Malwarebytes comes up clean, but.....

bigtalker · March 7, 2011

My malwarebytes scan comes up clean but I still have evidence of rootkit activity. I am attaching the requested log files for analysis. I look forward to your expert guidance in resolving this issue

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Bigtalker at 12:26:49.43 on 2011-03-06

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.683 [GMT -5:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

F:\WIN2K\system32\svchost -k DcomLaunch

svchost.exe

F:\WIN2K\System32\svchost.exe -k netsvcs

svchost.exe

F:\WIN2K\system32\spoolsv.exe

svchost.exe

F:\program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\WIN2K\Explorer.EXE

F:\program Files\Symantec AntiVirus\DefWatch.exe

f:\program Files\LogMeIn\x86\LMIGuardianSvc.exe

F:\program Files\LogMeIn\x86\RaMaint.exe

F:\program Files\Common Files\Symantec Shared\ccApp.exe

F:\program Files\LogMeIn\x86\LogMeIn.exe

F:\PROGRA~1\SYMANT~1\VPTray.exe

F:\PROGRA~1\MICROS~2\wcescomm.exe

F:\WIN2K\system32\ctfmon.exe

F:\PROGRA~1\MICROS~2\rapimgr.exe

F:\Program Files\PingPlotter Pro3_20\PingPlotter.exe

F:\WIN2K\system32\tcpsvcs.exe

F:\WIN2K\System32\snmp.exe

F:\WIN2K\system32\svchost.exe -k imgsvc

F:\program Files\Symantec AntiVirus\Rtvscan.exe

F:\program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\WIN2K\System32\svchost.exe -k HTTPFilter

F:\Mozilla Firefox\firefox.exe

F:\WIN2K\system32\wscntfy.exe

F:\Mozilla Firefox\plugin-container.exe

f:\program Files\WinRAR\WinRAR.exe

F:\WIN2K\notepad.exe

f:\program Files\WinRAR\WinRAR.exe

F:\Documents and Settings\Bigtalker\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [H/PC Connection Agent] "f:\progra~1\micros~2\wcescomm.exe"

uRun: [ctfmon.exe] f:\win2k\system32\ctfmon.exe

mRun: [ccApp] "f:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] f:\progra~1\symant~1\VPTray.exe

mRun: [QuickTime Task] "f:\program files\quicktime\QTTask.exe" -atboottime

uPolicies-explorer: NoCustomizeWebView = 1 (0x1)

IE: Convert link target to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - f:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

Trusted Zone: intuit.com\ttlc

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: {C5CAF640-59A6-42BE-8202-DFACF478B0AC} = 4.2.2.2,192.168.0.1

Notify: ActiveSync - WcesWlgn.dll

Notify: LMIinit - LMIinit.dll

Notify: NavLogon - f:\win2k\system32\NavLogon.dll

LSA: Notification Packages = :\win2k\system32\srrstr.dll cecli scecli scecli scecli

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - f:\docume~1\bigtal~1\applic~1\mozilla\firefox\profiles\aluc5plc.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.officiating.com/basketball/

FF - component: f:\mozilla firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll

FF - plugin: f:\documents and settings\bigtalker\application data\move networks\plugins\npqmp071505000011_1.dll

FF - plugin: f:\documents and settings\bigtalker\application data\mozilla\firefox\profiles\aluc5plc.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: f:\documents and settings\bigtalker\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: f:\documents and settings\bigtalker\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: f:\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: f:\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: f:\mozilla firefox\plugins\npitunes.dll

FF - plugin: f:\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: f:\win2k\system32\superadblocker.com\npsabffx.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - f:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: TextAloud 3 Toolbar: {99a0337c-6303-4879-b72e-500fd9aaca8c} - f:\mozilla firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 TheStubwareDriver;TheStubware Driver;f:\win2k\system32\drivers\TheStubwareDriver.SYS [2011-2-18 9728]

R1 ActiveMonitor;ActiveMonitor;f:\win2k\system32\drivers\ActiveMonitor.SYS [2011-2-18 44032]

R1 epfwndhk;epfwndhk;f:\win2k\system32\drivers\epfwndhk.sys [2010-4-20 35680]

R1 Ext2fs;Ext2fs;f:\win2k\system32\drivers\ext2fs.sys [2010-4-20 165760]

R1 IfsMount;IfsMount;f:\win2k\system32\drivers\ifsmount.sys [2010-4-20 44160]

R1 SABKUTIL;SABKUTIL;f:\program files\superadblocker.com\super ad blocker\SABKUTIL.SYS [2006-6-29 27648]

R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 12872]

R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 67656]

R1 SAVRT;SAVRT;f:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]

R1 SAVRTPEL;SAVRTPEL;f:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]

R2 ccEvtMgr;Symantec Event Manager;f:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]

R2 ccSetMgr;Symantec Settings Manager;f:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]

R2 LMIGuardianSvc;LMIGuardianSvc;f:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;f:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]

R2 PingPlotter;PingPlotter;f:\program files\pingplotter pro3_20\PingPlotter.exe [2007-11-16 1783296]

R2 Symantec AntiVirus;Symantec AntiVirus;f:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]

R3 NAVENG;NAVENG;f:\progra~1\common~1\symant~1\virusd~1\20110218.002\naveng.sys [2011-2-18 86008]

R3 NAVEX15;NAVEX15;f:\progra~1\common~1\symant~1\virusd~1\20110218.002\navex15.sys [2011-2-18 1360760]

S1 SABDIFSV;SABDIFSV;f:\program files\superadblocker.com\super ad blocker\sabdifsv.sys [2005-9-21 5632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\win2k\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\f:\win2k\system32\drivers\lmirfsdriver.sys --> f:\win2k\system32\drivers\LMIRfsDriver.sys [?]

S3 cpuz134;cpuz134;\??\t:\temp\cpuz134\cpuz134_x32.sys --> t:\temp\cpuz134\cpuz134_x32.sys [?]

S3 EraserUtilDrvI9;EraserUtilDrvI9;f:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [2010-4-16 102448]

S3 Nbdrv;NetBalancer Service;f:\win2k\system32\drivers\nbdrv.sys --> f:\win2k\system32\drivers\nbdrv.sys [?]

S3 NPF;NetGroup Packet Filter Driver;f:\win2k\system32\drivers\npf.sys [2010-6-25 35088]

S3 NTLS;NTLS;t:\temp\NTLS.exe [2011-3-5 576384]

S3 PSI;PSI;f:\win2k\system32\drivers\psi_mf.sys [2010-4-20 7808]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2008-11-17 12872]

S3 SavRoam;SAVRoam;f:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]

S3 usb_rndisy;USB RNDIS Adapter;f:\win2k\system32\drivers\usb8023y.sys [2010-4-20 14336]

S3 usbhub20;USB 2.0 Root Hub Support;f:\win2k\system32\drivers\usbhub20.sys [2010-4-20 49776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\win2k\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 MyConnectionServer-4f5d727d;Visualware MyConnection Server (#4f5d727d);f:\program files\myconnection server\msserver.exe [2010-6-7 548451]

S4 MySQLforYeastar;MySQLforYeastar;"f:\program files\yeastar\bizpbx\mysql\bin\mysqld-nt.exe" mysqlforyeastar --> f:\program files\yeastar\bizpbx\mysql\bin\mysqld-nt.exe [?]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

txtfile=f:\win2k\notepad.exe %1

.

=============== Created Last 30 ================

.

2011-03-05 22:53:40 -------- d-----w- f:\docume~1\bigtal~1\locals~1\applic~1\Apple

2011-03-05 16:34:26 102912 -c----w- f:\win2k\system32\dllcache\dpcdll.dll

2011-03-05 13:12:48 -------- d-sh--w- F:\found.000

2011-03-05 05:31:57 -------- d-----w- F:\omdlrwez.qmt

2011-03-05 02:06:32 -------- d-----w- f:\docume~1\bigtal~1\applic~1\f-secure

2011-03-05 02:06:06 -------- d-----w- f:\docume~1\alluse~1\applic~1\F-Secure

2011-03-04 20:12:46 -------- d-----w- f:\program files\SuperAntiSpyware - Professional - XxXFreakyXxX

2011-03-04 19:25:17 -------- d-----w- f:\program files\common files\eSellerate

2011-03-04 02:09:55 4872 ----a-w- f:\win2k\system32\PerfStringBackup.TMP

2011-03-02 13:18:47 -------- d-----w- f:\docume~1\alluse~1\applic~1\Malwarebytes

2011-03-02 13:18:22 -------- d-----w- f:\docume~1\bigtal~1\applic~1\Malwarebytes

2011-03-02 13:15:42 38224 ----a-w- f:\win2k\system32\drivers\mbamswissarmy.sys

2011-03-02 13:15:41 -------- d-----w- f:\docume~1\alluse~1\applic~1\Malwarebytes-BackupByMalwarebytesPortable

2011-02-28 16:59:23 -------- d-----w- F:\WIN XP SP3 full

2011-02-22 18:44:23 -------- d-----w- f:\program files\ultimate Troubleshooter

2011-02-22 15:58:20 -------- d-----w- f:\program files\Security Task Manager

2011-02-21 18:07:31 -------- d-----w- F:\rei

2011-02-21 18:07:16 -------- d-----w- f:\program files\Reimage

2011-02-19 23:14:46 -------- d-----w- f:\program files\common files\XoftSpySE

2011-02-19 23:14:42 -------- d-----w- f:\program files\XoftSpySE6

2011-02-19 17:34:33 -------- d-----w- f:\program files\AA Antimalware

2011-02-19 17:25:03 -------- d-----w- f:\program files\ParetoLogic

2011-02-19 17:10:35 -------- d-----w- f:\program files\SpywareRemovalToolkit

2011-02-19 16:53:49 7680 -c--a-w- f:\win2k\system32\dllcache\cd20xrnt.sys

2011-02-19 01:45:19 9728 ----a-w- f:\win2k\system32\drivers\TheStubwareDriver.SYS

2011-02-19 01:45:19 44032 ----a-w- f:\win2k\system32\drivers\ActiveMonitor.SYS

2011-02-19 01:45:18 -------- d-----w- f:\program files\TheStubware

2011-02-18 17:51:15 -------- d-----w- f:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-02-18 17:45:51 -------- d-----w- f:\program files\common files\xing shared

2011-02-18 05:14:19 1152 ----a-w- f:\win2k\system32\windrv.sys

2011-02-18 05:14:09 -------- d-----w- f:\program files\SpyNoMore

2011-02-18 04:57:18 -------- d-----w- f:\program files\SUPERAntiSpyware

2011-02-18 04:57:18 -------- d-----w- f:\docume~1\bigtal~1\applic~1\SUPERAntiSpyware.com

2011-02-10 06:25:10 102400 ----a-w- f:\win2k\RegBootClean.exe

2011-02-09 16:20:21 -------- d-----w- f:\docume~1\bigtal~1\applic~1\VoIPDialer

2011-02-09 16:20:04 -------- d-----w- f:\program files\VoIPDialerFEB

2011-02-08 23:55:51 -------- d-----w- f:\win2k\system32\wbem\repository\FS

2011-02-08 23:55:51 -------- d-----w- f:\win2k\system32\wbem\Repository

2011-02-05 01:47:19 -------- d-----w- f:\docume~1\bigtal~1\locals~1\applic~1\SupportSoft

2011-02-05 01:46:47 -------- d-----w- f:\program files\VERIZONDM

2011-02-05 01:46:13 -------- d-----w- f:\win2k\FIOS

2011-02-05 01:46:13 -------- d-----w- f:\program files\common files\SupportSoft

.

==================== Find3M ====================

.

2011-02-10 20:42:12 348160 ----a-w- f:\win2k\system32\msvcr71.dll

2011-01-29 02:36:18 60800 ----a-w- f:\win2k\system32\S32EVNT1.DLL

2010-12-08 18:11:54 53632 ----a-w- f:\win2k\system32\spool\prtprocs\w32x86\LMIproc.dll

2010-12-08 18:11:46 87424 ----a-w- f:\win2k\system32\LMIinit.dll.000.bak

2010-12-08 18:11:46 87424 ----a-w- f:\win2k\system32\LMIinit.dll

2010-12-08 18:11:46 29568 ----a-w- f:\win2k\system32\LMIport.dll

.

============= FINISH: 12:28:01.82 ===============

ark.txt

mbam-log-2011-03-06 (12-39-42).txt

DDS.txt

Attach.txt

screen317 · March 8, 2011

Hi and welcome to Malwarebytes.

Is this a corporate computer?

What evidence of rootkit activity do you see?

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

bigtalker · March 9, 2011

Hi and welcome to Malwarebytes.
Is this a corporate computer?
What evidence of rootkit activity do you see?
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
-screen317

Hello Chris:

Thanks for your time and attention

This is my personal workstation. It freezes on a regular basis and generally feels wonky. Fails to do windows update.

Here is the combofix log, it seems to have resolved some issues

Other files attached as requested

Thanks again,

Rick

+++++++++++++++++++

ComboFix 11-03-08.09 - Bigtalker 2011-03-09 12:49:19.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.862 [GMT -5:00]

Running from: f:\documents and settings\Bigtalker\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

f:\firefoxportable\FirefoxPortable.exe

f:\win2k\system32\midas.dll

.

f:\win2k\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

.

Infected copy of f:\win2k\regedit.exe was found and disinfected

Restored copy from - f:\system volume information\_restore{A4D43F22-8DB4-42A6-BC7D-73EFCE78A7A0}\RP581\A0177657.exe

.

((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))

.

2011-03-09 17:11 . 2011-03-09 17:11 -------- d-----w- f:\documents and settings\Bigtalker\Application Data\ParetoLogic

2011-03-09 16:27 . 2008-04-14 10:42 116224 -c--a-w- f:\win2k\system32\dllcache\xrxwiadr.dll

2011-03-09 16:27 . 2001-08-18 03:36 23040 -c--a-w- f:\win2k\system32\dllcache\xrxwbtmp.dll

2011-03-09 16:27 . 2008-04-14 10:42 18944 -c--a-w- f:\win2k\system32\dllcache\xrxscnui.dll

2011-03-09 16:27 . 2001-08-18 03:37 27648 -c--a-w- f:\win2k\system32\dllcache\xrxftplt.exe

2011-03-09 16:27 . 2001-08-18 03:37 4608 -c--a-w- f:\win2k\system32\dllcache\xrxflnch.exe

2011-03-09 16:27 . 2001-08-18 03:37 99865 -c--a-w- f:\win2k\system32\dllcache\xlog.exe

2011-03-09 16:27 . 2001-08-17 17:11 16970 -c--a-w- f:\win2k\system32\dllcache\xem336n5.sys

2011-03-09 16:27 . 2008-04-14 03:04 19455 -c--a-w- f:\win2k\system32\dllcache\wvchntxx.sys

2011-03-09 16:27 . 2008-04-14 10:42 8192 -c--a-w- f:\win2k\system32\dllcache\wshirda.dll

2011-03-09 16:27 . 2008-04-14 03:04 12063 -c--a-w- f:\win2k\system32\dllcache\wsiintxx.sys

2011-03-09 16:25 . 2001-08-23 09:00 185344 -c--a-w- f:\win2k\system32\dllcache\thawbrkr.dll

2011-03-09 16:24 . 2001-08-17 19:56 252032 -c--a-w- f:\win2k\system32\dllcache\sis300iv.dll

2011-03-09 16:23 . 2001-08-18 03:36 121344 -c--a-w- f:\win2k\system32\dllcache\phvfwext.dll

2011-03-09 16:22 . 2008-04-14 05:16 49024 -c--a-w- f:\win2k\system32\dllcache\mstape.sys

2011-03-09 16:21 . 2001-08-23 09:00 5632 -c--a-w- f:\win2k\system32\dllcache\kbdusa.dll

2011-03-09 16:20 . 2001-08-18 03:36 91136 -c--a-w- f:\win2k\system32\dllcache\icam4com.dll

2011-03-09 16:19 . 2001-08-17 17:11 11850 -c--a-w- f:\win2k\system32\dllcache\f3ab18xj.sys

2011-03-09 16:18 . 2001-08-18 03:36 110592 -c--a-w- f:\win2k\system32\dllcache\dc260usd.dll

2011-03-09 16:17 . 2001-08-17 19:04 171264 -c--a-w- f:\win2k\system32\dllcache\camdrv30.sys

2011-03-09 16:16 . 2001-08-17 17:13 89952 -c--a-w- f:\win2k\system32\dllcache\b1cbase.sys

2011-03-09 16:15 . 2001-08-23 09:00 7168 -c--a-w- f:\win2k\system32\dllcache\wamregps.dll

2011-03-09 16:15 . 2001-08-17 19:56 66048 -c--a-w- f:\win2k\system32\dllcache\s3legacy.dll

2011-03-09 16:15 . 2001-08-23 09:00 7680 -c--a-w- f:\win2k\system32\dllcache\inetmgr.exe

2011-03-09 16:15 . 2001-08-23 09:00 19968 -c--a-w- f:\win2k\system32\dllcache\inetsloc.dll

2011-03-09 16:15 . 2001-08-23 09:00 169984 -c--a-w- f:\win2k\system32\dllcache\iisui.dll

2011-03-09 16:15 . 2001-08-23 09:00 5632 -c--a-w- f:\win2k\system32\dllcache\iisrstap.dll

2011-03-09 16:15 . 2001-08-23 09:00 14336 -c--a-w- f:\win2k\system32\dllcache\iisreset.exe

2011-03-09 16:15 . 2001-08-23 09:00 6144 -c--a-w- f:\win2k\system32\dllcache\ftpsapi2.dll

2011-03-08 08:04 . 2011-03-08 08:04 -------- d-----w- f:\documents and settings\All Users\Application Data\PCPitstop

2011-03-08 08:04 . 2011-03-08 08:04 -------- d-----w- f:\program files\PCPitstop

2011-03-08 07:05 . 2011-03-08 07:05 -------- d-----w- F:\Setup665CW

2011-03-08 07:00 . 2011-03-08 07:01 -------- d-----w- F:\______Z GET DATA BACK

2011-03-08 06:58 . 2011-03-08 07:05 -------- d-----w- F:\rts-pbx-incredible-backup

2011-03-08 06:58 . 2011-03-08 06:58 -------- d-----w- F:\RkUnhooker

2011-03-08 06:58 . 2011-03-08 06:58 -------- d-----w- F:\REF CONTRACT

2011-03-08 06:58 . 2011-03-08 06:58 -------- d-----w- F:\linksys router firmware backup-ddwrt

2011-03-08 06:58 . 2011-03-09 17:58 -------- d-----w- F:\FirefoxPortable

2011-03-08 06:58 . 2011-03-08 06:58 -------- d---a-w- F:\Diagnosis

2011-03-08 06:58 . 2011-03-08 06:58 -------- d---a-w- F:\Brolink

2011-03-08 06:58 . 2011-03-08 06:58 -------- d-----w- F:\Data

2011-03-07 03:43 . 2011-03-07 03:45 -------- d-----w- F:\___get data back

2011-03-05 22:53 . 2011-03-05 22:53 -------- d-----w- f:\documents and settings\Bigtalker\Local Settings\Application Data\Apple

2011-03-05 13:12 . 2011-03-05 22:25 -------- d-----w- F:\found.000

2011-03-05 05:31 . 2011-03-05 22:22 -------- d-----w- F:\omdlrwez.qmt

2011-03-05 02:06 . 2011-03-05 02:06 -------- d-----w- f:\documents and settings\Bigtalker\Application Data\f-secure

2011-03-05 02:06 . 2011-03-05 02:06 -------- d-----w- f:\documents and settings\All Users\Application Data\F-Secure

2011-03-04 20:12 . 2011-03-04 20:12 -------- d-----w- f:\program files\SuperAntiSpyware - Professional - XxXFreakyXxX

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- f:\program files\Common Files\eSellerate

2011-03-04 02:09 . 2011-03-05 14:41 4872 ----a-w- f:\win2k\system32\PerfStringBackup.TMP

2011-03-02 13:18 . 2011-03-04 19:25 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-02 13:18 . 2011-03-04 19:25 -------- d-----w- f:\documents and settings\Bigtalker\Application Data\Malwarebytes

2011-03-02 13:15 . 2010-12-20 23:09 38224 ----a-w- f:\win2k\system32\drivers\mbamswissarmy.sys

2011-03-02 13:15 . 2011-03-04 19:25 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes-BackupByMalwarebytesPortable

2011-02-28 16:59 . 2011-03-04 19:24 -------- d-----w- F:\WIN XP SP3 full

2011-02-22 18:44 . 2011-03-04 19:24 -------- d-----w- f:\program files\ultimate Troubleshooter

2011-02-22 15:58 . 2011-03-04 19:24 -------- d-----w- f:\program files\Security Task Manager

2011-02-21 18:07 . 2011-03-04 19:24 -------- d-----w- F:\rei

2011-02-21 18:07 . 2011-02-21 18:07 -------- d-----w- f:\program files\Reimage

2011-02-19 23:14 . 2011-02-19 23:14 -------- d-----w- f:\program files\Common Files\XoftSpySE

2011-02-19 23:14 . 2011-03-04 19:24 -------- d-----w- f:\program files\XoftSpySE6

2011-02-19 17:25 . 2011-03-09 17:10 -------- d-----w- f:\program files\ParetoLogic

2011-02-19 17:10 . 2011-03-04 19:24 -------- d-----w- f:\program files\SpywareRemovalToolkit

2011-02-19 16:53 . 2001-08-17 19:07 25952 -c--a-w- f:\win2k\system32\dllcache\hpn.sys

2011-02-19 01:45 . 2010-04-10 22:05 9728 ----a-w- f:\win2k\system32\drivers\TheStubwareDriver.SYS

2011-02-19 01:45 . 2010-04-10 22:01 44032 ----a-w- f:\win2k\system32\drivers\ActiveMonitor.SYS

2011-02-19 01:45 . 2011-03-05 01:54 -------- d-----w- f:\program files\TheStubware

2011-02-18 17:51 . 2011-02-18 17:51 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-18 17:45 . 2011-02-18 17:45 -------- d-----w- f:\program files\Common Files\xing shared

2011-02-18 05:14 . 2011-02-18 05:14 1152 ----a-w- f:\win2k\system32\windrv.sys

2011-02-18 05:14 . 2011-02-18 17:50 -------- d-----w- f:\program files\SpyNoMore

2011-02-18 04:57 . 2011-03-04 20:19 -------- d-----w- f:\program files\SUPERAntiSpyware

2011-02-18 04:57 . 2011-02-18 04:57 -------- d-----w- f:\documents and settings\Bigtalker\Application Data\SUPERAntiSpyware.com

2011-02-10 20:42 . 2011-02-18 17:45 -------- d-----w- f:\program files\Real

2011-02-10 06:25 . 2011-02-10 06:26 102400 ----a-w- f:\win2k\RegBootClean.exe

2011-02-09 16:20 . 2011-02-09 16:48 -------- d-----w- f:\documents and settings\Bigtalker\Application Data\VoIPDialer

2011-02-09 16:20 . 2011-02-09 16:20 -------- d-----w- f:\program files\VoIPDialerFEB

2011-02-08 23:55 . 2011-02-08 23:55 -------- d-----w- f:\win2k\system32\wbem\Repository

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-10 20:42 . 2010-04-20 13:57 348160 ----a-w- f:\win2k\system32\msvcr71.dll

2011-01-29 02:36 . 2011-01-29 02:35 60800 ----a-w- f:\win2k\system32\S32EVNT1.DLL

2011-01-29 02:36 . 2011-01-29 02:35 123952 ----a-w- f:\win2k\system32\drivers\SYMEVENT.SYS

2008-05-22 22:20 . 2008-05-22 22:20 479232 ----a-w- f:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-22 22:20 . 2008-05-22 22:20 548864 ----a-w- f:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-22 22:20 . 2008-05-22 22:20 626688 ----a-w- f:\program files\mozilla firefox\plugins\msvcr80.dll

2008-02-28 19:30 . 2008-02-23 23:17 8784 ----a-w- f:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2008-02-28 19:33 . 2008-02-23 23:17 245408 ----a-w- f:\program files\mozilla firefox\plugins\unicows.dll

2006-02-23 13:16 . 2008-05-30 15:31 34048 ----a-w- f:\program files\mozilla firefox\plugins\upd62i9x.dll

2006-02-23 13:16 . 2008-05-30 15:31 45056 ----a-w- f:\program files\mozilla firefox\plugins\upd62int.dll

2004-05-07 20:31 . 2008-05-25 10:16 348160 ----a-w- f:\program files\mozilla firefox\components\MSVCR71.DLL

.

------- Sigcheck -------

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\atapi.sys

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\atapi.sys

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\atapi.sys

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\atapi.sys

[-] 2006-04-25 20:04 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [5.00.2195.6699] . . f:\win2k\erdnt\erdnt-1\cache\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . f:\win2k\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\asyncmac.sys

[-] 2006-04-25 20:04 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\asyncmac.sys

.

[-] 2006-04-25 20:04 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [5.00.2158.1] . . f:\win2k\erdnt\erdnt-1\cache\beep.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\win2k\erdnt\cache\beep.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\win2k\system32\dllcache\beep.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . f:\win2k\system32\drivers\beep.sys

.

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\kbdclass.sys

[-] 2006-04-25 20:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [5.00.2195.6666] . . f:\win2k\erdnt\erdnt-1\cache\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\ndis.sys

[-] 2006-04-25 20:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\ntfs.sys

[-] 2005-05-10 09:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [5.00.2195.7049] . . f:\win2k\erdnt\erdnt-1\cache\ntfs.sys

[-] 2005-05-10 07:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [5.00.2195.7049] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\ntfs.sys

.

[-] 2006-04-25 20:05 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [5.00.2134.1] . . f:\win2k\erdnt\erdnt-1\cache\null.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\win2k\erdnt\cache\null.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\win2k\system32\dllcache\null.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . f:\win2k\system32\drivers\null.sys

.

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\win2k\erdnt\cache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\win2k\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . f:\win2k\system32\drivers\tcpip.sys

[-] 2008-06-18 10:05 . 02FAE418BD28E185A4909E5869497DE5 . 320528 . . [5.00.2195.7162] . . f:\win2k\erdnt\erdnt-1\cache\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-05 17:24 . BA4FB02D2149E12C87F24E6700B060D4 . 320368 . . [5.00.2195.7147] . . f:\win2k\SoftwareDistribution.old\Download\76122a0f447d4fa43f2487e81ecd927f\tcpip.sys

[-] 2005-05-12 08:25 . 4800519C7B6A6FA2212F1F14781430A6 . 320176 . . [5.00.2195.7049] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\win2k\system32\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\browser.dll

[-] 2005-04-08 11:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [5.00.2195.6866] . . f:\win2k\erdnt\erdnt-1\cache\browser.dll

[-] 2005-04-08 09:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [5.00.2195.6866] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\win2k\system32\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\lsass.exe

[-] 2004-12-19 22:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [5.00.2195.7011] . . f:\win2k\erdnt\erdnt-1\cache\LSASS.EXE

[-] 2004-12-19 20:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [5.00.2195.7011] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\win2k\system32\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\netman.dll

[-] 2005-08-16 05:35 . 600104D606AB3E9B9AB36076E6261A05 . 100112 . . [5.00.2195.7061] . . f:\win2k\erdnt\erdnt-1\cache\netman.dll

.

[-] 2008-04-14 10:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . f:\win2k\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . f:\win2k\erdnt\cache\comres.dll

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . f:\win2k\system32\comres.dll

[-] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . f:\win2k\system32\dllcache\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\win2k\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\win2k\erdnt\cache\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\win2k\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\win2k\system32\BITS\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . f:\win2k\system32\dllcache\qmgr.dll

[-] 2004-10-05 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [6.6.2600.1596] . . f:\win2k\erdnt\erdnt-1\cache\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\win2k\erdnt\cache\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\win2k\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . f:\win2k\system32\dllcache\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\rpcss.dll

[-] 2005-09-05 17:48 . 037EBCF93DF5F0C31CCD2FF7E31E3BA5 . 212240 . . [5.00.2195.7059] . . f:\win2k\erdnt\erdnt-1\cache\rpcss.dll

[-] 2005-04-08 09:54 . 391AFA6F7FE9AA667B2C54DFAE2D0FBD . 273680 . . [5.00.2195.7021] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\win2k\erdnt\cache\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\win2k\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . f:\win2k\system32\dllcache\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\services.exe

[-] 2005-04-08 11:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [5.00.2195.7035] . . f:\win2k\erdnt\erdnt-1\cache\SERVICES.EXE

[-] 2005-04-08 09:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [5.00.2195.7035] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\services.exe

.

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . f:\win2k\erdnt\cache\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . f:\win2k\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . f:\win2k\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\spoolsv.exe

[-] 2005-07-12 01:59 . FACFB75ECC070103619FA044E0B210D3 . 47376 . . [5.00.2195.7059] . . f:\win2k\erdnt\erdnt-1\cache\spoolsv.exe

[-] 2005-04-08 09:51 . 1F124B89AA469671821115A39C0FBD27 . 48400 . . [5.00.2195.7013] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\win2k\system32\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\winlogon.exe

[-] 2005-04-08 11:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [5.00.2195.6997] . . f:\win2k\erdnt\erdnt-1\cache\WINLOGON.EXE

[-] 2005-04-08 09:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [5.00.2195.6997] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\winlogon.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . f:\win2k\erdnt\cache\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . f:\win2k\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . f:\win2k\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . f:\win2k\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-28 08:44 . F4230CAA2B9166E5114441F6B7B2DC3F . 530192 . . [5.81] . . f:\win2k\erdnt\erdnt-1\cache\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\win2k\system32\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\cryptsvc.dll

[-] 2005-04-21 08:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [5.00.2195.7039] . . f:\win2k\erdnt\erdnt-1\cache\cryptsvc.dll

[-] 2005-04-21 06:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [5.00.2195.7039] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\cryptsvc.dll

.

[-] 2008-07-10 10:00 . 019BD72A117C13DF44D6CA3B96A345D6 . 251152 . . [2000.2.3550.0] . . f:\win2k\erdnt\erdnt-1\cache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\win2k\erdnt\cache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\win2k\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . f:\win2k\system32\dllcache\es.dll

[-] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . f:\win2k\ServicePackFiles\i386\es.dll

[-] 2004-03-11 19:29 . 0400F13BDEC0E1F04C1AD2002D5650A4 . 239888 . . [2000.2.3511.0] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\win2k\system32\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\imm32.dll

[-] 2006-04-25 20:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\imm32.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\win2k\erdnt\cache\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\win2k\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . f:\win2k\system32\dllcache\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\kernel32.dll

[-] 2007-04-16 12:44 . 0AB23B46CCAEBA64D748A5CF79CB4BB6 . 712976 . . [5.00.2195.7135] . . f:\win2k\erdnt\erdnt-1\cache\KERNEL32.DLL

[-] 2005-08-16 07:39 . 694E9BC2ADE4F30C99D8A59340307E1A . 712464 . . [5.00.2195.7006] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\uniproc\kernel32.dll

[-] 2004-12-30 15:53 . 06BBE7FA3859D09EDE0CEBD987A8995E . 712464 . . [5.00.2195.7006] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\win2k\system32\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\linkinfo.dll

[-] 2005-09-23 11:03 . EB0EA3EF05D648455D691348C819E479 . 17680 . . [5.00.2195.7069] . . f:\win2k\erdnt\erdnt-1\cache\linkinfo.dll

[-] 2005-04-08 09:54 . 4EDE648460D79405487672EFF49805F6 . 17168 . . [5.00.2195.7009] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\win2k\system32\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\lpk.dll

[-] 2006-04-25 20:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [5.00.2195.6692] . . f:\win2k\erdnt\erdnt-1\cache\lpk.dll

.

[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . f:\win2k\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll

[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . f:\win2k\erdnt\cache\mshtml.dll

[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . f:\win2k\system32\mshtml.dll

[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . f:\win2k\system32\dllcache\mshtml.dll

[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . f:\win2k\ie8updates\KB2416400-IE8\mshtml.dll

[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . f:\win2k\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll

[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . f:\win2k\ie8updates\KB2360131-IE8\mshtml.dll

[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . f:\win2k\ie8updates\KB2183461-IE8\mshtml.dll

[-] 2010-02-26 . 9577B285B95EF8F750B2D1A7C3E05285 . 3065344 . . [6.00.2900.3676] . . f:\win2k\ie8\mshtml.dll

[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . f:\win2k\ie8updates\KB982381-IE8\mshtml.dll

[-] 2009-04-21 19:14 . 28583A6DCA49F2DECCC4BC58277B7AE4 . 2707456 . . [6.00.2800.1627] . . f:\win2k\erdnt\erdnt-1\cache\MSHTML.DLL

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . f:\win2k\ie8updates\KB980182-IE8\mshtml.dll

[-] 2008-04-18 15:54 . 77BC18DF8014702A2813EC6E826DD31A . 2713088 . . [6.00.2800.1612] . . f:\win2k\SoftwareDistribution.old\Download\ec365dce2f360031f6c6d156c96b94e7\RTMQFE\mshtml.dll

[-] 2008-04-18 12:54 . 6F68B5643A8E74472FDB5F90A24D1825 . 2705408 . . [6.00.2800.1611] . . f:\win2k\SoftwareDistribution.old\Download\ec365dce2f360031f6c6d156c96b94e7\rtmgdr\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . f:\win2k\ServicePackFiles\i386\mshtml.dll

[-] 2008-02-15 19:13 . DB9BC075B43B91C710670CC31CF9610C . 2713088 . . [6.00.2800.1610] . . f:\win2k\SoftwareDistribution.old\Download\a434769d114f95618583ea60d10369d6\RTMQFE\mshtml.dll

[-] 2008-02-15 16:16 . 2A315FA77318EE1C2B74F4FC93EEFD2A . 2705408 . . [6.00.2800.1609] . . f:\win2k\SoftwareDistribution.old\Download\a434769d114f95618583ea60d10369d6\rtmgdr\mshtml.dll

[-] 2005-04-08 09:54 . EC44E85CCFD4A73F2C1E06C9967FC19B . 2295568 . . [5.00.3826.2400] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\mshtml.dll

.

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . f:\win2k\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\win2k\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\win2k\erdnt\cache\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\win2k\system32\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . f:\win2k\system32\dllcache\msvcrt.dll

[-] 2006-04-25 20:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [6.10.9844.0] . . f:\win2k\erdnt\erdnt-1\cache\msvcrt.dll

[-] 2005-12-15 . 9680ABA5572501AB9EA46999274835B3 . 343040 . . [7.0.2600.2180] . . f:\win2k\system32\MicroAdobe\msvcrt.dll

[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . f:\win2k\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . f:\win2k\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

.

[-] 2008-06-25 09:41 . 01CFD70CE36DF6857C1C952FC0E6E875 . 64784 . . [5.00.2195.7158] . . f:\win2k\erdnt\erdnt-1\cache\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\win2k\erdnt\cache\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\win2k\system32\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . f:\win2k\system32\dllcache\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\mswsock.dll

.

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\win2k\system32\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\netlogon.dll

[-] 2005-04-08 11:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [5.00.2195.7011] . . f:\win2k\erdnt\erdnt-1\cache\netlogon.dll

[-] 2005-04-08 09:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [5.00.2195.7011] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\netlogon.dll

[-] 2005-04-07 23:24 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [5.00.2195.7011] . . f:\win2k\SoftwareDistribution.old\Download\ce61cd118d617997716c27540fa71b61\netlogon.dll

.

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\win2k\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\win2k\erdnt\cache\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\win2k\system32\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . f:\win2k\system32\dllcache\powrprof.dll

[-] 2006-04-25 20:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [5.00.3502.6601] . . f:\win2k\erdnt\erdnt-1\cache\powrprof.dll

.

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\win2k\system32\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\scecli.dll

[-] 2005-01-12 19:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [5.00.2195.7013] . . f:\win2k\erdnt\erdnt-1\cache\scecli.dll

[-] 2005-01-12 17:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [5.00.2195.7013] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\scecli.dll

.

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\win2k\system32\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\sfc.dll

[7] 2006-04-25 20:05 . 0E1F5E9B2D00611DC9FE59EEF9487C76 . 95024 . . [5.00.2195.6673] . . f:\win2k\erdnt\erdnt-1\cache\sfc.dll

.

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\win2k\system32\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\svchost.exe

[-] 2006-04-25 20:05 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [5.00.2134.1] . . f:\win2k\erdnt\erdnt-1\cache\svchost.exe

.

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\win2k\system32\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\tapisrv.dll

[-] 2005-07-02 08:30 . E1086008E7BCE8621F09E6F13B89CC31 . 175888 . . [5.00.2195.7057] . . f:\win2k\erdnt\erdnt-1\cache\tapisrv.dll

[-] 2005-01-13 07:10 . 15CC2BD96F18AFFFE655F53DBD1E2214 . 173840 . . [5.00.2195.7002] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\tapisrv.dll

.

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\win2k\system32\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\user32.dll

[-] 2007-03-06 20:47 . 40023A7103796B1AF6CA41A6DBC54775 . 381200 . . [5.00.2195.7133] . . f:\win2k\erdnt\erdnt-1\cache\USER32.DLL

[-] 2005-04-21 06:08 . 63A7731CF4BA8565B9F07908FAC05C3B . 419600 . . [5.00.2195.7032] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\user32.dll

.

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\win2k\system32\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\userinit.exe

[-] 2006-04-25 20:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [5.00.2195.6612] . . f:\win2k\erdnt\erdnt-1\cache\userinit.exe

.

[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . f:\win2k\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll

[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . f:\win2k\erdnt\cache\wininet.dll

[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . f:\win2k\system32\wininet.dll

[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . f:\win2k\system32\dllcache\wininet.dll

[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . f:\win2k\ie8updates\KB2416400-IE8\wininet.dll

[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . f:\win2k\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll

[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . f:\win2k\ie8updates\KB2360131-IE8\wininet.dll

[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . f:\win2k\ie8updates\KB2183461-IE8\wininet.dll

[-] 2010-02-26 . 728AB52393206408EFAD838F797F435D . 662016 . . [6.00.2900.3676] . . f:\win2k\ie8\wininet.dll

[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . f:\win2k\ie8updates\KB982381-IE8\wininet.dll

[-] 2009-04-21 19:15 . 4D9ABE8C97932B31B825F82FBF6CEE5E . 576512 . . [6.00.2800.1627] . . f:\win2k\erdnt\erdnt-1\cache\WININET.DLL

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . f:\win2k\ie8updates\KB980182-IE8\wininet.dll

[-] 2008-04-18 15:55 . 47898396FCA2FC7BAA396217E1BFD44F . 587776 . . [6.00.2800.1612] . . f:\win2k\SoftwareDistribution.old\Download\ec365dce2f360031f6c6d156c96b94e7\RTMQFE\wininet.dll

[-] 2008-04-18 12:55 . 8F8B846569F163482926BD0603A79AB9 . 575488 . . [6.00.2800.1611] . . f:\win2k\SoftwareDistribution.old\Download\ec365dce2f360031f6c6d156c96b94e7\rtmgdr\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . f:\win2k\ServicePackFiles\i386\wininet.dll

[-] 2008-02-15 19:13 . 16DBC9E9FEB2615FDC276463DF3AD7EA . 587776 . . [6.00.2800.1610] . . f:\win2k\SoftwareDistribution.old\Download\a434769d114f95618583ea60d10369d6\RTMQFE\wininet.dll

[-] 2008-02-15 16:17 . F01D09FD5C98D0D0546CAA6BDC34E978 . 575488 . . [6.00.2800.1609] . . f:\win2k\SoftwareDistribution.old\Download\a434769d114f95618583ea60d10369d6\rtmgdr\wininet.dll

[-] 2005-04-08 09:54 . 27EF4114AA0955476B3EEA272337B773 . 450832 . . [5.00.3826.1800] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\wininet.dll

.

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\win2k\system32\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ws2_32.dll

[-] 2006-04-25 20:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [5.00.2195.6601] . . f:\win2k\erdnt\erdnt-1\cache\ws2_32.dll

.

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . f:\win2k\system32\ws2help.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\win2k\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\win2k\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\win2k\erdnt\cache\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . f:\win2k\system32\dllcache\explorer.exe

[-] 2006-04-25 20:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [5.00.3700.6690] . . f:\win2k\erdnt\erdnt-1\cache\explorer.exe

.

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . f:\win2k\erdnt\cache\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . f:\win2k\system32\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . f:\win2k\system32\dllcache\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . f:\win2k\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ole32.dll

[-] 2005-04-21 06:08 . E190BB6FD3CE5E67FFDA7ECF57916470 . 1042192 . . [5.00.2195.7034] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . f:\win2k\erdnt\cache\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . f:\win2k\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . f:\win2k\system32\dllcache\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . f:\win2k\ServicePackFiles\i386\usp10.dll

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\win2k\system32\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\win2k\system32\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\win2k\system32\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\eventlog.dll

[-] 2005-04-08 11:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [5.00.2195.7036] . . f:\win2k\erdnt\erdnt-1\cache\EVENTLOG.DLL

[-] 2005-04-08 09:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [5.00.2195.7036] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\eventlog.dll

.

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\win2k\system32\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\sfcfiles.dll

[-] 2005-04-08 10:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [5.00.2195.7038] . . f:\win2k\erdnt\erdnt-1\cache\sfcfiles.dll

[-] 2005-04-08 08:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [5.00.2195.7038] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\sfcfiles.dll

.

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\win2k\system32\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ctfmon.exe

.

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\win2k\ServicePackFiles\i386\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\win2k\erdnt\cache\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\win2k\system32\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . f:\win2k\system32\dllcache\shsvcs.dll

.

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\win2k\system32\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\win2k\system32\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\win2k\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\win2k\system32\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\termsrv.dll

.

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\hnetcfg.dll

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\hnetcfg.dll

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . f:\win2k\system32\hnetcfg.dll

[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\win2k\system32\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\appmgmts.dll

[-] 2006-04-25 20:04 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [5.00.2195.6658] . . f:\win2k\erdnt\erdnt-1\cache\appmgmts.dll

.

[-] 2006-04-25 20:04 . 4B10B4DB777EE2EF8E755E7F3D7C4FE8 . 11536 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\acpiec.sys

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . f:\win2k\erdnt\cache\acpiec.sys

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . f:\win2k\system32\dllcache\acpiec.sys

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . f:\win2k\system32\drivers\acpiec.sys

.

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\win2k\ServicePackFiles\i386\aec.sys

[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\win2k\erdnt\cache\aec.sys

[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\win2k\system32\dllcache\aec.sys

[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . f:\win2k\system32\drivers\aec.sys

.

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\agp440.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\agp440.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\agp440.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\agp440.sys

[-] 2006-04-25 20:05 . CDDB71A90077C93BEA5C72507F0B1394 . 21008 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . f:\win2k\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . f:\win2k\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\iprip.dll

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\iprip.dll

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . f:\win2k\system32\iprip.dll

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\iprip.dll

[-] 2006-07-07 17:19 . 1D0215432585B6298DBC462B41D711CC . 34064 . . [5.00.2134.1] . . f:\win2k\erdnt\erdnt-1\cache\iprip.dll

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . f:\win2k\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . f:\win2k\erdnt\cache\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . f:\win2k\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . f:\win2k\system32\dllcache\mfc40u.dll

[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . f:\win2k\ServicePackFiles\i386\mfc40u.dll

[-] 2006-11-03 03:01 . 6CE82AC80967541ED3787B62B2242271 . 927504 . . [4.1.0.61] . . f:\win2k\erdnt\erdnt-1\cache\MFC40U.DLL

.

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\win2k\system32\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\msgsvc.dll

[-] 2005-04-08 11:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [5.00.2195.6861] . . f:\win2k\erdnt\erdnt-1\cache\MSGSVC.DLL

[-] 2005-04-08 09:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [5.00.2195.6861] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\msgsvc.dll

.

[-] 2008-04-14 09:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . f:\win2k\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-04-19 07:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . f:\win2k\erdnt\cache\mspmsnsv.dll

[-] 2006-04-19 07:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . f:\win2k\system32\MsPMSNSv.dll

[-] 2006-04-19 07:29 . BDCB1149152BEB87154D42AEAF148C90 . 26112 . . [11.0.5358.4826] . . f:\win2k\system32\dllcache\mspmsnsv.dll

.

[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . f:\win2k\Driver Cache\i386\ntkrnlpa.exe

[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . f:\win2k\erdnt\cache\ntkrnlpa.exe

[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . f:\win2k\system32\ntkrnlpa.exe

[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . f:\win2k\system32\dllcache\ntkrnlpa.exe

[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2007-03-05 15:52 . D63CCCA44AB92D8B819054E2AF6202AE . 1713536 . . [5.00.2195.7133] . . f:\win2k\erdnt\erdnt-1\cache\NTKRNLPA.EXE

[-] 2005-05-06 09:45 . BA85F7C7B83CAC2B5D125E2FD3347C94 . 1713280 . . [5.00.2195.7045] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\ntkrnlpa.exe

.

[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\win2k\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\win2k\erdnt\cache\ntmssvc.dll

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\win2k\system32\ntmssvc.dll

[-] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . f:\win2k\system32\dllcache\ntmssvc.dll

[-] 2006-04-25 20:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [5.00.2195.6655] . . f:\win2k\erdnt\erdnt-1\cache\ntmssvc.dll

.

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\win2k\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . f:\win2k\ServicePackFiles\i386\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . f:\win2k\erdnt\cache\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . f:\win2k\system32\dsound.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . f:\win2k\system32\dllcache\dsound.dll

[-] 2004-07-09 08:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . f:\win2k\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll

.

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . f:\win2k\ServicePackFiles\i386\d3d9.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . f:\win2k\erdnt\cache\d3d9.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . f:\win2k\system32\d3d9.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . f:\win2k\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . f:\win2k\ServicePackFiles\i386\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . f:\win2k\erdnt\cache\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . f:\win2k\system32\ddraw.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . f:\win2k\system32\dllcache\ddraw.dll

[-] 2004-07-09 08:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . f:\win2k\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll

.

[-] 2008-04-14 10:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\olepro32.dll

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\olepro32.dll

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . f:\win2k\system32\olepro32.dll

[-] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . f:\win2k\system32\perfctrs.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . f:\win2k\system32\version.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\version.dll

.

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . f:\win2k\Driver Cache\i386\ntoskrnl.exe

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . f:\win2k\erdnt\cache\ntoskrnl.exe

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . f:\win2k\system32\ntoskrnl.exe

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . f:\win2k\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\ntoskrnl.exe

[-] 2007-03-05 15:51 . A9B95A62C4F298AADD3BEC2FDF49FCBE . 1690880 . . [5.00.2195.7133] . . f:\win2k\erdnt\erdnt-1\cache\NTOSKRNL.EXE

[-] 2005-05-06 09:45 . AC3CE69C7B349494A53A25B44091CD6B . 1690432 . . [5.00.2195.7045] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\ntoskrnl.exe

.

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\w32time.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\w32time.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . f:\win2k\system32\w32time.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\w32time.dll

[-] 2005-04-08 09:54 . 09027F1D1812F6B0F0332596B657B00C . 48400 . . [5.00.2195.6920] . . f:\win2k\SoftwareDistribution.old\Download\5ac96bf333693381ef14463235ccfce4\w32time.dll

.

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . f:\win2k\ServicePackFiles\i386\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . f:\win2k\erdnt\cache\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . f:\win2k\system32\wiaservc.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . f:\win2k\system32\dllcache\wiaservc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]

"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]

"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoCustomizeWebView"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]

2006-11-13 18:38 16168 ----a-w- f:\win2k\system32\WcesWlgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 18:11 87424 ----a-w- f:\win2k\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]

"78.129.223.67,255.255.255.255,192.168.0.222,1"=""

.

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^IP Phone Center.lnk]

path=f:\documents and settings\All Users\Start Menu\Programs\Startup\IP Phone Center.lnk

backup=f:\win2k\pss\IP Phone Center.lnkCommon Startup

.

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^SIPiPhone.lnk]

path=f:\documents and settings\All Users\Start Menu\Programs\Startup\SIPiPhone.lnk

backup=f:\win2k\pss\SIPiPhone.lnkCommon Startup

.

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^TjInit Utility.lnk]

path=f:\documents and settings\All Users\Start Menu\Programs\Startup\TjInit Utility.lnk

backup=f:\win2k\pss\TjInit Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\F:^Documents and Settings^Bigtalker^Start Menu^Programs^Startup^IP Phone Center.lnk]

path=f:\documents and settings\Bigtalker\Start Menu\Programs\Startup\IP Phone Center.lnk

backup=f:\win2k\pss\IP Phone Center.lnkStartup

.

[HKLM\~\startupfolder\F:^Documents and Settings^Bigtalker^Start Menu^Programs^Startup^NT_PHONE.lnk]

path=f:\documents and settings\Bigtalker\Start Menu\Programs\Startup\NT_PHONE.lnk

backup=f:\win2k\pss\NT_PHONE.lnkStartup

.

[HKLM\~\startupfolder\F:^Documents and Settings^Bigtalker^Start Menu^Programs^Startup^ProjectWhois.lnk]

path=f:\documents and settings\Bigtalker\Start Menu\Programs\Startup\ProjectWhois.lnk

backup=f:\win2k\pss\ProjectWhois.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-r- f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- f:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-06-28 12:46 622592 ----a-w- f:\program files\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-06-29 17:18 77824 ----a-w- f:\program files\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-03 21:59 136176 ------w- f:\documents and settings\Bigtalker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 09:42 1695232 ----a-w- f:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- f:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"H/PC Connection Agent"="h:\program files\Microsoft ActiveSync\wcescomm.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\Program Files\\PhonerLite\\PhonerLite.exe"=

"f:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Attractel\\Zoiper\\Zoiper.exe"=

"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"f:\program files\Microsoft ActiveSync\rapimgr.exe"= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"f:\program files\Microsoft ActiveSync\wcescomm.exe"= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"f:\program files\Microsoft ActiveSync\WCESMgr.exe"= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"f:\\Documents and Settings\\Bigtalker\\Desktop\\My Mobile\\MyMobiler\\MyMobiler.exe"=

"f:\\Program Files\\My Mobile\\MyMobiler\\MyMobiler.exe"=

"f:\\Mozilla Firefox\\firefox.exe"=

"f:\\Program Files\\NT_PHONE\\nvc.exe"=

"f:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Whistle.exe"=

"f:\\Program Files\\Vuze42\\Azureus.exe"=

"f:\\Program Files\\NCH Swift Sound\\IVM\\origivm.exe"=

"f:\\Documents and Settings\\Bigtalker\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program Files\\TigerJet SipPhone\\SIPiPhone.exe"=

"f:\\mjusbsp\\magicJack.exe"=

"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"f:\\program Files\\xchat-irc\\xchat.exe"=

"f:\\Documents and Settings\\Bigtalker\\Application Data\\mjusbsp\\magicJack.exe"=

"f:\\program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"5070:UDP"= 5070:UDP:IVM Answering Attendant Sip Incoming Calls (UDP)

"90:TCP"= 90:TCP:AgentServer connection

"5700:UDP"= 5700:UDP:Network Discovery port

"5701:UDP"= 5701:UDP:Network Discovery port (Broadcast)

"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)

"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

"4100:UDP"= 4100:UDP:uPNP Router Control Port

.

R0 TheStubwareDriver;TheStubware Driver;f:\win2k\system32\drivers\TheStubwareDriver.SYS [2011-02-18 9728]

R1 ActiveMonitor;ActiveMonitor;f:\win2k\system32\drivers\ActiveMonitor.SYS [2011-02-18 44032]

R1 epfwndhk;epfwndhk;f:\win2k\system32\drivers\epfwndhk.sys [2010-04-20 35680]

R1 Ext2fs;Ext2fs;f:\win2k\system32\drivers\ext2fs.sys [2010-04-20 165760]

R1 IfsMount;IfsMount;f:\win2k\system32\drivers\ifsmount.sys [2010-04-20 44160]

R1 SABKUTIL;SABKUTIL;f:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [2006-06-29 27648]

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 12872]

R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 67656]

R2 LMIGuardianSvc;LMIGuardianSvc;f:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;f:\program files\LogMeIn\x86\rainfo.sys [2010-09-17 12856]

R2 PingPlotter;PingPlotter;f:\program files\PingPlotter Pro3_20\PingPlotter.exe [2007-11-16 1783296]

S1 SABDIFSV;SABDIFSV;f:\program files\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [2005-09-21 5632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\win2k\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 cpuz134;cpuz134;\??\t:\temp\cpuz134\cpuz134_x32.sys --> t:\temp\cpuz134\cpuz134_x32.sys [?]

S3 EraserUtilDrvI9;EraserUtilDrvI9;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [2010-04-16 102448]

S3 Nbdrv;NetBalancer Service;f:\win2k\system32\DRIVERS\nbdrv.sys --> f:\win2k\system32\DRIVERS\nbdrv.sys [?]

S3 NPF;NetGroup Packet Filter Driver;f:\win2k\system32\drivers\npf.sys [2010-06-25 35088]

S3 NTLS;NTLS;t:\temp\NTLS.exe --> t:\temp\NTLS.exe [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;f:\program files\PCPitstop\PCPitstopScheduleService.exe [2011-03-08 90864]

S3 PSI;PSI;f:\win2k\system32\drivers\psi_mf.sys [2010-04-20 7808]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 12872]

S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]

S3 usb_rndisy;USB RNDIS Adapter;f:\win2k\system32\drivers\usb8023y.sys [2010-04-20 14336]

S3 usbhub20;USB 2.0 Root Hub Support;f:\win2k\system32\drivers\usbhub20.sys [2010-04-20 49776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\win2k\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 MyConnectionServer-4f5d727d;Visualware MyConnection Server (#4f5d727d);f:\program files\MyConnection Server\msserver.exe [2010-06-07 548451]

S4 MySQLforYeastar;MySQLforYeastar;"f:\program files\Yeastar\BizPBX\MySQL\bin\mysqld-nt.exe" MySQLforYeastar --> f:\program files\Yeastar\BizPBX\MySQL\bin\mysqld-nt.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-09 f:\win2k\Tasks\ParetoLogic Registration3.job

- f:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

.

2011-03-09 f:\win2k\Tasks\ParetoLogic Update Version3.job

- f:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

.

2011-03-09 f:\win2k\Tasks\PC Health Advisor Defrag.job

- f:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

.

2011-03-09 f:\win2k\Tasks\PC Health Advisor.job

- f:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

.

2011-03-09 f:\win2k\Tasks\User_Feed_Synchronization-{0A52562F-9F59-432A-B4BF-A363C6AD5A52}.job

- f:\win2k\system32\msfeedssync.exe [2009-03-08 08:31]

.

------- Supplementary Scan -------

.

IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

Trusted Zone: intuit.com\ttlc

TCP: {C5CAF640-59A6-42BE-8202-DFACF478B0AC} = 4.2.2.2,192.168.0.1

FF - ProfilePath - f:\documents and settings\Bigtalker\Application Data\Mozilla\Firefox\Profiles\aluc5plc.default\

FF - prefs.js: browser.startup.homepage - hxxp://forum.officiating.com/basketball/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - f:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: TextAloud 3 Toolbar: {99a0337c-6303-4879-b72e-500fd9aaca8c} - f:\mozilla firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net

FF - user.js: yahoo.homepage.dontask - true

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

txtfile=f:\win2k\notepad.exe %1

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-09 13:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PingPlotter]

"ImagePath"="f:\program files\PingPlotter Pro3_20\PingPlotter.exe /startedbyscm:A735A3AF-40E2EA7D-PingPlotter"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1078081533-1004336348-725345543-1000\Software\CoSoSys\C*a*r*r*y* *i*t* *E*a*s*y*"!\Eula]

"acceptedInVersions"="2.0.1.0"

.

[HKEY_USERS\S-1-5-21-1078081533-1004336348-725345543-1000\Software\CoSoSys\C*a*r*r*y* *i*t* *E*a*s*y*"!\Safe Mozilla]

"Enabled"=dword:00000000

.

[HKEY_USERS\S-1-5-21-1078081533-1004336348-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B79AB2A3-0A7E-26C1-6C1B-87717B9940D5}*]

@Allowed: (Read) (RestrictedCode)

"abgpmcaggfpfoencmaokfnliledjccejdp"=hex:61,62,69,69,61,66,69,68,69,70,65,6a,

66,67,65,66,6b,69,6b,67,6f,62,64,66,66,66,63,6e,62,6b,65,70,70,67,00,00

"bbgpmcaggfpfoencmablmpkmadeafooekmog"=hex:61,62,64,6d,65,68,62,6c,65,6b,6b,6d,

66,6e,6d,64,62,6e,6f,6d,62,61,65,62,63,6a,61,6f,64,63,6d,67,67,64,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

f:\win2k\system32\LMIinit.dll

.

- - - - - - - > 'explorer.exe'(3960)

f:\win2k\system32\WININET.dll

f:\win2k\system32\msi.dll

f:\win2k\system32\ieframe.dll

f:\win2k\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

f:\program files\Common Files\Symantec Shared\ccSetMgr.exe

f:\program files\Symantec AntiVirus\DefWatch.exe

f:\program files\LogMeIn\x86\RaMaint.exe

f:\program files\LogMeIn\x86\LogMeIn.exe

f:\win2k\system32\tcpsvcs.exe

f:\win2k\System32\snmp.exe

f:\program files\Symantec AntiVirus\Rtvscan.exe

f:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

f:\progra~1\MICROS~2\wcescomm.exe

f:\progra~1\MICROS~2\rapimgr.exe

f:\win2k\system32\wscntfy.exe

f:\win2k\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2011-03-09 13:14:16 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-09 18:14

ComboFix2.txt 2011-03-07 06:56

.

Pre-Run: 571,435,008,000 bytes free

Post-Run: 571,434,184,704 bytes free

.

- - End Of File - - 7EB7414FF18176619E88791ED203A27F

+++++++++++++++++++

Attach.zip

DDS1.txt

screen317 · March 11, 2011

Hi,

Please update MBAM, run a Quick Scan, and post (don't attach) its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

screen317 · March 25, 2011

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Malwarebytes comes up clean, but.....

Recommended Posts

bigtalker

Link to post

Share on other sites

screen317

Link to post

Share on other sites

bigtalker

Link to post

Share on other sites

screen317

Link to post

Share on other sites

screen317

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information