how-to block ads
|
|
Uniqs:
3189 |
Share Topic
 |
 |
|
|
|
Zoder
join:2002-04-16
Miami, FL | [Rootkit] Tidserv Activity 2 My XP computer was infected tonight. I run NIS on all of my machines and this is the 1st one that ever got through. Was at a forum I frequent and all of a sudden IE 8 closed and a few seconds later Norton popped up a message that it blocked unauthorised access targeting one of it's files and another message that it blocked an intrusion attempt from an IP address that required manual removal and that it matched what Symantec calls Tidserv Activity 2. It then provided a link for instructions on the manual removal. The info said that it was a rootkit and I've run all of the steps. Logs are below. One thing I'm noticing while I ran the scans is that NIS is reporting high memory and CPU usage for ping.exe through popups. I'm guessing the infection is trying to call out?
One note. On the MBAM log you'll see I excluded 2 files from being removed. These are a false positive from a 20 year old game on 5 1/2 inch floppy I backed up years ago on this harddrive.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8391
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/18/2011 2:44:41 AM
mbam-log-2011-12-18 (02-44-41).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 295868
Time elapsed: 1 hour(s), 11 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
d:\documents and settings\all users\documents\new folder\new folder\new folder\Games2\X-Men\LOTUS.PIC (Extension.Mismatch) -> Not selected for removal.
f:\new folder\new folder\Games2\X-Men\LOTUS.PIC (Extension.Mismatch) -> Not selected for removal. | |
Zoder
join:2002-04-16
Miami, FL
2 edits | Site or computer is giving me problems putting everything in one post. Sorry that I have to break this up, but it's the only way I can get all of the info posted. If mod can combine to one post, please do.
OTL logfile created on: 12/18/2011 2:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\anon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
639.30 Mb Total Physical Memory | 257.96 Mb Available Physical Memory | 40.35% Memory free
1.53 Gb Paging File | 1.22 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): D:\pagefile.sys 2 50F:\pagefile.sys 958 1920 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 9.76 Gb Total Space | 4.97 Gb Free Space | 50.91% Space Free | Partition Type: FAT32
Drive D: | 25.07 Gb Total Space | 1.57 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
Drive E: | 19.52 Gb Total Space | 3.33 Gb Free Space | 17.06% Space Free | Partition Type: FAT32
Drive F: | 20.14 Gb Total Space | 5.12 Gb Free Space | 25.42% Space Free | Partition Type: FAT32
Drive G: | 671.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: anon | User Name: anon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/12/18 01:15:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\anon\Desktop\OTL.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2008/04/27 13:21:15 | 000,684,032 | ---- | M] (Roxio) -- D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/08/29 14:15:42 | 001,662,976 | ---- | M] (D-Link) -- D:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
PRC - [2007/01/19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2001/10/03 17:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) -- D:\WINDOWS\wanmpsvc.exe
PRC - [2001/09/14 00:56:00 | 000,026,112 | ---- | M] (Creative Technology Ltd.) -- D:\WINDOWS\system32\devldr32.exe
PRC - [2001/08/17 13:52:06 | 000,180,224 | ---- | M] (Creative Technology Ltd.) -- D:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe
PRC - [2001/08/09 18:18:30 | 000,064,512 | -H-- | M] (America Online, Inc.) -- D:\WINDOWS\system32\PackethSvc.exe
PRC - [2001/01/03 14:50:56 | 000,066,048 | ---- | M] (Silitek Corporation) -- D:\WINDOWS\system32\SK9910DM.EXE
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2010/09/22 20:12:20 | 000,016,832 | ---- | M] () -- D:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/08/20 16:41:12 | 000,233,472 | ---- | M] () -- D:\WINDOWS\system32\WlanApp.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2007/08/02 11:05:22 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- D:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe -- (jswpsapi)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2002/01/09 19:47:17 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- D:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2001/10/03 17:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- D:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001/08/09 18:18:30 | 000,064,512 | -H-- | M] (America Online, Inc.) [Auto | Running] -- D:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/12/11 21:01:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111217.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/11 21:01:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111217.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 05:47:07 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 05:47:07 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/11 09:18:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/27 13:21:17 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2008/04/27 13:21:17 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2008/04/27 13:21:17 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2008/04/27 13:21:17 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/04/27 13:21:17 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2008/04/27 13:21:15 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/27 13:21:15 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/07/25 07:52:50 | 000,057,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/05/24 02:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2005/12/11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/12/17 08:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 08:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\L8042pr2.Sys -- (l8042pr2)
DRV - [2003/12/17 08:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/08/29 00:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/01/10 06:09:00 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/01/09 19:51:38 | 000,027,924 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001/09/14 00:56:00 | 000,776,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/09/14 00:56:00 | 000,035,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/09/14 00:56:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/16 18:20:34 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/15 15:49:04 | 000,737,975 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
DRV - [2001/08/09 16:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
DRV - [2000/09/12 00:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 18:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Sk99202k.sys -- (Sk99202k)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1999/09/01 13:55:24 | 000,031,968 | ---- | M] (Watergate Software Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ycomp/···/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »us.rd.yahoo.com/customize/ycomp/···ahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/27 18:40:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6 [2011/12/18 02:48:40 | 000,000,000 | ---D | M]
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - HKLM..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AudioHQ] D:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [D-Link RangeBooster G WDA-2320] D:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] D:\WINDOWS\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} »www.logitech.com/devicedetector/···on32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} »www.update.microsoft.com/windows···38604811 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} »webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} »h20270.www2.hp.com/ediags/gmn2/i···ion2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} »v4.windowsupdate.microsoft.com/C···65740741 (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} »h20264.www2.hp.com/ediags/dd/ins···xp2k.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} »office.microsoft.com/officeupdat···puc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D4082-9508-49C4-AA33-4203AE5B83D0}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) -D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\spot1.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\spot1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/31 22:04:50 | 000,000,201 | ---- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2000/06/21 10:26:20 | 000,000,069 | -H-- | M] () - C:\AUTOEXEC.PTT -- [ FAT32 ]
O32 - AutoRun File - [2002/01/31 22:04:50 | 000,000,201 | ---- | M] () - C:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2004/09/21 02:00:00 | 000,000,027 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/18 01:27:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\anon\Application Data\Malwarebytes
[2011/12/18 01:27:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 01:27:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/18 01:27:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2011/12/18 01:27:28 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/12/18 01:18:27 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\anon\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/18 01:15:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\anon\Desktop\OTL.exe
[2011/12/17 23:10:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/17 23:10:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2002/01/18 14:21:39 | 000,059,392 | ---- | C] ( ) -- D:\WINDOWS\System32\a3d.dll
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/18 02:59:47 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 02:54:06 | 000,879,649 | ---- | M] () -- D:\Documents and Settings\anon\Desktop\SecurityCheck.exe
[2011/12/18 02:50:55 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/12/18 02:48:52 | 000,000,004 | ---- | M] () -- D:\WINDOWS\System32\ANIWZCSUSERNAME{365D4082-9508-49C4-AA33-4203AE5B83D0}
[2011/12/18 02:48:46 | 000,000,007 | ---- | M] () -- D:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/12/18 02:48:30 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/12/18 01:27:34 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 01:18:41 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\anon\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/18 01:15:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\anon\Desktop\OTL.exe
[2011/12/17 23:01:17 | 000,017,084 | -HS- | M] () -- D:\Documents and Settings\All Users\Application Data\0t26jm1p08c034
[2011/12/17 23:01:16 | 000,017,084 | -HS- | M] () -- D:\Documents and Settings\anon\Local Settings\Application Data\0t26jm1p08c034
[2011/12/01 11:04:14 | 000,036,406 | ---- | M] () -- D:\Documents and Settings\anon\Desktop\s n v.jpg
[2011/11/20 12:09:02 | 000,131,072 | ---- | M] () -- D:\Documents and Settings\anon\Desktop\capp.jpg
[2011/11/18 20:40:00 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/18 02:54:05 | 000,879,649 | ---- | C] () -- D:\Documents and Settings\anon\Desktop\SecurityCheck.exe
[2011/12/18 01:27:34 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 00:51:01 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/12/17 22:56:12 | 000,017,084 | -HS- | C] () -- D:\Documents and Settings\anon\Local Settings\Application Data\0t26jm1p08c034
[2011/12/17 22:56:12 | 000,017,084 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\0t26jm1p08c034
[2011/12/01 11:04:34 | 000,036,406 | ---- | C] () -- D:\Documents and Settings\anon\Desktop\s n v.jpg
[2011/11/20 12:11:06 | 000,131,072 | ---- | C] () -- D:\Documents and Settings\anon\Desktop\capp.jpg
[2011/10/22 21:30:45 | 000,000,575 | ---- | C] () -- D:\WINDOWS\BADMOJO.INI
[2011/02/06 14:47:00 | 000,019,516 | ---- | C] () -- D:\WINDOWS\hpqins13.dat.temp
[2011/02/05 17:21:51 | 000,077,414 | ---- | C] () -- D:\WINDOWS\hpqins05.dat.temp
[2011/02/05 17:03:17 | 000,165,282 | ---- | C] () -- D:\WINDOWS\hpoins21.dat
[2011/02/05 17:03:17 | 000,007,262 | ---- | C] () -- D:\WINDOWS\hpomdl21.dat
[2010/03/28 22:33:24 | 000,165,384 | ---- | C] () -- D:\WINDOWS\hpoins21.dat.temp
[2010/03/28 22:33:24 | 000,007,262 | ---- | C] () -- D:\WINDOWS\hpomdl21.dat.temp
[2010/03/28 21:34:34 | 000,077,414 | ---- | C] () -- D:\WINDOWS\hpqins05.dat
[2010/03/27 16:16:29 | 000,023,096 | ---- | C] () -- D:\WINDOWS\hpqins15.dat
[2009/08/16 15:11:29 | 000,019,516 | ---- | C] () -- D:\WINDOWS\hpqins13.dat
[2008/12/07 02:06:47 | 000,109,697 | ---- | C] () -- D:\WINDOWS\hpqins00.dat
[2008/10/03 21:21:35 | 000,002,560 | ---- | C] () -- D:\WINDOWS\_MSRSTRT.EXE
[2008/10/03 00:14:42 | 000,233,472 | ---- | C] () -- D:\WINDOWS\System32\WlanApp.dll
[2008/10/03 00:14:41 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\JJAKEn.dll
[2008/06/25 09:35:35 | 000,000,010 | ---- | C] () -- D:\WINDOWS\popcinfo.dat
[2008/04/30 18:50:31 | 000,000,134 | ---- | C] () -- D:\WINDOWS\System32\DWLAB.DAT
[2008/04/27 13:46:22 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/04/27 13:26:39 | 000,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2008/04/27 13:26:37 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2004/10/22 14:23:47 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2003/12/24 22:22:23 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2003/06/21 20:29:29 | 000,006,550 | ---- | C] () -- D:\WINDOWS\jautoexp.dat
[2002/10/18 16:17:09 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2002/02/03 07:35:30 | 000,000,488 | ---- | C] () -- D:\WINDOWS\Cmousecc.ini
[2002/01/27 00:03:22 | 000,008,704 | ---- | C] () -- D:\Documents and Settings\anon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/26 21:01:44 | 000,000,686 | ---- | C] () -- D:\WINDOWS\cdPlayer.ini
[2002/01/18 14:22:07 | 000,000,103 | ---- | C] () -- D:\WINDOWS\CTDiskID.INI
[2002/01/18 14:21:03 | 001,048,576 | ---- | C] () -- D:\WINDOWS\System32\Sfman.dat
[2002/01/18 14:21:02 | 000,000,231 | ---- | C] () -- D:\WINDOWS\Ac3api.ini
[2002/01/13 09:52:18 | 001,262,956 | ---- | C] () -- D:\WINDOWS\System32\XMNT2001.EXE
[2002/01/13 09:52:18 | 000,003,252 | ---- | C] () -- D:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2002/01/13 07:32:25 | 000,000,020 | ---- | C] () -- D:\WINDOWS\InfModM.ini
[2002/01/13 07:30:21 | 000,000,029 | ---- | C] () -- D:\WINDOWS\wgedit.ini
[2002/01/13 07:30:15 | 000,057,344 | ---- | C] () -- D:\WINDOWS\uninstBVRP.dll
[2002/01/12 08:10:29 | 000,000,036 | ---- | C] () -- D:\WINDOWS\plugSpk.INI
[2002/01/12 08:03:54 | 000,000,227 | ---- | C] () -- D:\WINDOWS\SBWIN.INI
[2002/01/10 05:44:33 | 000,000,258 | ---- | C] () -- D:\WINDOWS\System32\UPDATE.INI
[2002/01/09 19:49:07 | 000,109,056 | ---- | C] () -- D:\WINDOWS\UNWISE32.EXE
[2002/01/09 19:49:07 | 000,082,864 | ---- | C] () -- D:\WINDOWS\UNWISE.EXE
[2002/01/09 19:49:07 | 000,004,052 | ---- | C] () -- D:\WINDOWS\unwise32.ini
[2002/01/09 19:49:07 | 000,004,052 | ---- | C] () -- D:\WINDOWS\unwise.ini
[2002/01/09 19:49:06 | 000,377,600 | ---- | C] () -- D:\WINDOWS\System32\BOCOLE.DLL
[2002/01/09 19:49:06 | 000,167,456 | ---- | C] () -- D:\WINDOWS\System32\Bocof.dll
[2002/01/09 19:44:56 | 000,000,204 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2002/01/09 19:44:50 | 000,126,976 | ---- | C] () -- D:\WINDOWS\System32\unzdll.dll
[2002/01/09 19:29:56 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2002/01/09 19:23:52 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2002/01/09 14:16:15 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2002/01/09 14:15:04 | 000,140,440 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,441,552 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,071,488 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\ImapiRoxPS.dll
[color=#E56717]========== LOP Check ==========[/color]
[2002/01/13 06:54:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\America Online
[2010/03/04 19:24:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SKL
[2011/02/16 11:47:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/01 22:26:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\FreeAudioPack
[2002/02/07 06:00:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\InterVideo
[2009/07/15 09:53:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\OfficeUpdate12
[2010/10/04 18:24:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\PriceGong
[2009/03/04 16:39:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\Snood
[2009/12/20 14:52:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\anon\Application Data\Tific
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938 | |
Zoder
join:2002-04-16
Miami, FL
1 edit | reply to Zoder
OTL Extras logfile created on: 12/18/2011 2:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\anon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
639.30 Mb Total Physical Memory | 257.96 Mb Available Physical Memory | 40.35% Memory free
1.53 Gb Paging File | 1.22 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): D:\pagefile.sys 2 50F:\pagefile.sys 958 1920 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 9.76 Gb Total Space | 4.97 Gb Free Space | 50.91% Space Free | Partition Type: FAT32
Drive D: | 25.07 Gb Total Space | 1.57 Gb Free Space | 6.26% Space Free | Partition Type: NTFS
Drive E: | 19.52 Gb Total Space | 3.33 Gb Free Space | 17.06% Space Free | Partition Type: FAT32
Drive F: | 20.14 Gb Total Space | 5.12 Gb Free Space | 25.42% Space Free | Partition Type: FAT32
Drive G: | 671.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: anon | User Name: anon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\HP Software Update\HPWUCli.exe" = D:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\setup\HPZNUI01.EXE" = G:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"D:\Documents and Settings\anon\Local Settings\Temp\7zS1.tmp\setup\HPZnui01.exe" = D:\Documents and Settings\anon\Local Settings\Temp\7zS1.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"D:\Documents and Settings\anon\Local Settings\Temp\7zS23.tmp\setup\HPZnui01.exe" = D:\Documents and Settings\anon\Local Settings\Temp\7zS23.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"D:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\HP Software Update\HPWUCli.exe" = D:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"D:\Documents and Settings\anon\Local Settings\Temp\7zS2B86\setup\HPZnui01.exe" = D:\Documents and Settings\anon\Local Settings\Temp\7zS2B86\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 27
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DCCC000-B22F-11D4-9BBB-A8791A39273D}" = Snood
"{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}" = HelpSpot
"{9075FCA2-7B7E-46A3-841A-52519270C1B2}" = PowerQuest Drive Image 5.0
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0878C51-B88B-4E4C-9061-F95B98290505}" = RangeBooster G WDA-2320
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = DVD Player
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DA0205-20C9-43EA-83A3-67A1935437A9}" = PhoneTools
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online
"AolCoach" = AOL Coach Version 1.0(Build:20020605.1)
"Bad Mojo" = Bad Mojo
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ExamView Pro" = ExamView Assessment Suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NIS" = Norton Internet Security
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"oggcodecs" = oggcodecs 0.71.0946
"PCDoctor" = PC-Doctor for Windows
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PX: {FBD609B8-2F51-4321-A545-D2132E281BCE}" = GW Wallpaper
"RealPlayer 6.0" = RealPlayer Basic
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"Snood Deluxe1.00" = Snood Deluxe
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zuma® Deluxe" = Zuma® Deluxe
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mahjongg Master 4" = Mahjongg Master 4
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 12/14/2011 5:00:11 PM | Computer Name = anon | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/14/2011 5:00:26 PM | Computer Name = anon | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/18/2011 1:43:21 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 2:34:28 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 2:40:14 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 3:41:24 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 3:43:20 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 3:45:07 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 3:46:16 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
Error - 12/18/2011 4:00:46 AM | Computer Name = anon | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could
be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.
[ System Events ]
Error - 12/18/2011 3:44:37 AM | Computer Name = anon | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%2
Error - 12/18/2011 3:50:16 AM | Computer Name = anon | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 12/18/2011 3:50:26 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 3:50:26 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 3:50:26 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 3:50:36 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 3:51:14 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 3:58:38 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 4:01:59 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/18/2011 4:04:52 AM | Computer Name = anon | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Norton Internet Security
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 27
[color=red]Java version out of date![/color]
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
``````````End of Log````````````
\
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1a8a95e7cdd6e94cb6a0396fb7a641f0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 10:03:19
# local_time=2011-12-18 05:03:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 48861291 48861291 0 0
# compatibility_mode=3588 16777174 85 82 2128895 27167528 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 4 100187827 100187827 0 0
# scanned=127060
# found=2
# cleaned=0
# scan_time=6278
D:\WINDOWS\system32\drivers\ipsec.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 | | |
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
 ·Comcast
| reply to Zoder
Let,s make sure whether we are dealing with TDL4 or not.
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.
You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
Zoder
join:2002-04-16
Miami, FL
1 edit | Here's the log. Got a question. Last night was the 1st time the computer was on since Patch Tuesday so it doesn't have the latest patches. Should I update now or wait until we are finished cleaning?
11:46:27.0010 0668 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:46:28.0252 0668 ============================================================
11:46:28.0252 0668 Current date / time: 2011/12/18 11:46:28.0252
11:46:28.0252 0668 SystemInfo:
11:46:28.0252 0668
11:46:28.0252 0668 OS Version: 5.1.2600 ServicePack: 3.0
11:46:28.0252 0668 Product type: Workstation
11:46:28.0252 0668 ComputerName: BENJAMIN
11:46:28.0252 0668 UserName: Ben
11:46:28.0252 0668 Windows directory: D:\WINDOWS
11:46:28.0252 0668 System windows directory: D:\WINDOWS
11:46:28.0252 0668 Processor architecture: Intel x86
11:46:28.0252 0668 Number of processors: 1
11:46:28.0252 0668 Page size: 0x1000
11:46:28.0252 0668 Boot type: Normal boot
11:46:28.0252 0668 ============================================================
11:46:30.0124 0668 Initialize success
11:46:45.0737 2616 ============================================================
11:46:45.0737 2616 Scan started
11:46:45.0737 2616 Mode: Manual;
11:46:45.0737 2616 ============================================================
11:46:46.0257 2616 A3AB (21af8e9c727c6d7643ad497268f55bf1) D:\WINDOWS\system32\DRIVERS\A3AB.sys
11:46:46.0277 2616 A3AB - ok
11:46:46.0398 2616 Abiosdsk - ok
11:46:46.0488 2616 abp480n5 - ok
11:46:46.0588 2616 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
11:46:46.0598 2616 ACPI - ok
11:46:46.0728 2616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
11:46:46.0728 2616 ACPIEC - ok
11:46:46.0858 2616 adpu160m - ok
11:46:46.0978 2616 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
11:46:46.0978 2616 aec - ok
11:46:47.0119 2616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) D:\WINDOWS\System32\drivers\afd.sys
11:46:47.0129 2616 AFD - ok
11:46:47.0269 2616 agp440 (08fd04aa961bdc77fb983f328334e3d7) D:\WINDOWS\system32\DRIVERS\agp440.sys
11:46:47.0269 2616 agp440 - ok
11:46:47.0379 2616 Aha154x - ok
11:46:47.0519 2616 aic78u2 - ok
11:46:47.0599 2616 aic78xx - ok
11:46:47.0699 2616 AliIde - ok
11:46:47.0800 2616 amsint - ok
11:46:47.0890 2616 AN983 (116bff96077a4a724e0aab800525ceb5) D:\WINDOWS\system32\DRIVERS\AN983.sys
11:46:47.0910 2616 AN983 - ok
11:46:48.0020 2616 ANIO (920298c7aef97d8168d219d35975d295) D:\WINDOWS\system32\ANIO.SYS
11:46:48.0050 2616 ANIO - ok
11:46:48.0190 2616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
11:46:48.0190 2616 Arp1394 - ok
11:46:48.0300 2616 asc - ok
11:46:48.0390 2616 asc3350p - ok
11:46:48.0491 2616 asc3550 - ok
11:46:48.0571 2616 ASCTRM (d880831279ed91f9a4190a2db9539ea9) D:\WINDOWS\system32\drivers\ASCTRM.sys
11:46:48.0591 2616 ASCTRM - ok
11:46:48.0771 2616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:46:48.0771 2616 AsyncMac - ok
11:46:48.0911 2616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
11:46:48.0911 2616 atapi - ok
11:46:49.0011 2616 Atdisk - ok
11:46:49.0112 2616 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:46:49.0112 2616 Atmarpc - ok
11:46:49.0262 2616 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
11:46:49.0272 2616 audstub - ok
11:46:49.0422 2616 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
11:46:49.0422 2616 Beep - ok
11:46:49.0682 2616 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
11:46:49.0762 2616 BHDrvx86 - ok
11:46:49.0923 2616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
11:46:49.0933 2616 cbidf2k - ok
11:46:50.0043 2616 cd20xrnt - ok
11:46:50.0173 2616 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
11:46:50.0173 2616 Cdaudio - ok
11:46:50.0303 2616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
11:46:50.0303 2616 Cdfs - ok
11:46:50.0443 2616 Cdr4_xp (658cdea65fffac193482e10407e45da1) D:\WINDOWS\system32\drivers\Cdr4_xp.sys
11:46:50.0453 2616 Cdr4_xp - ok
11:46:50.0584 2616 Cdralw2k (6123da1ec51f4f016554535b88befbf6) D:\WINDOWS\system32\drivers\Cdralw2k.sys
11:46:50.0594 2616 Cdralw2k - ok
11:46:50.0704 2616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
11:46:50.0714 2616 Cdrom - ok
11:46:50.0904 2616 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) D:\WINDOWS\system32\drivers\cdudf_xp.sys
11:46:50.0924 2616 cdudf_xp - ok
11:46:51.0044 2616 Changer - ok
11:46:51.0124 2616 CmdIde - ok
11:46:51.0205 2616 Cpqarray - ok
11:46:51.0345 2616 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) D:\WINDOWS\system32\DRIVERS\ctljystk.sys
11:46:51.0355 2616 ctljystk - ok
11:46:51.0515 2616 dac2w2k - ok
11:46:51.0635 2616 dac960nt - ok
11:46:51.0755 2616 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
11:46:51.0775 2616 Disk - ok
11:46:51.0946 2616 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
11:46:51.0986 2616 dmboot - ok
11:46:52.0116 2616 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
11:46:52.0126 2616 dmio - ok
11:46:52.0276 2616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
11:46:52.0276 2616 dmload - ok
11:46:52.0416 2616 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
11:46:52.0416 2616 DMusic - ok
11:46:52.0576 2616 dpti2o - ok
11:46:52.0687 2616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
11:46:52.0697 2616 drmkaud - ok
11:46:52.0847 2616 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) D:\WINDOWS\system32\drivers\dvd_2K.sys
11:46:52.0847 2616 dvd_2K - ok
11:46:52.0977 2616 eeCtrl (75e8b69f28c813675b16db357f20720f) D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:46:53.0027 2616 eeCtrl - ok
11:46:53.0217 2616 emu10k (0f357fba3c473fc3b6a3f7937030b947) D:\WINDOWS\system32\drivers\emu10k1f.sys
11:46:53.0267 2616 emu10k - ok
11:46:53.0418 2616 emu10k1 (aadc81e967c25dd7c90e150fec6eab74) D:\WINDOWS\system32\drivers\ctlface.sys
11:46:53.0438 2616 emu10k1 - ok
11:46:53.0528 2616 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:46:53.0548 2616 EraserUtilRebootDrv - ok
11:46:53.0728 2616 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
11:46:53.0738 2616 Fastfat - ok
11:46:53.0868 2616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
11:46:53.0878 2616 Fdc - ok
11:46:53.0989 2616 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
11:46:53.0989 2616 Fips - ok
11:46:54.0129 2616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:46:54.0129 2616 Flpydisk - ok
11:46:54.0269 2616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
11:46:54.0279 2616 FltMgr - ok
11:46:54.0419 2616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
11:46:54.0419 2616 Fs_Rec - ok
11:46:54.0549 2616 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:46:54.0559 2616 Ftdisk - ok
11:46:54.0680 2616 gameenum (065639773d8b03f33577f6cdaea21063) D:\WINDOWS\system32\DRIVERS\gameenum.sys
11:46:54.0680 2616 gameenum - ok
11:46:54.0840 2616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
11:46:54.0850 2616 Gpc - ok
11:46:55.0030 2616 HCF_MSFT (4236e014632f4163f53ebb717f41594c) D:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
11:46:55.0080 2616 HCF_MSFT - ok
11:46:55.0220 2616 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
11:46:55.0220 2616 hidusb - ok
11:46:55.0330 2616 hpn - ok
11:46:55.0491 2616 hpt3xx - ok
11:46:55.0631 2616 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) D:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:46:55.0641 2616 HPZid412 - ok
11:46:55.0811 2616 HPZipr12 (89f41658929393487b6b7d13c8528ce3) D:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:46:55.0821 2616 HPZipr12 - ok
11:46:55.0961 2616 HPZius12 (abcb05ccdbf03000354b9553820e39f8) D:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:46:55.0971 2616 HPZius12 - ok
11:46:56.0122 2616 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
11:46:56.0142 2616 HTTP - ok
11:46:56.0282 2616 i2omgmt - ok
11:46:56.0382 2616 i2omp - ok
11:46:56.0462 2616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:46:56.0472 2616 i8042prt - ok
11:46:56.0692 2616 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSxpx86.sys
11:46:56.0732 2616 IDSxpx86 - ok
11:46:56.0883 2616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\drivers\Imapi.sys
11:46:56.0893 2616 Imapi - ok
11:46:57.0003 2616 ini910u - ok
11:46:57.0113 2616 IntelIde (b5466a9250342a7aa0cd1fba13420678) D:\WINDOWS\system32\DRIVERS\intelide.sys
11:46:57.0113 2616 IntelIde - ok
11:46:57.0243 2616 ip6fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
11:46:57.0243 2616 ip6fw - ok
11:46:57.0383 2616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:46:57.0403 2616 IpFilterDriver - ok
11:46:57.0604 2616 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
11:46:57.0644 2616 IpInIp - ok
11:46:57.0814 2616 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
11:46:57.0824 2616 IpNat - ok
11:46:57.0944 2616 IPSec (ba03c2a9ff77a94842346978fe2bfe74) D:\WINDOWS\system32\DRIVERS\ipsec.sys
11:46:57.0964 2616 IPSec - ok
11:46:58.0094 2616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
11:46:58.0104 2616 IRENUM - ok
11:46:58.0245 2616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
11:46:58.0255 2616 isapnp - ok
11:46:58.0365 2616 iscFlash - ok
11:46:58.0515 2616 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) D:\WINDOWS\system32\DRIVERS\jswscimd.sys
11:46:58.0535 2616 JSWSCIMD - ok
11:46:58.0715 2616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:46:58.0725 2616 Kbdclass - ok
11:46:58.0906 2616 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
11:46:58.0916 2616 kmixer - ok
11:46:59.0086 2616 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
11:46:59.0096 2616 KSecDD - ok
11:46:59.0286 2616 l8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) D:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
11:46:59.0306 2616 l8042pr2 - ok
11:46:59.0426 2616 lbrtfdc - ok
11:46:59.0536 2616 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) D:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
11:46:59.0547 2616 LHidFlt2 - ok
11:46:59.0697 2616 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) D:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
11:46:59.0707 2616 LMouFlt2 - ok
11:46:59.0827 2616 MBAMSwissArmy - ok
11:46:59.0957 2616 mmc_2K (0a35ad036de912858a1c5e9637840724) D:\WINDOWS\system32\drivers\mmc_2K.sys
11:46:59.0977 2616 mmc_2K - ok
11:47:00.0117 2616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
11:47:00.0127 2616 mnmdd - ok
11:47:00.0258 2616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
11:47:00.0258 2616 Modem - ok
11:47:00.0398 2616 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) D:\WINDOWS\system32\drivers\MODEMCSA.sys
11:47:00.0408 2616 MODEMCSA - ok
11:47:00.0528 2616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:00.0538 2616 Mouclass - ok
11:47:00.0658 2616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
11:47:00.0678 2616 mouhid - ok
11:47:00.0818 2616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
11:47:00.0828 2616 MountMgr - ok
11:47:00.0939 2616 mraid35x - ok
11:47:01.0059 2616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:01.0069 2616 MRxDAV - ok
11:47:01.0219 2616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:01.0259 2616 MRxSmb - ok
11:47:01.0409 2616 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
11:47:01.0409 2616 Msfs - ok
11:47:01.0549 2616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:01.0559 2616 MSKSSRV - ok
11:47:01.0670 2616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:01.0680 2616 MSPCLOCK - ok
11:47:01.0830 2616 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
11:47:01.0850 2616 MSPQM - ok
11:47:01.0990 2616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:01.0990 2616 mssmbios - ok
11:47:02.0120 2616 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys
11:47:02.0140 2616 Mup - ok
11:47:02.0270 2616 MxlW2k (661d806ea4154b43c0a6fc2f916f69c1) D:\WINDOWS\system32\drivers\MxlW2k.sys
11:47:02.0300 2616 MxlW2k - ok
11:47:02.0521 2616 NAVENG (862f55824ac81295837b0ab63f91071f) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111217.009\NAVENG.SYS
11:47:02.0531 2616 NAVENG - ok
11:47:02.0781 2616 NAVEX15 (529d571b551cb9da44237389b936f1ae) D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111217.009\NAVEX15.SYS
11:47:02.0901 2616 NAVEX15 - ok
11:47:03.0132 2616 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
11:47:03.0142 2616 NDIS - ok
11:47:03.0292 2616 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:03.0302 2616 NdisTapi - ok
11:47:03.0442 2616 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:03.0442 2616 Ndisuio - ok
11:47:03.0672 2616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:03.0682 2616 NdisWan - ok
11:47:03.0873 2616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
11:47:03.0893 2616 NDProxy - ok
11:47:04.0053 2616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:04.0053 2616 NetBIOS - ok
11:47:04.0183 2616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:04.0193 2616 NetBT - ok
11:47:04.0383 2616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) D:\WINDOWS\system32\DRIVERS\nic1394.sys
11:47:04.0393 2616 NIC1394 - ok
11:47:04.0564 2616 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
11:47:04.0574 2616 Npfs - ok
11:47:04.0794 2616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
11:47:04.0854 2616 Ntfs - ok
11:47:05.0024 2616 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
11:47:05.0024 2616 Null - ok
11:47:05.0235 2616 nv (1685a86ce8dc5a70d307dca625fb50e7) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:47:05.0305 2616 nv - ok
11:47:05.0475 2616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:05.0545 2616 NwlnkFlt - ok
11:47:05.0675 2616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:05.0685 2616 NwlnkFwd - ok
11:47:05.0856 2616 ohci1394 (ca33832df41afb202ee7aeb05145922f) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:47:05.0856 2616 ohci1394 - ok
11:47:05.0996 2616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
11:47:06.0006 2616 Parport - ok
11:47:06.0136 2616 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
11:47:06.0136 2616 PartMgr - ok
11:47:06.0256 2616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
11:47:06.0256 2616 ParVdm - ok
11:47:06.0376 2616 PcdrNt (ab9ce7fcf5c4fb1a65d43b126dad601e) D:\WINDOWS\System32\drivers\PcdrNt.sys
11:47:06.0406 2616 PcdrNt - ok
11:47:06.0577 2616 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
11:47:06.0587 2616 PCI - ok
11:47:06.0707 2616 PCIDump - ok
11:47:06.0807 2616 PCIIde - ok
11:47:06.0967 2616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:06.0987 2616 Pcmcia - ok
11:47:07.0067 2616 PDCOMP - ok
11:47:07.0208 2616 PDFRAME - ok
11:47:07.0308 2616 PDRELI - ok
11:47:07.0398 2616 PDRFRAME - ok
11:47:07.0478 2616 perc2 - ok
11:47:07.0628 2616 perc2hib - ok
11:47:07.0728 2616 PfModNT (2f5532f9b0f903b26847da674b4f55b2) D:\WINDOWS\System32\PfModNT.sys
11:47:07.0808 2616 PfModNT - ok
11:47:07.0999 2616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:07.0999 2616 PptpMiniport - ok
11:47:08.0149 2616 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) D:\WINDOWS\system32\drivers\PQNTDrv.sys
11:47:08.0179 2616 PQNTDrv - ok
11:47:08.0329 2616 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\WINDOWS\system32\DRIVERS\processr.sys
11:47:08.0349 2616 Processor - ok
11:47:08.0620 2616 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
11:47:08.0630 2616 PSched - ok
11:47:08.0920 2616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:08.0930 2616 Ptilink - ok
11:47:09.0080 2616 pwd_2K (1840112f3f3b7ece84dbbd93a70c4135) D:\WINDOWS\system32\drivers\pwd_2K.sys
11:47:09.0110 2616 pwd_2K - ok
11:47:09.0230 2616 ql1080 - ok
11:47:09.0371 2616 Ql10wnt - ok
11:47:09.0551 2616 ql12160 - ok
11:47:09.0651 2616 ql1240 - ok
11:47:09.0731 2616 ql1280 - ok
11:47:09.0911 2616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:09.0911 2616 RasAcd - ok
11:47:10.0052 2616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:10.0052 2616 Rasl2tp - ok
11:47:10.0192 2616 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:10.0192 2616 RasPppoe - ok
11:47:10.0322 2616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:10.0322 2616 Raspti - ok
11:47:10.0462 2616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:10.0462 2616 Rdbss - ok
11:47:10.0642 2616 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:10.0652 2616 RDPCDD - ok
11:47:10.0813 2616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys
11:47:10.0833 2616 RDPWD - ok
11:47:11.0003 2616 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
11:47:11.0003 2616 redbook - ok
11:47:11.0213 2616 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:11.0223 2616 Secdrv - ok
11:47:11.0363 2616 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:11.0374 2616 serenum - ok
11:47:11.0544 2616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
11:47:11.0544 2616 Serial - ok
11:47:11.0704 2616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:11.0704 2616 Sfloppy - ok
11:47:11.0864 2616 sfman (c5df244e56f2e8077adec1a76992ca74) D:\WINDOWS\system32\drivers\sfman.sys
11:47:11.0874 2616 sfman - ok
11:47:11.0984 2616 Simbad - ok
11:47:12.0105 2616 Sk99202k (c75c87a92d8d96ca16e35df929981793) D:\WINDOWS\system32\DRIVERS\Sk99202k.sys
11:47:12.0105 2616 Sk99202k - ok
11:47:12.0245 2616 Sk9920nt (36f8779600661a2a5faaba74e9392961) D:\WINDOWS\system32\DRIVERS\Sk9920nt.sys
11:47:12.0245 2616 Sk9920nt - ok
11:47:12.0355 2616 Sparrow - ok
11:47:12.0475 2616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
11:47:12.0475 2616 splitter - ok
11:47:12.0675 2616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\System32\DRIVERS\sr.sys
11:47:12.0675 2616 sr - ok
11:47:12.0896 2616 SRTSP (83726cf02eced69138948083e06b6eac) D:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
11:47:12.0916 2616 SRTSP - ok
11:47:13.0106 2616 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) D:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
11:47:13.0116 2616 SRTSPX - ok
11:47:13.0276 2616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
11:47:13.0306 2616 Srv - ok
11:47:13.0457 2616 StillCam (a9573045baa16eab9b1085205b82f1ed) D:\WINDOWS\system32\DRIVERS\serscan.sys
11:47:13.0467 2616 StillCam - ok
11:47:13.0647 2616 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:13.0647 2616 swenum - ok
11:47:13.0787 2616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
11:47:13.0797 2616 swmidi - ok
11:47:13.0927 2616 symc810 - ok
11:47:14.0017 2616 symc8xx - ok
11:47:14.0298 2616 SymDS (9bbeb8c6258e72d62e7560e6667aad39) D:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
11:47:14.0338 2616 SymDS - ok
11:47:14.0708 2616 SymEFA (d5c02629c02a820a7e71bca3d44294a3) D:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
11:47:14.0818 2616 SymEFA - ok
11:47:14.0999 2616 SymEvent (ab33c3b196197ca467cbdda717860dba) D:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:47:15.0019 2616 SymEvent - ok
11:47:15.0239 2616 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) D:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
11:47:15.0259 2616 SymIRON - ok
11:47:15.0449 2616 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) D:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
11:47:15.0479 2616 SYMTDI - ok
11:47:15.0650 2616 sym_hi - ok
11:47:15.0740 2616 sym_u3 - ok
11:47:15.0890 2616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
11:47:15.0900 2616 sysaudio - ok
11:47:16.0060 2616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:16.0080 2616 Tcpip - ok
11:47:16.0210 2616 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:16.0210 2616 TDPIPE - ok
11:47:16.0331 2616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
11:47:16.0331 2616 TDTCP - ok
11:47:16.0471 2616 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:16.0471 2616 TermDD - ok
11:47:16.0641 2616 TosIde - ok
11:47:16.0801 2616 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) D:\WINDOWS\system32\drivers\UdfReadr_xp.sys
11:47:16.0811 2616 UdfReadr_xp - ok
11:47:16.0962 2616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
11:47:16.0962 2616 Udfs - ok
11:47:17.0072 2616 ultra - ok
11:47:17.0222 2616 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
11:47:17.0242 2616 Update - ok
11:47:17.0432 2616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:17.0452 2616 usbccgp - ok
11:47:17.0653 2616 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:17.0653 2616 usbhub - ok
11:47:17.0803 2616 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:17.0803 2616 usbprint - ok
11:47:17.0963 2616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
11:47:17.0973 2616 usbscan - ok
11:47:18.0103 2616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:18.0113 2616 USBSTOR - ok
11:47:18.0253 2616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:18.0253 2616 usbuhci - ok
11:47:18.0384 2616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
11:47:18.0384 2616 VgaSave - ok
11:47:18.0484 2616 ViaIde - ok
11:47:18.0624 2616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
11:47:18.0644 2616 VolSnap - ok
11:47:18.0734 2616 vsdatant - ok
11:47:18.0894 2616 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:18.0904 2616 Wanarp - ok
11:47:19.0045 2616 wanatw (ba1d9278448cb26152a18b6a06b61ea3) D:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:47:19.0065 2616 wanatw - ok
11:47:19.0195 2616 wandrv (30211add92098d4b5cfadbf3da01e69b) D:\WINDOWS\system32\DRIVERS\wandrv.sys
11:47:19.0205 2616 wandrv - ok
11:47:19.0325 2616 WDICA - ok
11:47:19.0445 2616 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
11:47:19.0445 2616 wdmaud - ok
11:47:19.0675 2616 Winachcf (7e02b2bb53585f4fc851834391d65a8a) D:\WINDOWS\system32\DRIVERS\winachcf.sys
11:47:19.0705 2616 Winachcf - ok
11:47:19.0856 2616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:47:19.0976 2616 \Device\Harddisk0\DR0 - ok
11:47:19.0986 2616 Boot (0x1200) (9dfcc9c61852f92b221a72ace0be8ff8) \Device\Harddisk0\DR0\Partition0
11:47:19.0986 2616 \Device\Harddisk0\DR0\Partition0 - ok
11:47:20.0006 2616 Boot (0x1200) (e25e04d65023e53091ca65a0ee903e45) \Device\Harddisk0\DR0\Partition1
11:47:20.0006 2616 \Device\Harddisk0\DR0\Partition1 - ok
11:47:20.0046 2616 Boot (0x1200) (cbd4493422d536bc989956a5047ad44c) \Device\Harddisk0\DR0\Partition2
11:47:20.0046 2616 \Device\Harddisk0\DR0\Partition2 - ok
11:47:20.0066 2616 Boot (0x1200) (b606a03a18c1bf5e8b8e337378020cc4) \Device\Harddisk0\DR0\Partition3
11:47:20.0066 2616 \Device\Harddisk0\DR0\Partition3 - ok
11:47:20.0066 2616 ============================================================
11:47:20.0066 2616 Scan finished
11:47:20.0066 2616 ============================================================
11:47:20.0086 2580 Detected object count: 0
11:47:20.0086 2580 Actual detected object count: 0 | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to Zoder
Clean so far. One more check for Root Kits..
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.
You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
Zoder
join:2002-04-16
Miami, FL
1 edit | Here's the log. Every result was "Removable: Yes (but clean up not recommended for this file)"
Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 12/18/2011 at 13:22:34 PM
User "anon" on computer "anon"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info:Starting process scan.
Info:Starting registry scan.
Info:Starting disk scan of C: (FAT).
Info:Starting disk scan of D: (NTFS).
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UJVQ2V78\.6;btg=bk.dgt;btg=bk.li;btg=mm.ag1;btg=mm.ah1;btg=mm.ai1;btg=mm.aj1;btg=mm.an5;btg=mm.ao1;btg=mm.ap1;btg=mm.as1;btg=mm.at1;btg=mm.da1;btg=mm[1].db3;ord=463200899457198
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\M3H46FNB\ctx=2_78_m;net=ns;cmw=owl;contx=celalapt;an=220;bu=25;br=4721;dc=d;btg=ns.cegaxbox_m;btg=ns.mosmphon_l;btg=ex.49;btg=ex.ng;btg=ex.51;btg=ex[1].arn;ord=3639946733911802
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\M3H46FNB\cmw=owl;contx=celalapt;an=170;bu=25;br=4721;dc=d;btg=ns.cegaxbox_m;btg=ns.mosmphon_l;btg=ns.celalapt_l;btg=ex.49;btg=ex.ng;btg=ex.51;btg=ex[1].arn;ord=3639946733911802
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\6WYIAR3N\.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.hl;btg=mm[1].au5;ord=8048957396430427
Hidden:file D:\NVIDIA\WinXP-2K\45.23\nv4_disp.dll
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB67Q9YB\;page=category;pid=10;kw=blinkx;fc_utarget_ok=false;t=;tvshowid=;distribution_partner_id=;sz=125x30,234x60,300x250,980x610,468x60,728x90;tile=5;~cs=p[1].gif
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\W8OQ0T9C\.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.hl;btg=mm[1].au5;ord=8048957396430427
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\cZL1BxTtCzkCo8YVBQTjJkghaXy28R7FGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0l MU-jamXs1aehYv48Jn11ZQAU5sM5ees8-_OsmL0PoJGO_TJOZ7DqoPS9V9GzJTLva_OA9WjtYzAxbZnghyWz7l51zHEV[1].jpg
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\W72PY9A4\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa5;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.aj5;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=9855570630395552
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\X0VYWE7E\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa5;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.aj5;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=9382189323050260
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\KID768GZ\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=6464062636372769
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\6WYIAR3N\.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.hl;btg=mm[2].au5;ord=8048957396430427
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\p%253A%252F%252Fpresspause.mevio[3].com%252F%253Futm_campaign%253Dd7a974_572913_264021_113535_24905_none%2526utm_source%253Dd7a974%2526utm_medium%253Dd7a974
Hidden:file D:\Documents and Settings\All Users\Application Data\Norton\00000082\00000114\000004ea\cltLMS1.dat
Hidden:file D:\Documents and Settings\All Users\Application Data\Norton\00000082\00000114\000004ea\cltLMS2.dat
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\28IJ2BFY\.10-ns.mosmphon_m-ns.moosappl_l;;ppos=BTF;kw=;tile=3;sz=120x600,160x600;net=ns;cmw=owl;contx=ads;an=10;dc=d;btg=ns.mosmphon_m;btg=ns[1].moosappl_l;ord=4623358870268863
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\M3H46FNB\54,1241aee1bf8443f,cesoanti,ax[1].220;;ppos=atf;kw=;tile=1;sz=728x90,970x90;ctx=2_78_m;net=ns;cmw=owl;contx=cesoanti;an=220;bu=25;br=4721;dc=d;btg=;ord=626581679590508
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\M3H46FNB\1bf8443f,cesoanti,ax[1].170;;ppos=ATF;kw=;tile=4;sz=300x250,300x600,336x280;ctx=2_78_m;net=ns;cmw=owl;contx=cesoanti;an=170;bu=25;br=4721;dc=d;btg=;ord=626581679590508
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\BOHCHLB2\bf8443f,celalapt,ax[1].220;;ppos=ATF;kw=;tile=4;sz=300x250,300x600,336x280;ctx=2_78_m;net=ns;cmw=owl;contx=celalapt;an=220;bu=25;br=4721;dc=d;btg=;ord=5599777715072957
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\M3H46FNB\cmw=owl;contx=celalapt;an=240;bu=25;br=4721;dc=d;btg=ns.cegaxbox_m;btg=ns.mosmphon_l;btg=ns.celalapt_l;btg=ex.49;btg=ex.ng;btg=ex.51;btg=ex[1].arn;ord=5599777715072957
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\324189989,124731f4db08be9,smallbusiness,ax.;;sz=728x90;net=cm;ord1=454602;dcopt=ist;cmw=owl;contx=smallbusiness;an=;bu=;br=;dc=w;btg=;ord=1324189976[1].2583
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\O41JZS71\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=4427930639534482
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\C91KQ7B1\.28;btg=ex.16;btg=ex.21;btg=ex.14;btg=ex.25;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk[1].na;ord=177730724920257
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\E2L01614\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=4149134670334816
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\EHQNXJFG\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=5801267978950497
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3KVLEB2\click2,NwQAAOj2CQC-xRoAAAAAAD7RCAAAAAAAAgAAAAoAAAAAAP8AAAAHDrGzEAAAAAAAh1QDAAAAAAB7nwwAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABlFgUAAAAAAAIAAwAAAAAAY8UM syI[2]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\%3A00-05%3A00%3Bkvpg=dailyfinance%2Fsavings-experiment;kvugc=1;kvui=4bc60a72294211e185805f77c2b94d14;kvmn=93317243;target=_blank;aduho=-300;grp=190162276[1]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\%3A00-05%3A00%3Bkvpg=dailyfinance%2Fsavings-experiment;kvugc=1;kvui=4bc60a72294211e185805f77c2b94d14;kvmn=93314441;target=_blank;aduho=-300;grp=190162276[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\7DBH6SHI\.13.37.201-2544426592[1].30104248&m=1&site=ctix&subdomain=ctix&group=A&tile=1296275508835&dsrc=6&dest=HNL&height=90&rotator=module&width=728&adType=noframe&pos=bottom&
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\8563WHMV\tech;dir=techbiz;dir=tech;ad=lb;del=js;ajax=n;dcopt=ist;ad=pop;heavy=n;pageId=nwswk-id-208652;poe=yes;undefinedfromrss=n;rss=n;front=n;pos=leaderboard;sz=728x90;tile=1;ord=21[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\tech;dir=techbiz;dir=tech;ad=170x113;del=js;ajax=n;heavy=n;pageId=nwswk-id-208652;poe=yes;undefinedfromrss=n;rss=n;front=n;pos=170x113;sz=170x113;tile=2;ord=21613827300498730[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\tech;dir=techbiz;dir=tech;ad=bb;del=js;ajax=n;heavy=n;pageId=nwswk-id-208652;poe=yes;undefinedfromrss=n;rss=n;front=n;pos=bigbox;sz=300x250;tile=3;ord=216138273004987300[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\tech;dir=techbiz;dir=tech;ad=bb;ad=hp;ad=ss;del=js;ajax=n;heavy=n;pageId=nwswk-id-208652;poe=yes;undefinedfromrss=n;rss=n;front=n;pos=articleFlex;sz=300x250,336x850,160x600,3[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\activity;src=2309962;met=1;v=1;pid=37486052;aid=215504778;ko=0;cid=31752098;rid=31769974;rv=2;×tamp=1248546380838;eid1=2;ecn1=1;etm1=4;eid2=10;ecn2=1;etm2=0;eid3=4;ecn3=[1].gif
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\XHLIBMZV\activity;src=2309962;met=1;v=1;pid=37486052;aid=215504778;ko=0;cid=31752098;rid=31769974;rv=2;×tamp=1248546387537;eid1=2;ecn1=0;etm1=6;eid2=10;ecn2=0;etm2=7;[1].gif
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\activity;src=2309962;met=1;v=1;pid=37486052;aid=215504778;ko=0;cid=31752098;rid=31769974;rv=2;×tamp=1248546405834;eid1=2;ecn1=0;etm1=19;eid2=10;ecn2=0;etm2=18;[1].gif
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\activity;src=2309962;met=1;v=1;pid=37486052;aid=215504778;ko=0;cid=31752098;rid=31769974;rv=2;×tamp=1248546426904;eid1=2;ecn1=0;etm1=21;eid2=10;ecn2=0;etm2=4;[1].gif
Hidden:file D:\WINDOWS\Temp\oggcodecs_0.71.0946.exe
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\G6R3XJVJ\.dc;btg=vt.db;btg=vt.dz;btg=vt.ad;btg=vt.by;btg=vt.ax;btg=vt.aj;btg=vt.g;btg=vt.cm;btg=vt.eh;btg=vt.cn;btg=vt.al;btg=vt.cp;btg=vt.cq;btg=vt.di;btg=vt[1].cr;ord=4452695
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=142x70;path=ew;path=package;dcove=d;cmpos=globalheader;cmtyp=text;dcop[2].com;tile=1;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=170x30;path=ew;path=package;dcove=d;dcopt=ist;pgurl=1;rhost=www[2].com;tile=2;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=300x250;path=ew;path=package;dcove=d;pos=2;pgurl=1;rhost=www.google[2].com;tile=3;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3KVLEB2\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=322x100;path=ew;path=package;dcove=d;pgurl=1;rhost=www.google[2].com;tile=4;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZNLT15LU\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=160x600;path=ew;path=package;dcove=d;pgurl=1;rhost=www.google[2].com;tile=5;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9U78LEZ\content;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=728x90;path=ew;path=package;dcove=d;pgurl=1;rhost=www.google[2].com;tile=6;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9WT2V81\footer;pid=1550612;ch=tv;sch=ew%27s%20special%20coverage;ptype=content;sz=728x90;path=ew;path=package;dcove=d;pos=10;pgurl=1;rhost=www.google[2].com;tile=7;pu=0;ord=294095112719
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\J6VD597B\adlink%2F5113%2F677182%2F0%2F225%2FAdId%3D379477%3BBnId%3D1%3Bitime%3D548406519%3Bkvmn%3D93220031%3Bkvtid%3D14el8in0tvuuhk%3Bkvseg%3D99999%3A52972%3A53050%3A53056%3A53057%3A5[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9U78LEZ\adlink%2F5113%2F695657%2F0%2F154%2FAdId%3D325208%3BBnId%3D1%3Bitime%3D548408664%3Bkvmn%3D93249131%3Bkvtid%3D14el8in0tvuuhk%3Bkvseg%3D99999%3A52972%3A53050%3A53056%3A53057%3A5[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1WBEH65\adlink%2F5113%2F677181%2F0%2F170%2FAdId%3D318361%3BBnId%3D1%3Bitime%3D548409835%3Bkvmn%3D93220030%3Bkvtid%3D14el8in0tvuuhk%3Bkvseg%3D99999%3A52972%3A53050%3A53056%3A53057%3A5[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\adlink%2F5113%2F677180%2F0%2F154%2FAdId%3D347608%3BBnId%3D1%3Bitime%3D548409848%3Bkvmn%3D93220029%3Bkvtid%3D14el8in0tvuuhk%3Bkvseg%3D99999%3A52972%3A53050%3A53056%3A53057%3A5[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\XHLIBMZV\activity;src=2272914;met=1;v=1;pid=38927753;aid=216380783;ko=0;cid=32564239;rid=32582115;rv=1;×tamp=1248548482329;eid1=2;ecn1=0;etm1=19;eid2=3;ecn2=1;etm2=1;eid3=4;ecn3=[1].gif
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\VXFPB4AL\.au;btg=qc.av;btg=qc.aw;btg=la.al;btg=la.am;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].xml
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\U9OO2NO9\.au;btg=qc.av;btg=qc.aw;btg=la.al;btg=la.am;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].xml
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\9H9IMU06\ADTYPE=PUSHDOWN&PAGEPOS=1&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32086[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\XHLIBMZV\main_132;sz=480x70;mpvid=AARvjcTdNg_Bhyxm;kl=N;!c=132;k2=145;k2=44;k3=145;klg=en;kvid=SsWrY77o77o;kpu=ComedyTimeDir;kr=F;kt=K;ko=p;kpid=132;kga=-1;u=SsWrY77o77o_132;k4=44;kgg[1].asf
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\main_132;sz=450x60;mpvid=AARvjcTdNg_Bhyxm;kl=N;!c=132;k2=145;k2=44;k3=145;klg=en;kvid=SsWrY77o77o;kpu=ComedyTimeDir;kr=F;kt=K;ko=p;kpid=132;kga=-1;u=SsWrY77o77o_132;k4=44;kgg[1].asf
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\main_132;sz=300x250;mpvid=AARvjcTdNg_Bhyxm;kl=N;!c=132;k2=145;k2=44;k3=145;klg=en;kvid=SsWrY77o77o;kpu=ComedyTimeDir;kr=F;kt=K;ko=p;kpid=132;kga=-1;u=SsWrY77o77o_132;k4=44;kg[1].htm
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\RSLTMCUV\.34;btg=dx.36;btg=qc.ag;btg=qc.ai;btg=qc.aj;btg=qc.ah;btg=qc.ak;btg=qc.al;btg=qc.am;btg=qc.an;btg=qc.ao;btg=qc.ap;btg=qc.aq;btg=qc.ar;btg=qc.as;btg=qc.at;btg=qc[1].htm
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\WRWKED3W\.ag;btg=qc.ai;btg=qc.aj;btg=qc.ah;btg=qc.ak;btg=qc.al;btg=qc.am;btg=qc.an;btg=qc.ao;btg=qc.ap;btg=qc.aq;btg=qc.ar;btg=qc.as;btg=qc.at;btg=qc.au;btg=qc.av;btg=qc[1].htm
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\D8GDQPKB\.34;btg=dx.36;btg=qc.ag;btg=qc.ai;btg=qc.aj;btg=qc.ah;btg=qc.ak;btg=qc.al;btg=qc.am;btg=qc.an;btg=qc.ao;btg=qc.ap;btg=qc.aq;btg=qc.ar;btg=qc.as;btg=qc.at;btg=qc[1].htm
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\ZVS9EWEQ\.49;btg=ex.77;btg=ex.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk[1].iv;ord=7130889621964331
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\Type=click&FlightID=233529&AdID=321897&TargetID=15957&Segments=2276,2743,2872,3285,3800,4008,4634,5045,8836,8886,9496,9779,9781,9784,9853,10376,11120,13094,13095,13096,13097,[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\Type=click&FlightID=233529&AdID=321897&TargetID=15957&Segments=2276,2743,2872,3285,3800,4008,4634,5045,8836,8886,9496,9779,9781,9784,9853,10376,11120,13094,13095,13096,13097,[1].htm
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UOXKQR39\.49;btg=ex.77;btg=ex.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk[1].iv;ord=4016431576414667
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\WC665E6M\.49;btg=ex.77;btg=ex.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk[1].iv;ord=9580193540840708
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\ZVS9EWEQ\.49;btg=ex.77;btg=ex.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk[1].iv;ord=6921605852654698
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\TMVSBPIW\.ign.com$252F&name=ATAtracker&subdomain=www.ign.com&pagetype=channel&pagetype=channel&server=media-cms-prd-textinj-01.las1.colo.ignops[1].com&src=wrapper®insider=a&
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\KY5WV87D\.b;btg=ex.49;btg=ex.40;btg=ex.6;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm.au5;ord=1306561868[1].319586
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\4B7B634L\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=475060277
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AHZKV0OY\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=475060277
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\W05ZSGVH\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=475060277
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SYWDLRQ5\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=475060277
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SYWDLRQ5\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=743717666
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AHZKV0OY\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=743717666
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\4B7B634L\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=743717666
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\4B7B634L\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[2].educat_l;ord=743717666
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\211948205_1324190387,124731f4db08be9,noc,;;sz=300x250;app=disney_apmp_key;net=cm;env=ifr;ord1=113549;dcopt=ist;cmw=owl;contx=noc;dc=d;btg=;ord=1324190385[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\E0XZPB9Z\.kj;btg=bk.na;btg=bk.it;btg=mm.aa5;btg=mm.ac5;btg=mm.ag1;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm.ar1;btg=mm.as1;btg=mm[1].at1;ord=655176396753139
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AHZKV0OY\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=485491492
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\4B7B634L\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=485491492
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SYWDLRQ5\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=485491492
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\W05ZSGVH\.30;btg=dx.34;btg=dx.36;btg=mm.ag5;btg=mm.ah1;btg=mm.aq5;btg=mm.db3;btg=mm.da1;btg=cm.polit_h;btg=cm.food_l;btg=cm.biz_l;btg=cm.shop_l;btg=cm[1].educat_l;ord=485491492
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\IKKTG1TM\.6;btg=bk.dgt;btg=bk.li;btg=mm.ag1;btg=mm.ah1;btg=mm.ai1;btg=mm.aj1;btg=mm.an5;btg=mm.ao1;btg=mm.ap1;btg=mm.as1;btg=mm.at1;btg=mm.da1;btg=mm[1].db3;ord=463200899457198
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9WT2V81\ADTYPE=SUPERSTITIAL&PAGEPOS=3&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32[1]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB67Q9YB\3A%252F%252Fbestofyoutube.mevio[1].com%252F%253Futm_campaign%253Ddf250c_572913_263882_113535_24905_none%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\displayads.com%252Ffw-nonplayer-banner[1].php%253Fw%253D728%2526h%253D90%2526fwcsid%253Dhome%2526btf%253D1%2526is_ex%253Dno%2526btype%253D1%2526zone%253Dros
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q7UHGRUB\p%253A%252F%252Fbestofyoutube.mevio[1].com%252F%253Futm_campaign%253Ddf250c_572913_263881_114316_19916_1%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\p%253A%252F%252Fbestofyoutube.mevio[1].com%252F%253Futm_campaign%253Ddf250c_572913_263881_114316_19916_1%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q7UHGRUB\3A%252F%252Fbestofyoutube.mevio[1].com%252F%253Futm_campaign%253Ddf250c_572913_263882_113535_24905_none%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\J6VD597B\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[3]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\9H9IMU06\ADTYPE=GOOGLE_LEADERBOARD&PAGEPOS=1&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3KVLEB2\ADTYPE=BIGBOX&PAGEPOS=5&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32086[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1WBEH65\ADTYPE=SUPERSTITIAL&PAGEPOS=2&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9WT2V81\ADTYPE=VIDEO_XML_DESCRIPTOR&PAGEPOS=1&CATEGORY=RECIPES_AND_COOKING&PAGE=MAIN&SITE=FOOD&TILE=20023818432086&ORD=8613611154&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTI[1].xml
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\9H9IMU06\PAGE=1&ADTYPE=BIGBOX&PAGEPOS=5&KEYWORD=creamed&KEYWORD=spinach&FILTER=recipe&CATEGORY=SEARCH&SITE=FOOD&TILE=81026394251122623846&ORD=8613691259&PAGETYPE=Search&SECTION_ID=112[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\ADTYPE=PUSHDOWN&PAGEPOS=1&CATEGORY=RECIPES&SITE=FOOD&TILE=12380074279936&ORD=8613708073&PAGETYPE=RECIPE&UNIQUEID=FOOD_RECIPE_126651_1&SECTION_ID=9936&ADKEY1=SPINACH&ADKEY2=SI[1]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\3A%252F%252Fbestofyoutube.mevio[1].com%252F%253Futm_campaign%253Ddf250c_572913_263882_113535_24905_none%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3KVLEB2\ADTYPE=GOOGLE_LEADERBOARD&PAGEPOS=1&CATEGORY=RECIPES&SITE=FOOD&TILE=12380074279936&ORD=8613708073&PAGETYPE=RECIPE&UNIQUEID=FOOD_RECIPE_126651_1&SECTION_ID=9936&ADKEY1=SPINACH[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZNLT15LU\ADTYPE=BIGBOX&PAGEPOS=5&CATEGORY=RECIPES&SITE=FOOD&TILE=12380074279936&ORD=8613708073&PAGETYPE=RECIPE&UNIQUEID=FOOD_RECIPE_126651_1&SECTION_ID=9936&ADKEY1=SPINACH&ADKEY2=SIDE[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9U78LEZ\ADTYPE=SUPERSTITIAL&PAGEPOS=2&CATEGORY=RECIPES&SITE=FOOD&TILE=12380074279936&ORD=8613708073&PAGETYPE=RECIPE&UNIQUEID=FOOD_RECIPE_126651_1&SECTION_ID=9936&ADKEY1=SPINACH&ADKEY[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\ADTYPE=SUPERSTITIAL&PAGEPOS=3&CATEGORY=RECIPES&SITE=FOOD&TILE=12380074279936&ORD=8613708073&PAGETYPE=RECIPE&UNIQUEID=FOOD_RECIPE_126651_1&SECTION_ID=9936&ADKEY1=SPINACH&ADKEY[1]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q7UHGRUB\p%253A%252F%252Fbestofyoutube.mevio[3].com%252F%253Futm_campaign%253Ddf250c_572913_263881_114316_19916_1%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9U78LEZ\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\ciuCSS-ciuAnnotations-156.css._V157883856_[1].css
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\p%253A%252F%252Fpresspause.mevio[1].com%252F%253Futm_campaign%253Dd7a974_572913_264021_113535_24905_none%2526utm_source%253Dd7a974%2526utm_medium%253Dd7a974
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q7UHGRUB\p%253A%252F%252Fbestofyoutube.mevio[2].com%252F%253Futm_campaign%253Ddf250c_572913_263881_114316_19916_1%2526utm_source%253Ddf250c%2526utm_medium%253Ddf250c
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WGCILVG\p%253A%252F%252Fpresspause.mevio[2].com%252F%253Futm_campaign%253Dd7a974_572913_264021_113535_24905_none%2526utm_source%253Dd7a974%2526utm_medium%253Dd7a974
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\J6VD597B\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\J6VD597B\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=69374[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\8563WHMV\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=76058[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TNTBU23\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZNLT15LU\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=54843[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\LAHKZFYX\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=76373[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9WT2V81\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=22305[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1WBEH65\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=1;dcopt=ist;sz=728x90;[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\9H9IMU06\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=95936[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZNLT15LU\runofsection_puzzlesboards;gw=puzzlesboards;sec_0=runofsection_puzzlesboards;!category=expand;u_gw-puzzlesboards_sec_0-runofsection_puzzlesboards_;tile=2;sz=300x250;ord=96135[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temp\Temporary Internet Files\Content.IE5\YYIH154M\sw;pos=top;dcopt=ist;zdid=a242649;zdtype=news;zdcompany=att;pagetype=article2;tile=1;sz=728x90;ord=716333266;zdtopic=newsanaly;zdtopic=pgsw;zdtopic=pgswsecurity[2]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\JM8NEOB8\.cmobveriz_l;btg=ns.cmobblack_m;btg=ns.cmobsprin_l;btg=ns.cmobandroa_m;btg=an.115;btg=ex.11;btg=ti.12;btg=ti.173;btg=ti.214;btg=vt.ep;btg=bk[1].hh;ord=7126695111162008
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\NPNTFPH9\.yahoo.com_@2Fblogs_@2Fdaily-ticker_@2Fanother-corporate-outrage-golden-parachutes-failed-ceos-153646807[1].html_@3Fsec%3DtopStories_@26pos%3D3_@26asset%3D_@26ccode%3D
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\EJMD1OLN\.cmobveriz_l;btg=ns.cmobblack_m;btg=ns.cmobsprin_l;btg=ns.cmobandroa_m;btg=an.115;btg=ex.11;btg=ti.12;btg=ti.173;btg=ti.214;btg=vt.ep;btg=bk[1].hh;ord=3183968381918597
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\6KYLEI8F\.cmobveriz_l;btg=ns.cmobblack_m;btg=ns.cmobsprin_l;btg=ns.cmobandroa_m;btg=an.115;btg=ex.11;btg=ti.12;btg=ti.173;btg=ti.214;btg=vt.ep;btg=bk[1].hh;ord=3183968381918597
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\6BZ8Z2LJ\.cmobveriz_l;btg=ns.cmobblack_m;btg=ns.cmobsprin_l;btg=ns.cmobandroa_m;btg=an.115;btg=ex.11;btg=ti.12;btg=ti.173;btg=ti.214;btg=vt.ep;btg=bk[1].hh;ord=3183968381918597
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\IFJJXR4J\.cmobveriz_l;btg=ns.cmobblack_m;btg=ns.cmobsprin_l;btg=ns.cmobandroa_m;btg=an.115;btg=ex.11;btg=ti.12;btg=ti.173;btg=ti.214;btg=vt.ep;btg=bk[1].hh;ord=3183968381918597
Hidden:file D:\Documents and Settings\anon\gotomypc_626.exe
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UJVQ2V78\.6;btg=bk.dgt;btg=bk.li;btg=mm.ag1;btg=mm.ah1;btg=mm.ai1;btg=mm.aj1;btg=mm.an5;btg=mm.ao1;btg=mm.ap1;btg=mm.as1;btg=mm.at1;btg=mm.da1;btg=mm[1].db3;ord=168293900333557
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\4LW60ZRX\.10-ns.mosmphon_m-ns.moosappl_l;;ppos=BTF;kw=;tile=3;sz=120x600,160x600;net=ns;cmw=owl;contx=ads;an=10;dc=d;btg=ns.mosmphon_m;btg=ns[1].moosappl_l;ord=7794532125628466
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\812BB9O0\.ign.com$252F&name=ATAtracker&subdomain=www.ign.com&pagetype=channel&pagetype=channel&server=media-cms-prd-textinj-02.las1.colo.ignops[1].com&src=wrapper®insider=a&
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\WCSV79XA\.s.;sz=101x1;path=2011;path=04;path=12;path=aircraft-crash-two-planes-collide-on-tarmac-at-jfk-airport;dcove=d;pgurl=1;rhost=news.google[1].com;tile=2;ord=936248710816
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\OEBRS6TO\.ag1;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm.ar1;btg=mm.as1;btg=mm.at1;btg=cm.music_l;btg=cm.fam_l;btg=cm.fash_l;btg=cm[1].educat_m;ord=387565471
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\NEB5U646\.a;btg=vt.gg;btg=vt.w;btg=vt.e;btg=vt.fg;btg=cm.ent_l;btg=cm.music_l;btg=cm.fin_l;btg=cm.shop_l;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm[1].ae5;ord=995676153
Hidden:file D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UV8F4T67\le;platform=tba;genre=action;genre=scifi;genre=shooter;game_id=15599;!category=expand;;!category=movies;!category=expand;!category=pop;ord=24440261490283[1]
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\XGQLK6KX\.6;btg=bk.dgt;btg=bk.li;btg=mm.ag1;btg=mm.ah1;btg=mm.ai1;btg=mm.aj1;btg=mm.an5;btg=mm.ao1;btg=mm.ap1;btg=mm.as1;btg=mm.at1;btg=mm.da1;btg=mm[1].db3;ord=463200899457198
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\P6WWY0G0\.6;btg=bk.dgt;btg=bk.li;btg=mm.ag1;btg=mm.ah1;btg=mm.ai1;btg=mm.aj1;btg=mm.an5;btg=mm.ao1;btg=mm.ap1;btg=mm.as1;btg=mm.at1;btg=mm.da1;btg=mm[1].db3;ord=463200899457198
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\XLM4P7HO\.fr;btg=vt.dc;btg=vt.db;btg=vt.dz;btg=vt.ad;btg=vt.by;btg=vt.ax;btg=vt.aj;btg=vt.g;btg=vt.cm;btg=vt.eh;btg=vt.cn;btg=vt.al;btg=vt.cp;btg=vt.cq;btg=vt[1].di;ord=7222767
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\RD9EK5RQ\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3658621
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UR7AIAHM\.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm.ar1;btg=mm[1].at1;ord=52243468653137
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\DXSP1ZBZ\.askmen.com&hosted_id=7700&pagetype=stitial&PageId=1309474108627&random=1309474108627&country2=us&server=linapp43.in.snowball[1].com&property=askmen&tile=1309474111638
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UR7AIAHM\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=9359813528337068
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\UR7AIAHM\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[2].ap1;ord=9359813528337068
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\2EQD63CQ\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=9359813528337068
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\26H9LNOH\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3672012
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\I8RD4M6T\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3671902
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\RD9EK5RQ\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3687027
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\I8RD4M6T\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3686965
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\DQCMTTMF\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3693949
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\26H9LNOH\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3694027
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\RD9EK5RQ\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3712871
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\DQCMTTMF\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=3712996
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2375345775
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\Desktop.ini
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\L\akygdmgo
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\cfg.ini
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\00000001.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\00000002.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\00000004.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\80000000.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\80000004.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\U\80000032.@
Hidden:file D:\WINDOWS\$NtUninstallKB37324$\2181698502\keywords
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\2NUYHBIU\.30;;ppos=ATF;kw=at_t,verizon,sprint,t-mobile,u.s[1]._cellular;tile=4;cmw=owl;sz=120x600,160x600;net=ns;ord1=778966;contx=mosmphon;an=30;dc=w;btg=;ord=2846887853921673
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\812QOO37\.214;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=vt.gi;btg=mm.ab1;btg=mm.ac5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm.ap1;btg=mm[1].as1;ord=6283724
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\GIZBGTVR\.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk[1].na;ord=9389257282551828
Hidden:file D:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\DDTN08QF\.yahoo.com_@2Fblogs_@2Fdaily-ticker_@2Fanother-corporate-outrage-golden-parachutes-failed-ceos-153646807[1].html_@3Fsec%3DtopStories_@26pos%3D3_@26asset%3D_@26ccode%3D
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\JB8O62I2\.yahoo.com_@2Fblogs_@2Fdaily-ticker_@2Fanother-corporate-outrage-golden-parachutes-failed-ceos-153646807[1].html_@3Fsec%3DtopStories_@26pos%3D3_@26asset%3D_@26ccode%3D
Hidden:file D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
Hidden:file D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
Hidden:file D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\6WYIAR3N\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=2978511273340177
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\O8L24918\.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.hl;btg=mm[1].au5;ord=8048957396430427
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\5JDXSWKJ\.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk[1].na;ord=6814095918012399
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\GIMAHAL5\.39;btg=ex.93;btg=ex.40;btg=ex.6;btg=ex.23;btg=ti.214;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=bk.cm;btg=bk.iv;btg=bk.kj;btg=bk[1].na;ord=2358371070125710
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\MX7K87JA\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=bk.khv;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm[1].ao1;ord=5886171301181424
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\MX7K87JA\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=bk.khv;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm[1].ao1;ord=1679538290541942
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\1VAVJA0L\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=bk.khv;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm[1].ao1;ord=3578700242939377
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AU0T395M\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=9180892820239990
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\KGPP0GZ4\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=9180892820239990
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AU0T395M\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=6751173797742320
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SA1R601V\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=6751173797742320
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\DG0IBEIT\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=6751173797742320
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\AU0T395M\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=5479952200207676
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SBJ5UH0E\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[2].ap1;ord=5479952200207676
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SBJ5UH0E\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=5479952200207676
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\SBJ5UH0E\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[3].ap1;ord=5479952200207676
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\98JJ10FW\.iv;btg=bk.kj;btg=bk.na;btg=bk.it;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm.ao1;btg=mm[1].ap1;ord=2002128992432775
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\1YDQHD5Z\.75;btg=dx.bj;btg=dx.cj;btg=dx.17;btg=dx.18;btg=dx.35;btg=ex.49;btg=ex.40;btg=ex.6;btg=vt.ap;btg=vt.ae;btg=vt.fi;btg=vt.fn;btg=vt.dc;btg=mm[1].au5;ord=3009961885001004
Hidden:file D:\Documents and Settings\anon\Local Settings\Temporary Internet Files\Content.IE5\8KW52EVX\.ar;btg=qc.as;btg=qc.at;btg=qc.au;btg=qc.av;btg=qc.aw;btg=mm.aa1;btg=mm.ab1;btg=mm.ac1;btg=mm.ad1;btg=mm.ae5;btg=mm.ai1;btg=mm.am5;btg=mm.an1;btg=mm[1].ao1;ord=2567716
Info:Starting disk scan of E: (FAT).
Info:Starting disk scan of F: (FAT).
Stopped logging on 12/18/2011 at 14:25:01 PM
| |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to Zoder
Thanks. Nothing in the Sophos log warrants further attention.
Unless you have issues still outstanding, we can start cleanup. | |
Zoder
join:2002-04-16
Miami, FL
1 edit | The only issue is that norton keeps reporting intrusion attempts every few minutes that it calls tidserv activity 2 and blocking access to files trying to override NIS.
I also appear to be having some occasional browser redirection
Last one of each type:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
12/18/2011 2:51 PM,High,An intrustion attempt by vbiztvg417vattmh-b2x.com requiring manual removal detected.,Detected,Removal Instructions,System Infected: Tidserv Activity 2,Removal Instructions,Removal Instructions,"vbiztvg417vattmh-b2x.com (77.91.231.166, 443)","anon (my ip address, 2398)",77.91.231.166 (77.91.231.166),"TCP, https"
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
12/18/2011 2:49 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Sunday, December 18, 2011 2:49 PM",D:\WINDOWS\SYSTEM32\CTFMON.EXE,2456,D:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe,396,Send Terminate Message to Window,Unauthorized access blocked
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
12/18/2011 12:00 PM,Medium,Unauthorized access blocked (Duplicate Object),Blocked,No Action Required,"Sunday, December 18, 2011 12:00 PM",D:\WINDOWS\SYSTEM32\SERVICES.EXE,768,D:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe,396,Duplicate Object,Unauthorized access blocked | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to Zoder
Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
Zoder
join:2002-04-16
Miami, FL | ComboFix is finished but the computer won't connect to the internet, even after reboot. It's shows that it's connected to my wireless router but Status shows no IP address. All the fields are blank. | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to Zoder
Shutdown the computer, wait a few minutes, then power back up. Post and let me know internet status.
Also, can you copy the Combofix log off to another computer and post it in this thread.
It should be at C:\combofix.txt | |
Zoder
join:2002-04-16
Miami, FL
2 edits | Still no internet.
ComboFix 11-12-18.01 - anon 12/18/2011 18:31:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.403 [GMT -5:00]
Running from: d:\documents and settings\anon\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\DirectCDUserName.txt
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\anon\Application Data\PriceGong
d:\documents and settings\anon\Application Data\PriceGong\Data\1.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\a.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\b.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\c.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\d.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\e.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\f.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\g.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\h.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\i.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\J.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\k.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\l.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\m.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\mru.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\n.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\o.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\p.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\q.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\r.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\s.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\t.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\u.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\v.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\w.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\x.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\y.xml
d:\documents and settings\anon\Application Data\PriceGong\Data\z.xml
d:\documents and settings\anon\Local Settings\Temporary Internet Files\pse_350_enu.exe
d:\documents and settings\anon\WINDOWS
d:\windows\$NtUninstallKB37324$\2181698502\@
d:\windows\$NtUninstallKB37324$\2181698502\bckfg.tmp
d:\windows\$NtUninstallKB37324$\2181698502\cfg.ini
d:\windows\$NtUninstallKB37324$\2181698502\Desktop.ini
d:\windows\$NtUninstallKB37324$\2181698502\keywords
d:\windows\$NtUninstallKB37324$\2181698502\kwrd.dll
d:\windows\$NtUninstallKB37324$\2181698502\L\akygdmgo
d:\windows\$NtUninstallKB37324$\2181698502\lsflt7.ver
d:\windows\$NtUninstallKB37324$\2181698502\U\00000001.@
d:\windows\$NtUninstallKB37324$\2181698502\U\00000002.@
d:\windows\$NtUninstallKB37324$\2181698502\U\00000004.@
d:\windows\$NtUninstallKB37324$\2181698502\U\80000000.@
d:\windows\$NtUninstallKB37324$\2181698502\U\80000004.@
d:\windows\$NtUninstallKB37324$\2181698502\U\80000032.@
d:\windows\$NtUninstallKB37324$\2375345775
d:\windows\tsoc.log
d:\windows\$NtUninstallKB37324$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 18:22 . 2011-12-18 18:22 -------- d-----w- d:\program files\Sophos
2011-12-18 08:13 . 2011-12-18 08:13 -------- d-----w- d:\program files\ESET
2011-12-18 06:27 . 2011-12-18 06:27 -------- d-----w- d:\documents and settings\anon\Application Data\Malwarebytes
2011-12-18 06:27 . 2011-12-18 06:27 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-18 06:27 . 2011-12-18 06:27 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-18 06:27 . 2011-08-31 22:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-18 05:48 . 2011-12-18 22:34 -------- d-----w- d:\documents and settings\anon\Local Settings\Application Data\NPE
2011-12-18 04:54 . 2011-12-18 05:05 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\NPE
2011-12-18 04:13 . 2011-12-18 04:13 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-06-07 18:19 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-10-03 22:15 . 2011-10-03 22:15 1393736 ----a-w- d:\documents and settings\anon\gotomypc_626.exe
2011-09-28 07:06 . 2002-09-23 20:10 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2001-08-23 12:00 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2001-08-23 12:00 20480 ----a-w- d:\windows\system32\oleaccrc.dll
2011-09-23 23:52 . 2011-05-12 23:45 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . d:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\atapi.sys
.
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . d:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\system32\dllcache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\system32\drivers\beep.sys
.
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . d:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . d:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . d:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . d:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . d:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2001-08-23 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ315403$\ntfs.sys
.
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . d:\windows\system32\dllcache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . d:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . d:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . d:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . d:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . d:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . d:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . d:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . d:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . d:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . d:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . d:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . d:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . d:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . d:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . d:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 09:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . d:\windows\system32\comres.dll
[7] 2004-08-04 07:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . d:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . d:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . d:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . d:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . d:\windows\$NtServicePackUninstall$\qmgr.dll
[7] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . d:\windows\$NtUninstallKB842773$\qmgr.dll
[-] 2001-08-23 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . d:\windows\$NtUninstallQ314862$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . d:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . d:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . d:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . d:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . d:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . d:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . d:\windows\$NtUninstallKB828741$\rpcss.dll
[7] 2002-08-29 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . d:\windows\$NtUninstallKB824146$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . d:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . d:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . d:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . d:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . d:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . d:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . d:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . d:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . d:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . d:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . d:\windows\$NtServicePackUninstall$\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . d:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . d:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . d:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . d:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-04-16 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll
[7] 2002-08-29 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . d:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\cryptsvc.dll
[7] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . d:\windows\$NtUninstallKB826939$\cryptsvc.dll
.
[7] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . d:\windows\$NtServicePackUninstall$\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . d:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . d:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . d:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . d:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . d:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 09:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . d:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 09:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . d:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . d:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . d:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . d:\windows\$NtUninstallKB902400$\es.dll
[7] 2002-08-29 10:40 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . d:\windows\$NtUninstallKB828741$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . d:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . d:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . d:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . d:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . d:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . d:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . d:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . d:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . d:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . d:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . d:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . d:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . d:\windows\system32\mshtml.dll
[7] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . d:\windows\system32\dllcache\mshtml.dll
[7] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . d:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . d:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . d:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[7] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . d:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[7] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . d:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[7] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . d:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[7] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . d:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[7] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . d:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[7] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . d:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[7] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . d:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[7] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . d:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[7] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . d:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[7] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . d:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[7] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[7] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . d:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . d:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . d:\windows\ie8\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . d:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . D1CF72C34BAF70C52797D1CB78D6EE92 . 3070976 . . [6.00.2900.5897] . . d:\windows\$NtUninstallKB978207$\mshtml.dll
[7] 2009-10-29 . DA551BFEC150760A38A9AD0C95A8A71C . 3073024 . . [6.00.2900.5897] . . d:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . d:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . d:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . d:\windows\system32\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . d:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . d:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2002-08-29 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . d:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
[7] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . d:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . d:\windows\$NtServicePackUninstall$\mswsock.dll
[7] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . d:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . d:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . d:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . d:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . d:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . d:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . d:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . d:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . d:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . d:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . d:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . d:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . d:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . d:\windows\$NtUninstallKB824141$\user32.dll
[7] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . d:\windows\$NtUninstallQ328310$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . d:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . d:\windows\system32\wininet.dll
[7] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . d:\windows\system32\dllcache\wininet.dll
[7] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . d:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . d:\windows\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . d:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . d:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . d:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . d:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . d:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . d:\windows\ie8updates\KB2497640-IE8\wininet.dll
[7] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . d:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . d:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . d:\windows\ie8updates\KB2482017-IE8\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . d:\windows\ie8updates\KB2416400-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . d:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . d:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . d:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . d:\windows\ie8\wininet.dll
[7] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . d:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 3839BD07F2C693EFE995F96BAAB7F4BF . 667136 . . [6.00.2900.5897] . . d:\windows\$NtUninstallKB978207$\wininet.dll
[7] 2009-10-29 . 6AC4AA42CC9AAEFAB1D5E4E2AF2E3D2B . 668672 . . [6.00.2900.5897] . . d:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . d:\windows\$NtUninstallKB976325$\wininet.dll
[7] 2009-09-25 . 406D33F9B30FFC0EEFC7C55562839931 . 668672 . . [6.00.2900.5880] . . d:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[7] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . d:\windows\$NtUninstallKB974455$\wininet.dll
[7] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . d:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[7] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . d:\windows\$NtUninstallKB972260$\wininet.dll
[7] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . d:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . d:\windows\$NtUninstallKB969897$\wininet.dll
[7] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . d:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . d:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . d:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . d:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . d:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . d:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 . 9EEA04BC4C3FA521D256D89940FAB4DB . 659456 . . [6.00.2900.3395] . . d:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . d:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . d:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . d:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-04-21 . 1EFB8A3EA8454AEC1BB8A240A2845598 . 659456 . . [6.00.2900.3354] . . d:\windows\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . d:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . d:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . d:\windows\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . d:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . d:\windows\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-02-16 . 0C690E77C0E924C45B4D7045B182FFF1 . 659456 . . [6.00.2900.3314] . . d:\windows\$NtUninstallKB950759_0$\wininet.dll
[-] 2007-01-04 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . d:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-01-04 . 8C393DF5234CBCBFF1EE31902D6B40AE . 658944 . . [6.00.2900.3059] . . d:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . d:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . d:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . d:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . d:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . d:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . d:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . d:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . d:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . d:\windows\$NtUninstallKB834707$\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . d:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . d:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . d:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . d:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . d:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . d:\windows\system32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . d:\windows\system32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . d:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . d:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . d:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . d:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . d:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB873333$\ole32.dll
[-] 2003-08-25 . FFAAAB74B30B2E22738E0D54E9F2B048 . 1172992 . . [5.1.2600.1263] . . d:\windows\$NtUninstallKB828741$\ole32.dll
[7] 2002-08-29 . CB598C117C6AB02584BB3B3452A04F11 . 1169920 . . [5.1.2600.1106] . . d:\windows\$NtUninstallKB824146$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . d:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . d:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . d:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . d:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . d:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . d:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . d:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . d:\windows\system32\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . d:\windows\$NtServicePackUninstall$\ksuser.dll
[7] 2002-12-12 05:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . d:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
[-] 2001-08-18 . E486A5A8D51CEFF00404DC5AFF0A8330 . 4096 . . [5.1.2600.0] . . d:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . d:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . d:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . d:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . d:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . d:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . d:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . d:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . d:\windows\system32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\eventlog.dll
. | |
Zoder
join:2002-04-16
Miami, FL | [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-23 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ309521$\sfcfiles.dll
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . d:\windows\system32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . d:\windows\system32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\schedsvc.dll
[7] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . d:\windows\$NtUninstallKB841873$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . d:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2001-08-23 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ315000$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . d:\windows\system32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2001-08-23 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ311889$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . d:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . d:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . d:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . d:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . d:\windows\$NtUninstallKB900485$\aec.sys
[-] 2001-07-23 . B45A744CA0A15A59D8B0307CE9741E92 . 122472 . . [5.1.2520.0] . . d:\windows\$NtUninstallQ310507$\aec.sys
.
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . d:\windows\system32\drivers\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . d:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS
.
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . d:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . d:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . d:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . d:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 09:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . d:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 09:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . d:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . d:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . d:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . d:\windows\system32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2001-08-23 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . d:\windows\$NtUninstallKB828035$\msgsvc.dll
.
[7] 2008-04-14 09:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . d:\windows\system32\mspmsnsv.dll
[7] 2008-04-14 09:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . d:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . d:\windows\$NtServicePackUninstall$\mspmsnsv.dll
[7] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . d:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . d:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . d:\windows\system32\ntkrnlpa.exe
[7] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . d:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . d:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . d:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . d:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . d:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2002-08-29 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . d:\windows\$NtUninstallQ811493$\ntkrnlpa.exe
[-] 2001-08-23 . 46E2E3DCF54B819CFB2EBFE48A22B5C9 . 1896704 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ317277$\ntkrnlpa.exe
.
[7] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . d:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 09:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . d:\windows\system32\ntmssvc.dll
[7] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . d:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . d:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . d:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . d:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB931261$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . d:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . d:\windows\system32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . d:\windows\$NtServicePackUninstall$\dsound.dll
[7] 2002-12-12 05:14 . BEABCD2DA4FD90B44600E21F37A59FBC . 336384 . . [5.3.0000000.900 built by: DIRECTX] . . d:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . d:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . d:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . d:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . d:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . d:\windows\system32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . d:\windows\$NtServicePackUninstall$\ddraw.dll
[7] 2002-12-12 05:14 . DD7437D215B2ACE3C84226BE5457634A . 257536 . . [5.3.0000000.900 built by: DIRECTX] . . d:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[7] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 09:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . d:\windows\system32\olepro32.dll
[7] 2004-08-04 07:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . d:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . d:\windows\system32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . d:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . d:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . d:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . d:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . d:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . d:\windows\system32\ntoskrnl.exe
[7] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . d:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . d:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . d:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . d:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . d:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . d:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . d:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . d:\windows\$NtUninstallQ811493$\ntoskrnl.exe
[-] 2001-08-23 . A29222D5281056E497408FCC9062F749 . 1982208 . . [5.1.2600.0] . . d:\windows\$NtUninstallQ317277$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . d:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . d:\windows\system32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . d:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . d:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . d:\windows\$NtServicePackUninstall$\wiaservc.dll
[7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . d:\windows\system32\midimap.dll
[7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . d:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . d:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . d:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . d:\windows\$NtServicePackUninstall$\rasadhlp.dll
[7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . d:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ANIWZCS2Service"="d:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link RangeBooster G WDA-2320"="d:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"AdaptecDirectCD"="d:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-04-27 684032]
"AudioHQ"="d:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"d:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1206000.01D\symds.sys [5/2/2011 5:51 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1206000.01D\symefa.sys [5/2/2011 5:51 PM 744568]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [12/14/2011 6:47 PM 819320]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1206000.01D\ironx86.sys [5/2/2011 5:51 PM 136312]
R2 NIS;Norton Internet Security;d:\program files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 5:51 PM 130008]
R2 PackethSvc;Virtual NIC Service;d:\windows\system32\PackethSvc.exe [1/10/2002 1:11 AM 64512]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);d:\windows\system32\drivers\A3AB.sys [10/15/2006 10:58 PM 547744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/12/2011 8:30 PM 106104]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111216.001\IDSXpx86.sys [12/16/2011 6:26 PM 356280]
R3 JSWSCIMD;jswscimd Service;d:\windows\system32\drivers\jswscimd.sys [10/3/2008 12:13 AM 57376]
S3 iscFlash;iscFlash;\??\d:\windows\SYSTEM32\DRIVERS\iscflash.sys --> d:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;d:\program files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [10/3/2008 12:13 AM 352338]
S3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\6.tmp --> d:\windows\system32\6.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;d:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 7:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2011-12-18 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"d:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"d:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\d:\windows\system32\6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\05\0d\16\1b3?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3420)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\devldr32.exe
d:\windows\system32\SK9910DM.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\System32\nvsvc32.exe
d:\windows\wanmpsvc.exe
d:\windows\system32\wscntfy.exe
d:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
d:\program files\HP\Digital Imaging\bin\hpqbam08.exe
d:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-12-18 19:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 00:00
.
Pre-Run: 1,412,923,392 bytes free
Post-Run: 2,412,027,904 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\="Microsoft Windows"
.
- - End Of File - - FD78B5E7E7F4188819C0874B7704082D | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to Zoder
Nothing Combofix deleted would have broken communication. I am beginning to wonder if there is an issue with Norton.
Use the tray icon and disable the Norton firewall. Can you get to the internet? | |
| No luck. I haven't tried safemode with networking to see if it works there. Should I? Should I remove NIS completely with the norton removal tool? | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to Zoder
Go ahead and remove Norton entirely. Reboot and see if you can get online. Make sure you download the installer, before yo remove Norton so you an re-install.
Don't spend any amount of time online without Norton installed. Just long enough to test the communication. | |
Zoder
join:2002-04-16
Miami, FL | okay. I'm going to download the NIS 2012 installer. | |
Zoder
join:2002-04-16
Miami, FL | The removal tool is running now. Here is a screenshot I've what the status screen is showing for the network adapter. I've even tried hard coding in the IP address earlier but it had no effect. | |
Zoder
join:2002-04-16
Miami, FL | Didn't work. If I run ipconfig, I get a message that says unable to query host name. I typed that error message into google and got this page »www.technofyed.com/showthread.php?tid=424.
It talks about IPSEC.sys being the problem. I checked and Windows shows that the service is not started and gives an error message when I try to start it. I remember that ESET reported a problem with the file when I ran the initial scans.
D:\WINDOWS\system32\drivers\ipsec.sys a variant of Win32/Rootkit.Kryptik.GG trojan (unable to clean) 00000000000000000000000000000000 I
Could that be the issue after we ran combofix? | |
|
