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:windowssystem32dllcachelpk.dll

[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:windowsSoftwareDistributionDownload376701bc93beff35dae28f35731a4130sp3gdrmshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:windowssystem32mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:windowssystem32dllcachemshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:windows$hf_mig$KB980182SP3QFEmshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:windowsSoftwareDistributionDownload376701bc93beff35dae28f35731a4130sp3qfemshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:windows$hf_mig$KB980182-IE8SP3QFEmshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:windowsie8updatesKB980182-IE8mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:windows$hf_mig$KB978207-IE8SP3QFEmshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:windows$hf_mig$KB976325-IE8SP3QFEmshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:windowsie8updatesKB978207-IE8mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:windowsie8updatesKB976325-IE8mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:windows$hf_mig$KB976749-IE8SP3QFEmshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:windowsie8updatesKB976749-IE8mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:windows$hf_mig$KB974455-IE8SP3QFEmshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:windowsie8mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:windows$hf_mig$KB972260-IE7SP3QFEmshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:windowsie8updatesKB974455-IE8mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:windowsSoftwareDistributionDownload8aff2c132bea63255d1cab83ef37c507SP3GDRmshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:windows$hf_mig$KB972260-IE8SP3QFEmshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:windowsSoftwareDistributionDownload8aff2c132bea63255d1cab83ef37c507SP3QFEmshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:windows$hf_mig$KB969897-IE8SP3QFEmshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:windowsie7updatesKB972260-IE7mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:windows$hf_mig$KB969897-IE7SP3QFEmshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:windowsie8updatesKB972260-IE8mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:windowsie7updatesKB969897-IE7mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:windows$hf_mig$KB961260-IE7SP2QFEmshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:windowsie7updatesKB961260-IE7mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:windows$hf_mig$KB960714-IE7SP2QFEmshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:windowsie7updatesKB960714-IE7mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:windows$hf_mig$KB958215-IE7SP2QFEmshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:windowsie7updatesKB958215-IE7mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:windows$hf_mig$KB956390-IE7SP2QFEmshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:windowsSoftwareDistributionDownload1c0a4d9681e4b56278490848f7545aa5sp3qfemshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:windowsie7updatesKB956390-IE7mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:windowsSoftwareDistributionDownload13d5d266d7681d26b42f8dff88cadc20SP2GDRmshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:windows$hf_mig$KB953838-IE7SP2QFEmshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:windowsSoftwareDistributionDownload13d5d266d7681d26b42f8dff88cadc20SP2QFEmshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:windowsSoftwareDistributionDownload1c0a4d9681e4b56278490848f7545aa5sp3gdrmshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:windowsie7mshtml.dll
[-] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:windows$NtUninstallKB980182$mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:windowsie7updatesKB953838-IE7mshtml.dll

[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:windowssystem32msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:windowssystem32dllcachemsvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:windowsSoftwareDistributionDownloadad744bdeedce85bf37a096f34577ff3asp3gdrmswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:windowssystem32mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:windowssystem32dllcachemswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:windows$hf_mig$KB951748SP3QFEmswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:windows$NtUninstallKB951748$mswsock.dll

[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:windowssystem32netlogon.dll
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:windowssystem32dllcachenetlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:windowsDriver Cachei386ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP3GDRntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:windowssystem32ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:windowssystem32dllcachentoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP2QFEntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP2GDRntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:windows$hf_mig$KB979683SP3QFEntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP3QFEntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:windows$hf_mig$KB977165SP3QFEntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:windows$hf_mig$KB971486SP3QFEntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:windows$hf_mig$KB956572SP3QFEntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3QFEntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2GDRntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:windows$NtUninstallKB979683$ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3GDRntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2QFEntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:windows$hf_mig$KB956841SP3QFEntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:windows$NtUninstallKB956572$ntoskrnl.exe

[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:windowssystem32powrprof.dll
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:windowssystem32dllcachepowrprof.dll

[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:windowssystem32scecli.dll
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:windowssystem32dllcachescecli.dll

[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:windowssystem32sfc.dll
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:windowssystem32dllcachesfc.dll

[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:windowssystem32dllcachesvchost.exe

[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:windowssystem32tapisrv.dll
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:windowssystem32dllcachetapisrv.dll

[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:windowssystem32user32.dll
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:windowssystem32dllcacheuser32.dll

[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:windowssystem32userinit.exe
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:windowssystem32dllcacheuserinit.exe

[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:windowsSoftwareDistributionDownload376701bc93beff35dae28f35731a4130sp3gdrwininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:windowssystem32wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:windowssystem32dllcachewininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:windows$hf_mig$KB980182SP3QFEwininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:windowsSoftwareDistributionDownload376701bc93beff35dae28f35731a4130sp3qfewininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:windows$hf_mig$KB980182-IE8SP3QFEwininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:windowsie8updatesKB980182-IE8wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:windows$hf_mig$KB978207-IE8SP3QFEwininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:windows$hf_mig$KB976325-IE8SP3QFEwininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:windowsie8updatesKB978207-IE8wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:windowsie8updatesKB976325-IE8wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:windows$hf_mig$KB974455-IE8SP3QFEwininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:windowsie8updatesKB974455-IE8wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:windowsSoftwareDistributionDownload8aff2c132bea63255d1cab83ef37c507SP3GDRwininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:windows$hf_mig$KB972260-IE8SP3QFEwininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:windowsSoftwareDistributionDownload8aff2c132bea63255d1cab83ef37c507SP3QFEwininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:windows$hf_mig$KB972260-IE7SP3QFEwininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:windowsie8wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:windows$hf_mig$KB969897-IE8SP3QFEwininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:windowsie7updatesKB972260-IE7wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:windows$hf_mig$KB969897-IE7SP3QFEwininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:windowsie8updatesKB972260-IE8wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:windows$hf_mig$KB961260-IE7SP2QFEwininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:windowsie7updatesKB969897-IE7wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:windowsie7updatesKB961260-IE7wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:windows$hf_mig$KB958215-IE7SP2QFEwininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:windows$hf_mig$KB956390-IE7SP2QFEwininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:windowsie7updatesKB958215-IE7wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:windowsie7updatesKB956390-IE7wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:windowsSoftwareDistributionDownload13d5d266d7681d26b42f8dff88cadc20SP2GDRwininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:windowsSoftwareDistributionDownload13d5d266d7681d26b42f8dff88cadc20SP2QFEwininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:windowsSoftwareDistributionDownload1c0a4d9681e4b56278490848f7545aa5sp3gdrwininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:windowsSoftwareDistributionDownload1c0a4d9681e4b56278490848f7545aa5sp3qfewininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:windowsie7wininet.dll
[-] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:windows$NtUninstallKB980182$wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:windowsie7updatesKB953838-IE7wininet.dll

[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:windowssystem32ws2_32.dll
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:windowssystem32dllcachews2_32.dll

[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:windowsexplorer.exe
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:windowssystem32dllcacheexplorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:windowssystem32srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:windowssystem32dllcachesrsvc.dll

[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:windowssystem32wscntfy.exe
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:windowssystem32dllcachewscntfy.exe

[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:windowssystem32xmlprov.dll
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:windowssystem32dllcachexmlprov.dll

[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:windowssystem32eventlog.dll
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:windowssystem32dllcacheeventlog.dll

[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:windowssystem32dllcachesfcfiles.dll

[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:windowssystem32dllcachectfmon.exe

[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:windowssystem32shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:windowssystem32dllcacheshsvcs.dll

[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:windowssystem32regsvc.dll
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:windowssystem32dllcacheregsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:windowssystem32schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:windowssystem32dllcacheschedsvc.dll

[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:windowssystem32ssdpsrv.dll
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:windowssystem32dllcachessdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:windowssystem32termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:windowssystem32dllcachetermsrv.dll

[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:windowssystem32appmgmts.dll
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:windowssystem32dllcacheappmgmts.dll

[-] 2008-04-13 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:windowssystem32driversacpiec.sys

[-] 2008-04-13 23:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:windowssystem32driversaec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:windowssystem32driversagp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:windowssystem32dllcacheip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:windowssystem32driversip6fw.sys

[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:windowssystem32mfc40u.dll
[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:windowssystem32dllcachemfc40u.dll

[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:windowssystem32msgsvc.dll
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:windowssystem32dllcachemsgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:windows$NtUninstallWMFDist11$mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:windowssystem32mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:windowssystem32dllcachemspmsnsv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP2QFEntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:windowsDriver Cachei386ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP3GDRntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:windowssystem32ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:windowssystem32dllcachentkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP2GDRntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:windows$hf_mig$KB979683SP3QFEntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:windowsSoftwareDistributionDownload9d21500a4aa475547c4a2420fee1c623SP3QFEntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:windows$hf_mig$KB977165SP3QFEntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:windows$hf_mig$KB971486SP3QFEntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:windows$NtUninstallKB979683$ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3GDRntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2GDRntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:windows$hf_mig$KB956572SP3QFEntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP3QFEntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:windowsSoftwareDistributionDownload51401b498f4675531d9efb941ee01ef3SP2QFEntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:windows$hf_mig$KB956841SP3QFEntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:windows$NtUninstallKB956572$ntkrnlpa.exe

[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:windowssystem32ntmssvc.dll
[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:windowssystem32dllcachentmssvc.dll

[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:windowssystem32upnphost.dll
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:windowssystem32dllcacheupnphost.dll

[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:windowssystem32dsound.dll
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:windowssystem32dllcachedsound.dll

c:windowsSystem32svchost.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SoundMAXPnP"="c:program filesAnalog DevicesCoresmax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:windowssystem32NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2007-03-12 49152]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe" [2009-05-21 177472]
"Zune Launcher"="c:program filesZuneZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2010-04-02 1180976]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2010-02-16 198160]
"ConnectionCenter"="c:program filesCitrixICA Clientconcentr.exe" [2009-09-13 103768]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2009-07-13 292128]
"igfxtray"="c:windowssystem32igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:windowssystem32igfxpers.exe" [2005-09-20 114688]
"Corel Photo Downloader"="c:program filesCVSCVS Photo Editor PlusCorel Photo Downloader.exe" [2007-02-06 478800]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfPf]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfRd]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWudfSvc]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Program FilesCommon FilesMcafeeMcSvcHostMcSvHost.exe"=

R0 cerc6;cerc6; [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:program filesCommon FilesMcafeeMcSvcHostMcSvHost.exe [2009-12-15 271480]
R3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys [2010-01-05 55456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan2.0.181McCHSvc.exe [2010-01-15 227232]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:windowssystem32DRIVERSmfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys [2010-01-05 83496]
S1 ctxusbm;Citrix USB Monitor Driver;c:windowssystem32DRIVERSctxusbm.sys [2009-09-08 65584]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:windowssystem32driversmfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:program filesCommon FilesMcAfeeSystemCoremfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:windowssystem32DRIVERSmfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-13 23:00 99840 ----a-w- c:windowssystem32advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 16:34]

2010-04-15 c:windowsTasksDriverCure.job
- c:program filesParetoLogicDriverCureDriverCure.exe [2009-08-07 19:36]

2010-06-04 c:windowsTasksGoogle Software Updater.job
- c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-09-25 13:15]

2010-06-04 c:windowsTasksUser_Feed_Synchronization-{03690AD5-85A1-4AE5-A86A-0CF6805F348F}.job
- c:windowssystem32msfeedssync.exe [2007-08-13 08:31]

2010-06-03 c:windowsTasksWebReg Photosmart C4200 series.job
- c:program filesHPDigital Imagingbinhpqwrg.exe [2007-03-12 01:27]

2010-06-04 c:windowsTasksWGASetup.job
- c:windowssystem32KB905474wgasetup.exe [2010-06-04 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingsMamaApplication DataMozillaFirefoxProfiles7ghzwri7.default
FF - component: c:program filesRealRealPlayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - plugin: c:program filesGoogleGoogle Updater2.4.1698.5652npCIDetect13.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
AddRemove-Malwarebytes' Anti-Malware_is1 - f:malwarebytes' anti-malwareunins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-08 23:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:windowssystem32l3codeca.acm

- - - - - - - > 'explorer.exe'(1360)
c:windowssystem32ieframe.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32PSIService.exe
c:windowssystem32tcpsvcs.exe
c:windowssystem32ZuneBusEnum.exe
c:program filesCommon FilesMcAfeeSystemCoremcshield.exe
c:program filesCommon FilesMcAfeeSystemCoremfefire.exe
c:program filesHPDigital Imagingbinhpqtra08.exe
c:program filesMcAfee Security Scan2.0.181SSScheduler.exe
c:program filesWindows Desktop SearchWindowsSearch.exe
.
**************************************************************************
.
Completion time: 2010-06-08 23:24:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 03:24

Pre-Run: 31,658,196,992 bytes free
Post-Run: 31,776,403,456 bytes free

- - End Of File - - 3F02A45030DB16AE0B6420DA8E6DFD9C

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 10th June 2010, 9:24 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    FCopy::
    c:\windows\system32\dllcache\svchost.exe  | c:\windows\System32\svchost.exe

    Driver::
    cerc6
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 12th June 2010, 3:14 pm

Ok, this computer will not let me copy and paste, drag and drop, or anything similar to that. I cannot do those functions on the hard drive, or on the USB drive.

I created the file on another computer and placed it with the Combo-fix file on the USB drive. But when I went to the infected computer, I cannot drag the .txt file into Combo-fix.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 12th June 2010, 9:32 pm

Hello.
Okay, lets do this manually.


  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.

Locate this file in bold:

c:\windows\system32\dllcache\svchost.exe

Right click, select Copy. Now go into the C:\Windows\system32 directory, right click anywhere and select Paste.

Please re-run Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 13th June 2010, 12:30 am

Could not do the right click copy, right click paste. (would not paste). I was however able to use DOS commands and copy files that way. Boy, has it been awhile since I've had the pleasure of using DOS!

Here is the combofix.txt file:

ComboFix 10-06-08.02 - Mama 06/12/2010 20:06:39.2.1 - x86
Running from: C:\combo-fix.exe
Command switches used :: combo-fix
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 00:03 . 2008-04-13 23:00 14336 -c--a-w- c:\windows\system32\dllcache\svchost.exe
2010-06-13 00:02 . 2010-06-09 02:32 3704551 ----a-r- C:\combo-fix.exe
2010-06-04 02:10 . 2010-06-04 02:10 -------- d-----w- c:\windows\system32\KB905474
2010-06-04 00:32 . 2010-06-04 00:32 -------- d-----w- c:\documents and settings\Mama\Application Data\HPAppData
2010-06-04 00:31 . 2010-06-04 00:31 862872 ------w- c:\documents and settings\Mama\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-06-04 00:25 . 2010-06-04 00:25 503808 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\msvcp71.dll
2010-06-04 00:25 . 2010-06-04 00:25 499712 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\jmc.dll
2010-06-04 00:25 . 2010-06-04 00:25 348160 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\msvcr71.dll
2010-06-04 00:25 . 2010-06-04 00:25 61440 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79a38fe7-n\decora-sse.dll
2010-06-04 00:25 . 2010-06-04 00:25 12800 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79a38fe7-n\decora-d3d.dll
2010-06-04 00:24 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 00:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-04 00:12 . 2010-02-17 13:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-04 00:12 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-04 00:12 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-04 00:08 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-03 23:57 . 2010-06-03 23:57 -------- d-----w- c:\documents and settings\Mama\Application Data\Malwarebytes
2010-06-03 23:50 . 2005-09-20 13:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-06-03 23:29 . 2008-04-13 23:00 66113 -c--a-w- c:\windows\system32\dllcache\shvl.dll
2010-06-03 23:28 . 2008-04-13 23:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2010-06-03 23:27 . 2008-04-13 23:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2010-06-03 23:24 . 2008-04-13 23:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-03 23:22 . 2008-04-13 23:00 92672 -c--a-w- c:\windows\system32\dllcache\policman.dll
2010-06-03 23:22 . 2008-04-13 23:00 92672 ----a-w- c:\windows\system32\wbem\policman.dll
2010-06-03 23:22 . 2008-04-13 23:00 358912 -c--a-w- c:\windows\system32\dllcache\wmic.exe
2010-06-03 23:22 . 2008-04-13 23:00 358912 ----a-w- c:\windows\system32\wbem\wmic.exe
2010-06-03 23:04 . 2008-04-13 23:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-06-01 01:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 01:15 . 2010-06-01 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-01 01:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 01:15 . 2010-06-07 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 20:05 . 2010-05-27 01:47 36864 ----a-w- c:\windows\system32\e100bmsg.dll
2010-05-31 20:05 . 2010-05-27 01:49 23040 ----a-w- c:\windows\system32\IntelNic.dll
2010-05-31 20:05 . 2010-05-27 01:45 126976 ----a-w- c:\windows\system32\Prounstl.exe
2010-05-31 20:04 . 2010-05-27 01:43 162816 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-05-27 03:50 . 2010-05-27 03:51 -------- d-----w- c:\program files\CCleaner
2010-05-27 01:03 . 2010-05-27 01:03 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 01:03 . 2010-05-27 01:03 -------- d-----w- c:\documents and settings\Mama\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 00:32 . 2008-10-16 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-04 00:25 . 2008-09-18 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-04 00:24 . 2008-09-18 17:20 -------- d-----w- c:\program files\Java
2010-06-03 23:54 . 2008-09-21 20:44 139163 ----a-w- c:\windows\hpoins15.dat
2010-06-03 23:25 . 2010-06-03 23:25 87601 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-03 23:23 . 2008-09-18 12:54 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-16 14:13 . 2010-03-01 12:49 -------- d-----w- c:\program files\McAfee
2010-04-15 09:06 . 2010-04-15 09:06 -------- d-----w- c:\documents and settings\Mama\Application Data\TaxCut
2010-04-15 07:55 . 2010-04-15 07:16 -------- d-----w- c:\documents and settings\Mama\Application Data\ICAClient
2010-04-15 07:16 . 2010-04-15 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-04-15 07:15 . 2010-04-15 07:15 -------- d-----w- c:\program files\Citrix
2010-04-15 06:41 . 2010-04-15 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-04-15 06:36 . 2010-04-15 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-04-15 06:35 . 2010-04-15 06:30 -------- d-----w- c:\documents and settings\Mama\Application Data\DriverCure
2010-04-15 06:30 . 2010-04-15 06:30 -------- d-----w- c:\program files\ParetoLogic
2010-04-15 06:30 . 2010-04-15 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-19 11:32 . 2008-10-15 00:40 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-15 00:40 . 2008-10-15 00:40 8 --sha-r- c:\windows\system32\8C26637AC3.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-13 23:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3gdr\mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\system32\mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3qfe\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie8\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3qfe\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3gdr\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll

[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3gdr\wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\system32\wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3qfe\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3gdr\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3qfe\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB980182$\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 23:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

c:\windows\System32\svchost.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R0 cerc6;cerc6; [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-13 23:00 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-15 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-25 13:15]

2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{03690AD5-85A1-4AE5-A86A-0CF6805F348F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-06-03 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 01:27]

2010-06-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mama\Application Data\Mozilla\Firefox\Profiles\7ghzwri7.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-12 20:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-06-12 20:23:29
ComboFix-quarantined-files.txt 2010-06-13 00:23
ComboFix2.txt 2010-06-09 03:24

Pre-Run: 31,778,398,208 bytes free
Post-Run: 31,764,787,200 bytes free

- - End Of File - - CE14FF261CBD56CD5FF48072D84F24A2

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 13th June 2010, 12:38 am

Hello.

Please allow Combofix to install the recovery console, we will need to use the RC to fix this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 13th June 2010, 2:49 am

Can Combofix install the recovery console if the computer cannot connect to the internet?

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 13th June 2010, 1:03 pm

Combofix could not install the recovery console because the internet connection is not working.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 13th June 2010, 2:58 pm

Hello.
Try this method for installing the RC.

[You must be registered and logged in to see this link.]

Let me know if that works for you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 13th June 2010, 6:28 pm

OK,

I have downloaded the file listed above, and I am about to try and drag the file onto the combofix file. If the computer still will not let me drag/drop, is there a manual copy command I can use similar to the last time when we copied the svchost.exe file?

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 13th June 2010, 8:24 pm

OK, for whatever reason I still cannot drag and drop, copy and paste or anything similar to that.

I have read that problems with internet explorer can cause that. Might also be why I cannot access the internet?

Kind of stuck at the moment.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 14th June 2010, 12:41 am

Hello.
Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 14th June 2010, 1:24 am

Yes, I do.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 15th June 2010, 12:22 am

See here:
[You must be registered and logged in to see this link.]

See the section under "More information", it is the guide for installing the RC via the Windows CD, let me know when you have done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 15th June 2010, 1:41 am

Belahzur,

The recovery console has been installed.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 15th June 2010, 9:02 pm

Okay, please reboot your machine, now when it's rebooting, an extra menu appears, quickly select to boot to the recovery console.

When the RC loads, showing C:\Windows>, type in:

copy C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllcache\svchost.exe /y

Hit enter. You may be prompted to confirm with yes or no (shows as Y or N), then will show the following if everything went right: 1 file(s) copied.

If so, type in exit and the machine will reboot again. Boot back to Windows, now run Combofix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 15th June 2010, 10:41 pm

I am getting a message that "the system cannot find the file specified.
There is however a file named svchost.exe in the directory c:\windows\system32\dllcache

OK - I went back and re-read one of the earlier posts that indicated that the file would be in the c:\windows\system32\dllcache folder, and was to be copied in the c:\windows\system32 folder. So I am going to copy the file that way and re-run Combo-fix.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 15th June 2010, 11:34 pm

ComboFix 10-06-08.02 - Mama 06/15/2010 19:04:02.4.1 - x86
Running from: C:\combo-fix.exe
Command switches used :: combo-fix
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-13 19:06 . 2010-06-13 18:21 4608744 ----a-w- C:\windowsxp-kb310994-sp2-pro-bootdisk-enu.exe
2010-06-13 00:03 . 2008-04-13 23:00 14336 -c--a-w- c:\windows\system32\dllcache\svchost.exe
2010-06-13 00:02 . 2010-06-09 02:32 3704551 ----a-r- C:\combo-fix.exe
2010-06-04 02:10 . 2010-06-04 02:10 -------- d-----w- c:\windows\system32\KB905474
2010-06-04 00:32 . 2010-06-04 00:32 -------- d-----w- c:\documents and settings\Mama\Application Data\HPAppData
2010-06-04 00:25 . 2010-06-04 00:25 503808 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\msvcp71.dll
2010-06-04 00:25 . 2010-06-04 00:25 499712 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\jmc.dll
2010-06-04 00:25 . 2010-06-04 00:25 348160 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-317d2f00-n\msvcr71.dll
2010-06-04 00:25 . 2010-06-04 00:25 61440 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79a38fe7-n\decora-sse.dll
2010-06-04 00:25 . 2010-06-04 00:25 12800 ----a-w- c:\documents and settings\Mama\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-79a38fe7-n\decora-d3d.dll
2010-06-04 00:24 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 00:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-04 00:12 . 2010-02-17 13:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-04 00:12 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-04 00:12 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-04 00:08 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-03 23:57 . 2010-06-03 23:57 -------- d-----w- c:\documents and settings\Mama\Application Data\Malwarebytes
2010-06-03 23:50 . 2005-09-20 13:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-06-03 23:29 . 2008-04-13 23:00 66113 -c--a-w- c:\windows\system32\dllcache\shvl.dll
2010-06-03 23:28 . 2008-04-13 23:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2010-06-03 23:27 . 2008-04-13 23:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2010-06-03 23:24 . 2008-04-13 23:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-03 23:22 . 2008-04-13 23:00 92672 -c--a-w- c:\windows\system32\dllcache\policman.dll
2010-06-03 23:22 . 2008-04-13 23:00 92672 ----a-w- c:\windows\system32\wbem\policman.dll
2010-06-03 23:22 . 2008-04-13 23:00 358912 -c--a-w- c:\windows\system32\dllcache\wmic.exe
2010-06-03 23:22 . 2008-04-13 23:00 358912 ----a-w- c:\windows\system32\wbem\wmic.exe
2010-06-03 23:04 . 2008-04-13 23:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-03 23:04 . 2008-04-13 23:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-06-01 01:15 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 01:15 . 2010-06-01 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-01 01:15 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-01 01:15 . 2010-06-07 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 20:05 . 2010-05-27 01:47 36864 ----a-w- c:\windows\system32\e100bmsg.dll
2010-05-31 20:05 . 2010-05-27 01:49 23040 ----a-w- c:\windows\system32\IntelNic.dll
2010-05-31 20:05 . 2010-05-27 01:45 126976 ----a-w- c:\windows\system32\Prounstl.exe
2010-05-31 20:04 . 2010-05-27 01:43 162816 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-05-27 03:50 . 2010-05-27 03:51 -------- d-----w- c:\program files\CCleaner
2010-05-27 01:03 . 2010-05-27 01:03 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 01:03 . 2010-05-27 01:03 -------- d-----w- c:\documents and settings\Mama\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 20:08 . 2008-09-25 05:12 -------- d-----w- c:\program files\Google
2010-06-13 20:07 . 2009-10-23 01:21 -------- d-----w- c:\documents and settings\Mama\Application Data\Yahoo!
2010-06-13 20:07 . 2008-10-16 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-13 20:07 . 2008-10-16 04:54 -------- d-----w- c:\program files\Yahoo!
2010-06-04 00:25 . 2008-09-18 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-04 00:24 . 2008-09-18 17:20 -------- d-----w- c:\program files\Java
2010-06-03 23:54 . 2008-09-21 20:44 139163 ----a-w- c:\windows\hpoins15.dat
2010-06-03 23:25 . 2010-06-03 23:25 87601 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-03 23:23 . 2008-09-18 12:54 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-19 11:32 . 2008-10-15 00:40 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-15 00:40 . 2008-10-15 00:40 8 --sha-r- c:\windows\system32\8C26637AC3.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-13 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-13 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-13 23:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3gdr\mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\system32\mshtml.dll
[-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3qfe\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie8\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3qfe\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3gdr\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll

[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3gdr\wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\system32\wininet.dll
[-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\376701bc93beff35dae28f35731a4130\sp3qfe\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3GDR\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3gdr\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\windows\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3qfe\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB980182$\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 23:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-13 23:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2008-04-13 23:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-13 23:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

c:\windows\System32\svchost.exe ... is missing !!
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-15 22:57 . 2010-06-15 22:57 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
+ 2004-08-12 14:03 . 2010-06-13 20:13 78114 c:\windows\system32\perfc009.dat
- 2004-08-12 14:03 . 2010-06-04 00:04 78114 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2010-06-13 20:13 462168 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2010-06-04 00:04 462168 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

R0 cerc6;cerc6; [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-04-13 23:00 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-15 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-06-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-25 13:15]

2010-06-15 c:\windows\Tasks\User_Feed_Synchronization-{03690AD5-85A1-4AE5-A86A-0CF6805F348F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-06-03 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 01:27]

2010-06-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mama\Application Data\Mozilla\Firefox\Profiles\7ghzwri7.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-15 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-15 19:20:44
ComboFix-quarantined-files.txt 2010-06-15 23:20
ComboFix2.txt 2010-06-13 13:02
ComboFix3.txt 2010-06-13 00:23
ComboFix4.txt 2010-06-09 03:24

Pre-Run: 31,882,113,024 bytes free
Post-Run: 31,866,597,376 bytes free

- - End Of File - - B72ACA3635FBBA570004F655F921AFAA

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 17th June 2010, 12:22 am

Hello.
The problem is still there, I think we may need to get rid of Mcafee, I think that is what caused this issue.

Any objections to that?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 17th June 2010, 1:00 am

If that is the best thing, that is what we can do. She just had bought it, but I can tell her it needs to go.

Does Mcaffe cause a lot of problems? If so, should I set her up with Avira or something similar?

I still cannot connect to the internet, but that may be unrelated?

What is the best method to get rid of Mcafee completely, and what should I run after that?

I appreciate all of your help!

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 17th June 2010, 1:20 pm

Hello.
See here:
[You must be registered and logged in to see this link.]

A recent bug in Mcafee caused a false detection that deleted svchost.exe off machines, and your machine here has Mcafee, and svchost is missing, so I am thinking Mcafee caused this.

We'll remove Mcafee with Avira, let me know when Mcafee is uninstalled.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 18th June 2010, 5:41 am

I will do this when I get back in town Friday night. Thank you, and I'll let you know when it is removed.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 19th June 2010, 4:30 pm

Mcafee has been uninstalled.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Belahzur on 19th June 2010, 4:54 pm

Hello.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Do you have any experience with using a boot disc? we may need to temporarily boot from a Linux OS.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 19th June 2010, 4:59 pm

I do not have experience with a boot disk. Antivir downloaded and scanned. Also re-ran Malwarebytes.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4216

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/19/2010 4:21:01 PM
mbam-log-2010-06-19 (16-21-01).txt

Scan type: Quick scan
Objects scanned: 161358
Time elapsed: 13 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 21st June 2010, 7:00 pm

Can't tell if the above log means all clean, or if I need to run other programs to verify.

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved System Security - NT Authority.... Am I clean?

Post by Scorch on 23rd June 2010, 5:08 pm

Malware bytes shows no problems. Should I run other programs too?

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security - NT Authority

Post by Scorch on 26th June 2010, 2:42 pm

Thank You!!!

Scorch
Intermediate
Intermediate

Posts Posts : 147
Joined Joined : 2009-07-12
Gender Gender : Male
OS OS : windows xp home
Points Points : 28492
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum