Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2

This is a discussion on Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Everybody, I have this issue with my computer: Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2 have been detected by Antivir and, though


 
 
Thread Tools Search this Thread
Old 02-28-2012, 07:18 AM   #1
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Everybody,

I have this issue with my computer:
Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2 have been detected by Antivir and, though removed, reappear at the PC reboot. Avira RealTime Protection keeps sending alerts, detecting unspecified viruses with access denied. Several of the directories in which viruses are located, signalled by RealTime are:
- C:\System32\alcaudsl.dll
- C:\System32\pdlnafac.dll
- C:\System32\tgsrvc_smartagent.dll
- C:\System32\WmXICORE.dll

Spybot found and repaired this issue: W3i.IQ5.fraud. This never reappeared.

At present I have problems with internet browser (both explorer and firefox), and I am using another PC: the browser cannot connect to the page requested (any one).

I have followed the posting instructions and attach:
- DDS (herewith)
- attach and ark.txt

Thanks in advance for any help.

giuseppe

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by admin at 20:52:30 on 2012-02-27
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2221 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia Suite\NokiaSuite.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.corriere.it/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\programmi\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\programmi\wot\WOT.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UniblueRegistryBooster] "c:\programmi\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] c:\programmi\nokia\nokia suite\NokiaSuite.exe -tray
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APSDaemon] "c:\programmi\file comuni\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\programmi\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\programmi\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\programmi\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\adobea~2.lnk - c:\programmi\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\documents and settings\all users\menu avvio\programmi\esecuzione automatica\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\menu avvio\programmi\esecuzione automatica\HP Digital Imaging Monitor.lnk.disabled
IE: Append to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: cedacri.it
Trusted Zone: teleborsa.it\cedacri
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207437563062
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{E11839C0-049B-4A3B-8C65-6AF9A60BA2FA} : DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\programmi\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programmi\file comuni\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\dati applicazioni\mozilla\firefox\profiles\3iuyc5x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\programmi\nokia\nokia suite\connectors\bookmarks connector\firefoxextension_3.6\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\admin\dati applicazioni\mozilla\firefox\profiles\3iuyc5x5.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\dati applicazioni\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Java Quick Starter: [email protected] - c:\programmi\java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: [email protected] - c:\programmi\nokia\nokia suite\connectors\bookmarks connector\FirefoxExtension_3.6
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-21 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\avira\antivir desktop\sched.exe [2011-10-21 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmi\avira\antivir desktop\avguard.exe [2011-10-21 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-21 74640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-4-5 38656]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64512]
S2 avgems;STEC3;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 avgio;Netsvc;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CTMFLT;SndTDriverV32;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 CTMMOUNT;Pserve;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 ikhlayer;Sscdserd;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 iksysflt;SE2Emgmt;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 mcshield;Bdfsdrv;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 mfeavfk;Enecbpth;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 mks_scan;Hpqcxs08;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 mksupdateint;Scsiaccess;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 nod32krn;Pshost;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 pavdrv;Sentinelprotectionserver;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 pctavsvc;SaiH040B;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 RalinkRegistryWriter;EpmPsd;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 regdefend;Roxwatch;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 snoopfreesvc;S125bus;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 starwindservice;Vvdsvc;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 symantecantibotfilter;LHidKe;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S2 webrootadminconsole;Revudfservice;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-10-3 16512]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-2-11 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-2-11 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-27 16:34:44 -------- d-----w- c:\programmi\Lavasoft
2012-02-27 11:35:15 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-27 11:32:58 -------- d-sh--w- c:\documents and settings\admin\impostazioni locali\dati applicazioni\963c7253
2012-02-11 14:01:47 -------- d-----w- c:\documents and settings\admin\impostazioni locali\dati applicazioni\NokiaAccount
2012-02-11 13:56:30 -------- d-----w- c:\documents and settings\admin\impostazioni locali\dati applicazioni\Nokia
2012-02-11 13:55:35 -------- d-----w- c:\programmi\file comuni\Nokia
2012-02-11 13:55:35 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Nokia
2012-02-11 13:54:54 -------- d-----w- c:\programmi\PC Connectivity Solution
2012-02-11 13:54:37 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-11 13:54:37 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-11 13:54:36 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-11 13:54:35 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-11 13:54:34 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-11 13:54:33 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2012-02-11 13:54:33 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-11 13:54:33 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-02-11 13:54:33 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2012-02-11 13:52:55 -------- d-----w- c:\documents and settings\all users\dati applicazioni\NokiaInstallerCache
.
==================== Find3M ====================
.
2012-02-19 21:16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 06:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20.52.48,43 ===============
Attached Files
File Type: zip attach.zip (6.6 KB, 102 views)
beppe1968 is offline  
Sponsored Links
Advertisement
 
Old 02-29-2012, 02:05 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-02-2012, 03:26 PM   #3
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
thanks for answering and sorry for my delay: the reason is that I can't connect to the Web from the infected PC. After enquiring, It looks now as the network interface card is not working.
I tried to download combofix to my laptop computer and then transfer it to the desktop of the infected pc by a usb pen drive but the program do not start (the icon open and then closes immediately).
I am going to change the network interface card on monday.
Sorry Chemist: please tell me if you can wait for me or what should I do.
Please also note I tried to follow the subscription procedure to this post but within the thread tools there only is the option "unsubscribe from this thread".
Many thanks.
Giuseppe
beppe1968 is offline  
Sponsored Links
Advertisement
 
Old 03-02-2012, 09:20 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, Giuseppe. Try double-clicking ComboFix in Safe Mode with Networking:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------

Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-04-2012, 08:51 AM   #5
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
I followed your instructions, but also by restarting the system in safe mode combofix does not run: it starts but closes almost immediately.
Sorry
Giuseppe
beppe1968 is offline  
Old 03-04-2012, 09:05 AM   #6
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



(adding to previous post)

Hi Chemist,
I followed your instructions, but also by restarting the system in safe mode combofix does not run: it starts but closes almost immediately.
Sorry

Please note that I have these antivirus loaded on my pc:
- Avira (updatet 02.27th)
- MalwareBytes
- Ad-Aware (updated 02.27th)
- Spybot (updated 02.27th)
- Spywareblaster
- CCcleaner (updated 02.27th)
Having no internet connection I can't update them, but are they of any use in safe mode?
beppe1968 is offline  
Old 03-04-2012, 11:18 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe. Only Avira and Ad-Watch are antivirus programs. And, you should only have one installed and running.

Please choose one to keep and uninstall the other.

------------------------------------------------------

Press the Windows "logo" key and "R" key then type the following single-line command into the Run box and click OK(note the space):

"%userprofile%\desktop\combofix.exe" /nombr

Let me know if ComboFix runs now.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-04-2012, 02:51 PM   #8
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
nothing again: combofix runs but shuts down abruptly after a couple of seconds
(I tried the procedure both in normal and in safe mode)
beppe1968 is offline  
Old 03-04-2012, 05:20 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Delete ComboFix from your desktop.

Download this renamed version of ComboFix:

https://download.bleepingcomputer.com/sUBs/Iexplore.exe

Double-click it to run it. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-05-2012, 01:41 AM   #10
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
well done: this worked!
I post the log.
Please note I desabled Avira while combofix was running (after his request)


ComboFix 12-03-04.02 - admin 05/03/2012 9.45.57.6.4 - x86
Eseguito da: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Dati applicazioni\HPSU_48BitScanUpdate.log
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\windows\$NtUninstallKB7056$
c:\windows\$NtUninstallKB7056$\2320702663
c:\windows\$NtUninstallKB7056$\2520543827\@
c:\windows\$NtUninstallKB7056$\2520543827\L\snxzivvt
c:\windows\$NtUninstallKB7056$\2520543827\loader.tlb
c:\windows\$NtUninstallKB7056$\2520543827\U\@00000001
c:\windows\$NtUninstallKB7056$\2520543827\U\@000000c0
c:\windows\$NtUninstallKB7056$\2520543827\U\@000000cb
c:\windows\$NtUninstallKB7056$\2520543827\U\@000000cf
c:\windows\$NtUninstallKB7056$\2520543827\U\@80000000
c:\windows\$NtUninstallKB7056$\2520543827\U\@800000c0
c:\windows\$NtUninstallKB7056$\2520543827\U\@800000cb
c:\windows\$NtUninstallKB7056$\2520543827\U\@800000cf
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\SET53.tmp
c:\windows\system32\SET5F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-05 al 2012-03-05 )))))))))))))))))))))))))))))))))))
.
.
2012-03-04 16:36 . 2012-03-05 00:36 -------- d-----w- c:\documents and settings\Administrator.BOCCI-B430185CD
2012-02-28 14:47 . 2012-02-27 16:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-27 16:34 . 2012-02-27 16:34 -------- d-----w- c:\programmi\Lavasoft
2012-02-27 11:32 . 2012-02-28 14:47 -------- d-sh--w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\963c7253
2012-02-11 13:56 . 2012-02-11 14:01 -------- d-----w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\Nokia
2012-02-11 13:55 . 2012-02-11 13:55 -------- d-----w- c:\programmi\File comuni\Nokia
2012-02-11 13:55 . 2012-02-11 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2012-02-11 13:54 . 2012-02-11 13:54 -------- d-----w- c:\programmi\PC Connectivity Solution
2012-02-11 13:54 . 2011-11-01 09:07 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-11 13:54 . 2011-11-01 09:07 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-11 13:54 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-11 13:54 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-11 13:54 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-11 13:54 . 2011-11-01 09:07 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-02-11 13:54 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-11 13:54 . 2011-11-01 09:07 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2012-02-11 13:54 . 2011-11-01 09:07 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 21:16 . 2011-06-06 07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 18:18 . 2011-10-21 20:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-23 06:12 . 2009-02-07 01:11 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-10 14:24 . 2011-11-26 23:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2007-10-29 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys
[-] 2007-10-29 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2007-10-29 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2007-10-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2007-10-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2007-10-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2007-10-29 . E883AE6EA0B313E659225AA32E449CE9 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2007-10-29 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-10-29 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2007-10-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2007-10-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2007-10-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2007-10-29 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2007-10-29 . 72FBF0322BE8A0F25AE722FDE36AB1E6 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2007-10-29 . 0815E8DA286775FA432C7C9EE5E10BA1 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2007-10-29 . 4AD6F202266A25BC0CC1DCE2A3D91563 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 . 1231D4353698E19495DC8A929B8B74EB . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 1A794D21BC51EEA1F908505E918FCC4E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
.
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2007-10-29 12:00 . B979BBBA74F4F5DB69C3A5DFDC52828C . 845824 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2007-10-29 . 04E8321935AD5643FF59901F3EF5F4F3 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . F2E200F9B250885AAD3FFB6331A18CCC . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . BD0E7E3F65B0AFDC1CBDEF402CCAF6EC . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2007-10-29 . 0C015AB735A4624C44CB5696E9208C4C . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-07-26 . CC41F9D29EDD55037A4C26E70C175528 . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . F683B6ED87C7DCE1FB51A7D113DE0346 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 1A2A2A1AB10CF25ABF99CC79909C2DB5 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . A5BC1A3B9F42ED4AB65804CEC4A7F69C . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
.
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . AA6602EA22899E57D4661DDA87C3EE21 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . BCF1770A35BDA3BD13A9E2054F15F37E . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2007-10-29 . E77F6FA2A15390F1727F4C1C55B69DA6 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2007-10-29 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2007-10-29 12:00 . 20BAE2D3C95E8E68BBB32D598420F4FA . 509440 . . [5.1.2600.3160 built by: xpsp_sp2_qfe(pavang)] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2007-10-29 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\4693278\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2007-10-29 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2007-10-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2007-10-29 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 837B282813808C17E9C94E56300AA29E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2007-10-29 . E0CC838265401128097D182FB583889A . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:31 . A0BACAB8AC1749987550D5C7F6E8D323 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:17 . F50ACDBA24EBBE21F8C0671367F36291 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:13 . FF8566499E5A781DA69342D3D76FF246 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2007-10-29 12:00 . 16A4DE76313DD3ABF7635565BAAF1512 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2005-07-26 04:40 . 659C04BB6086E480966FFD0D44F1CC4D . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:27 . 4CC4C2B7CCB5FCAEF5B73A26AB914B0D . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2007-10-29 . CA38A6091ECAC2668EC99AFD4B6C0615 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . C71A4010BBA2B2998FDF28130E8A0173 . 1030144 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 98993B11907E932A7ED121AAEEC2F3E0 . 1033216 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-10-29 . FEB3CC200749FF119BB8B08224A1A594 . 1027584 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 . 6D9421A648F26B8640C63D0F8F2B7D48 . 1030144 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . EB1428078E1D10FDEC060857AA526A9F . 1028608 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
.
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2007-10-29 . AED27A44228C3B2D24406A2755133922 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 . 78BE48208966D99840C6F3DC76619C6E . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . B737A3DA2C0A605CE2C7E118C59F38C7 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2007-10-29 . 54260506F6A2589DCF5722E32BDC7CB6 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2011-11-04 . EB7E064DD88FA4F9DA6B2B76F624ADD4 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\mshtml.dll
[-] 2011-11-04 . EB7E064DD88FA4F9DA6B2B76F624ADD4 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-11-04 . E431160D9EBBE0DC3EAD35627B972352 . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . F0FDED4B8E077DF1160DE0CB6EF92D7B . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2011-10-03 . 2DE1BFE4FD2EE9B117B059A1EE464EC9 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . 1A8649F2BCD575AE0D462E933CD74024 . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2011-07-25 . D3013B21AF40E59D5587BE8C8F323CE9 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . 0C91400EDF1C7BF1B9095EB7D005060A . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . 639DF85E298EC8DD0F41D4928197A1D7 . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . EE2BAEA8398F22C189FEA265DCD3406C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 4E44B6487F67D2E649767097A2C176D1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2010-12-20 . 56A765688E464290255ADC5E31016BC7 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 72E5D4895E301F19CBC72A7CBE9CE22B . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . A31163076E0D5AED751B3253FA62FC44 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . B33D831E06B389528B0A97466DA59449 . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . A042F8C1299295D09424E858DFBE4808 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 1332791F84379AA928AD7C9BC41C1FEF . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . 3E0358C6C60B7D136743000790A28335 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 3152E3D40DFDDCD584D4A1B2D43A43FF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 75EC978702E3F76FD42F3BE0F2CB3F02 . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 111E92E71316073204785FA8261D1057 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . 7527782E1A07BCA7C58E3F3CF39A6E76 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . 84068701B8A68CE44B329C24448337F0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-22 . 97DA2BA7C17D5D6404A92375CCD485C9 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . 83E7AF0C577D813124C4AE6D188C8D58 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 68EFBA5BAE7E5A36ABCC8386E8593FC9 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . BB2407CD8BAF3C0B0DFCB293492D4233 . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . DB2E2E87EDF8DCDC6B0B76244B2B97D1 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie8\mshtml.dll
[-] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . C977B8BD90795AB2AC79C364616C35CB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . C1ABBFE345CC9557BAA8FBDC8B572D06 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-04-29 . B49494080ED7D6D749D65786494ABD9A . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . DE364398A00B79DD448874155977EC0B . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . CA3BD4783DC7CA85E949EA6FF5906617 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . 6325783D4583E0EEBF26AA1286F26E70 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 4BE72F3F57BF111BE500F6681006E3D4 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 3B3A745E1C92A877C3F237ADFBA8348C . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . 571EAAB1E810CE9595C67A0EC9AE6DCF . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 14154D51ED61852B3AD4845103302ECE . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8A10F937FC26806AB238CEAFB2E619C5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . D5BE7B893C3A37E76463B58FF8810DB5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-29 . AE8C1E1E7B979D4346E754A25A31DC3C . 3070464 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2006-02-20 . 94CFA560D9EEAA14E4CB9AC88DCFB2F6 . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2007-10-29 . 9E6CB81BE111B9935F6A97C367CABD4E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2007-10-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2007-10-29 . F1B3C3DE9374C4A7B29A92BD749404B5 . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . C6B69A18D39744725FB73AC85E46032B . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . C6B69A18D39744725FB73AC85E46032B . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2007-10-29 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 0908290F2D809BAB461E6AE8740B4EF9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2007-10-29 . 926BB51BB6DE79DEDB93E9C2B0811CCF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2007-10-29 . 41FF9D663219A1DD0397FE2C5B09436C . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2007-10-29 . 1446EB71ADF0F54980CDD7E5A812E102 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2007-10-29 . E6F026DBC75B6EED7331EBF581AFD4D8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2007-10-29 . 73955B04F209D8A1C633867841267A96 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2007-10-29 . 2F8CBA2D2A332EB5D2A7DC084E3B30B3 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 . 9D6561AA09637E38E6449C711343CCAD . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 3A4C429F316C510C3E4C5F2FC7372C26 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-10-29 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
.
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2007-10-29 . C1E7FE19F98A877BF8F941BF48148695 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2011-11-04 . BE94B711CF6F539A220EE5042DA61B82 . 916992 . . [8.00.6001.19165] . . c:\windows\system32\wininet.dll
[-] 2011-11-04 . BE94B711CF6F539A220EE5042DA61B82 . 916992 . . [8.00.6001.19165] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-11-04 . 397B1D2692A9380D8A3EA29AD1FE0AD9 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 5CB924722A179B5203045E8D9994C312 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . A08C03655C0AADBB74C804C4BCB5F475 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 0FCE3E748360B53853B26DC1CBDC4601 . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . B4BAA858C13DA6E84F67E902C1B3C969 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . A4D5DFE6E80655BA2D2F7AC6A6173AB1 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 1E85D17C400AEB2E49C76223E723B6CB . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 30293249364C27963E086CB367FC1240 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 8CCD793488C8A4774FC360B215DB1B91 . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . C5C97B1DC198BE6AB29319EA211B617C . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 01840F3C16BE7ECD0DF2793A9AE13928 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . DC9B370A01F1BCD9DB40C5010335AF59 . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 939FD4412E1EE25C91BD95562CFF1912 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 3FD601CE35491BD7AFF335B3D1C75884 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 7274EB34AEBFDA1DC9B3032F5E62F8D0 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . FA2483ACCF72BD0516587B98303410AF . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . A5E6F403200AF075E03210FDFE019C18 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 188C0BB5DD640C6F711FA0C4295CF0CE . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . DFF254528086EC43A009CE2EFFBB8635 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 9DD114AA65811E8ADC42F7E9F9AA2128 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . CA616511815109192BF0CB7EBD6AA566 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . CFA6FEE390549F82BC9A1FBF616CE8FE . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 1680D62563A5081A85754528AAF77D1E . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . D58780F07D0F5C83B3DB634BBB273D39 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 9A9F818B89CD92F1BAD393B525A16051 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 349808BF272A3CAB2BE7E4C6662BCDC1 . 827392 . . [7.00.6000.16876] . . c:\windows\ie8\wininet.dll
[-] 2009-04-29 . B7DFEFC4FC10B8AC464FCDCA309267B6 . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 0F74B461F95EC8373FFF5990DC619A75 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . A4C79606C0D9835E8A5A8E5E5804AE60 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . FE184A2B736F216CCC22ABEEBB40787D . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . C1089010BCC3FD01056D26E9A36BBB79 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . 61D4F43D26EC9D21BEB6F38F22B396AB . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 93DB90BE4A10EC784DDC9C8601A28AA6 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . ED2A73AB0EBA3C4CB6794077CD09EC95 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-29 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
.
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2007-10-29 . 12EAD983C875ED9BCC8B90E3F77F2E4A . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2007-10-29 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-10-29 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
[-] 2008-04-14 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2007-10-29 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 084F6A2BCD2B5D4E461EA61760F625F7 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 084F6A2BCD2B5D4E461EA61760F625F7 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 2D2188BF003969FE99871005908736C4 . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 705E8550BA69B3A8828E8836CF647AF4 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2007-10-29 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-07-26 . D5622B6D4CD43F2223718820C0A178AD . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . FDCB65B500C748D9D36BCCD20156B7C5 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7E958544A86CDB308F849BAB7EC78908 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 7313DD91D93A33472E76D857EE7FFDE8 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
.
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2007-10-29 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-19 . FBBB356A996903FFB831BF72FD2A3E85 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2007-10-29 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . DCCC606FC144F6E44E497F9A906F1C30 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . DCCC606FC144F6E44E497F9A906F1C30 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 274E03035A46A3B8966193CAD34108E3 . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2007-10-29 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2007-10-29 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2007-10-29 . A49C11376727F7ADC7E206E4C89B24E1 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2007-10-29 . 3208BAD59EFA3F4FCCCFBF1317F2A1C1 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2007-10-29 . D1CAA255F33C06C8302769A86FFB905E . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . CE7DB8EE1C9BD8A40F84529DDC28B0D8 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2007-10-29 . AE360320E4143315BFEF9DE2E403F808 . 1546752 . . [5.1.2600.3186] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2007-10-29 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2007-10-29 . 78FBE7DA29307EDE7ED0E33F1C4969BC . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2007-10-29 . 546254D4769E165CDC3388D74B201FCB . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2007-10-29 . 1FBF38A525EEDD7402BFA7E27236A64F . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2007-10-29 . C06CD1890279603E15020757E02DE56B . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2007-10-29 . 250D4F4E1E27543C121378268FE07208 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2007-10-29 . 00E50CD4D9247CB56EFC1360C32AB755 . 175104 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2007-10-29 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2007-10-29 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2007-10-29 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . A656C2591548FF037C61BADF969D88D0 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2007-10-29 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2007-10-29 . 3777AB9537D05BFD404B0FBC13A140A6 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2007-10-29 12:00 . 68B975F737FA8F063F4036F9F8432F0A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
.
[-] 2011-10-26 . 30A4105504577DD96606AA4D47FE4A24 . 2073088 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-26 . 30A4105504577DD96606AA4D47FE4A24 . 2073088 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-26 . 5F5C1118777EF8D1D8B2611BFE60F1B8 . 2030592 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[-] 2011-10-26 . F96F854FA4FCEA69E84AF45E7214297E . 2073088 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 4B3685502B1B7E155E368D922525436B . 2073088 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 13872257E9C553A6501A6968C57BCE00 . 2030592 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . E24DAC79581355DC65A3637DD88EE635 . 2070656 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . D87FD9753A358E4CBBF48FB8E2489D50 . 2028032 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-17 . EAB8C02BE368E4E30F5DECBA0AECDA9B . 2067456 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 18AABF80852FAC8338456AEC72E09463 . 2020352 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 806A7A41A7AC42BDC1EE9A47E61151CE . 2019328 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-10-29 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . F5DA1E6ECAD8B9705A2DF4A7E5A2D16D . 2019328 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . AC8E98040F804FC77B4EC7A870DAFE3E . 2018816 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
.
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:13 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2007-10-29 12:00 . 6D96A941EED90224486F9AF30B9666E1 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-10-29 . 55D9782BFE8C70B70E892E51566BF7D4 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2007-02-05 . 5BD44542E87E1343E8D69EB95DF7685D . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 66A6CC644A3453E2C912CF5DFFE9F2DC . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2007-10-29 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2007-10-29 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2007-10-29 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2007-10-29 12:00 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2007-10-29 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2007-10-29 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2011-10-26 . 737D3FFDE5AF7765130EBFE791ADFDE2 . 2196480 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-26 . 737D3FFDE5AF7765130EBFE791ADFDE2 . 2196480 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2011-10-26 . E637261B377AB45A0D37F5D6F91F7E6F . 2152448 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-26 . 8F56D4D711634350147677E2E90097D4 . 2196480 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . B2FF616428ED134689DFB2C6856CC26E . 2196480 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . D78BB8B7F4AA08E983C65323D1400725 . 2152448 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-28 . F5B0511DB9F383DA5DCE638F4AFDA5B0 . 2149888 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-28 . 52219984EC19C4066F15EED46E3ACA55 . 2193792 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 60156ACC2D37BD3B7EDACD13AC46EC6B . 2140672 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . BBBEA4BEF0F730C9DFB2F5F8F4BEE2C3 . 2190592 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 6B45DCA7B594AF854D98797E5D0DA966 . 2139648 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-10-29 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 4FBB54345FE2BBB1314C97377A8EABEE . 2139648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . E4C79833B41219E8A075D19DD81FED14 . 2139136 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
.
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2007-10-29 . BA4E8AC9A60C4527C969D08F3ABE9D36 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2007-10-29 . 8B97D00E5C6A593EBB605CE4B8A5CAA5 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2007-10-29 . 2BB718BB4252909C389B3966492B0F30 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
[-] 2006-12-19 . D954F36C577677B9A8041CF0D937D155 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . 385CF0E9C4679D23E1E8715AF2116D03 . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2007-10-29 . EAAA11BE5C162266E698F7658BD8A1DA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2007-10-29 . 057393DFF71E294EDF6DB3AD2A0CD0DE . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
[-] 2006-06-26 . 2A43C2548324DA7D1971E721965064C2 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 266D8FA8F97CBBBA8BADE273F47215D9 . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"NokiaSuite.exe"="c:\programmi\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"nwiz"="nwiz.exe" [2007-11-28 1626112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-16 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-23 273528]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-3-20 295606]
Adobe Acrobat Synchronizer.lnk - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk.disabled [2008-5-8 1737]
HP Digital Imaging Monitor.lnk.disabled [2008-4-7 1788]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\programmi\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"iTunesHelper"=c:\programmi\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Attansic\\Attansic Ethernet Utility\\Mimo.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Programmi\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Avira\\AntiVir Desktop\\ipmgui.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/02/2009 2.11.22 64512]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21/10/2011 21.00.56 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/10/2011 21.00.57 86224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [05/04/2008 15.43.13 38656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/10/2011 11.37.21 16512]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [23/12/2011 7.12.10 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [23/12/2011 7.12.10 15232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/02/2012 14.54.37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/02/2012 14.54.37 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mcods
automate6
arhidfltr
sandradatasrv
ami0nt
mf
cdudf_xp
cmdmon
GT890x
SECYPUSB
LVVI500A
gusvc
entech
db2governor
w70n51
nvnforce
pctavsvc
mnsframework
cpqdfw
ARPolicy
ufad-ws60
iPassP
umwdf
icam4usb
ARSVC
bwsvc
artdhcp
clisvc
elservice
vc5secs
atixsaudio
mfeavfk
mrobeservice
sglogplayer
p3
T6963C
w200mdm
slservice
TOSHIBASoftModem
pdlndldl
PID_08A0
tdimsys
btwusb
se2Dnd5
venturi2
cwafreportscheduler
flashcom
lxrjd31d
wmp54gssvc
sfhlp01
symantecantibotfilter
wlancig
pcandis5
sonytvc
cacheserver
jconfigd
iisadmin
SWNC5E00
mwssched
SPLITCAM
cvspydr2
slapd-config52
EKECioCtl
cimnotify
ZTEusbnmea
aswtdi
se2Cunic
LHidKe
lvuvc
tsdhd
raysat3_4_6_18server
C-Dilla
keymaestro
hwdatacard
OEM02Dev
olcamsrv
upsmonservice
s616unic
SABSVC
lvcomser
crystalaps
qcdonner
bhmonitorservice
tsircsrv
dvd43llh
lockmgr
pdlnsx25
Cam5607
emclisrv
NITaggerService
netrcacm
MXOFX
winachsx
z800bus
CXAVXBAR
PDExchange
LVRS
twdns
vstor2
starwindservice
ccispwdsvc
VrAcFil
NICSer_WPC300N
p17
adpu320
MaVctrl
Usb20Scan
ctaud2k
usbsermpt
rmedia
qconsvc
nidomainservice
elnkservice
cm102u32
ncupdatesvc
ICAM5USB
quickhealfirewall
AYDrvNT_ALYAC
emitray
se27unic
NVXBAR
Dfs
vvoice
lvtuner
drvnddm
vpctcom
agp440
wlidsvc
DynDNS_Updater_Service
hcwPVRP2
FreshIO
uphclean
hdaudaddservice
acedrv05
EL2000
SymIMMP
firelm01
avgems
steamdvr
sympxsvc
MREMP50a64
xpagentserver
aracpi
BVRPMPR5
statusagent
InCDsrvR
usbbus
tdsmapi
ilicensesvc
UPATC
cwafeventrouter
tfsnopio
pdlnepkt
pxfhbus
x10nets
oracleorahomemanagementserver
CcmExec
nsm1mdfl
ATSWPDRV
soma
atksgt
MQAC
NVR0FLASHDev
tsscoreservice
forcewarewebinterface
mcnasvc
MA8032U
aolavupd
superproserver
snpstd2
usbvm321
wg6n
rp_fws
backupexecagentbrowser
carboncopyscheduler
lxdmCATSCustConnectService
backupexecrpcservice
tcpip6
REVO
TeamViewer
wintabservice
sisperf
SaiMini
QPSched
vstor2-ws60
avsvcmonitor
brmfrmps
ccdecode
sqlagent$pinnaclesys
lbtserv
Xyz777s
mmc_2K
PSDNServ
scan
dlcj_device
iaimtv2
ihcservice
traprcvr
SE2Cmdm
NvNdis
CTSYN
SISNICXP
useraccess7
WD_FireWire_HID
rnadiagnosticsservice
gdrv
NWSAP
rt2500usb
pgfilter
npapimon
hwpsgt
com0com
zpcollector
MREMPR5
plscsi
quickbooksdb
aswupdsv
sandboxu
adiusbaw
NxFsMon
msgame
OEM02Vfx
bc_ip_f
ovsecurityserver
emu10k1
lmouflt2
slabbus
SbcpHid
WMIService
NtMtlFax
rvsinst
hibernation
InterBaseServer
AIRPLUS
btkrnl
SRTSP
iksysflt
pml
ZDPSp50
zBackupAssistService
tsmapip
isamsmt
wlluc48
prismxl
nimcrpcsu
rrrspy
Appn
fallback
pvservice
SQLAgent$ABBEYIIOFFLINE
CTMFLT
cpqalert
CAMCHALA
pavdrv
tosrfcom
Atmuni
SPFDRV
cercsr6
caboagp
BCM42RLY
CnxTrLan
elbydelay
szserver
MobilePreInstallerService
vmauthdservice
ELhid
IBMTPCHK
ADSMService
erecoveryservice
regdefend
winpowerrmi
Alpham1
symtdi
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
taphss
SimpTcp
c34nb4c5
KMW_USB
mcshield
AsIO
se44nd5
s117mgmt
pshost
s7oppitx
slee_503_service
dlcg_device
EPSON_EB_RPCV4_01
sfcure01
iteatapi
Subsonic
iAimFP6
pelmouse
nod32krn
DeviceScanner
mks_scan
elbycdio
zendcoreapache
cxlpt
oracle_load_balancer_60_client-forms6ip14
w800mdm
pdlncbas
retrolauncher
ipassconnectengine
PAR1284
fcdabus
CSDriver
spcsutilityservice
s716mdfl
WDM_YAMAHAAC97
mscsptisrv
PBADRV
zpaction
TNaviSrv
Invoker
KR10N
s125obex
rkhdrv31
tbaspi
ASFWHide
avcgbdr
btwdndis
cvsnt
axskbus
bridgemp
ASInsHelp
msgsrvservice
issuser
Hardlock
iaimtv0
VRFIL
bcm4sbxp
MKEMUSB
PhilCam8116
HSX_DP
swupdtmr
ma_cmidi_installerservice
ssm_mdfl
DC21x4
SaiNtHid
oracle%oracle_home_service%clientcache80
w300mdm
VAIOMediaPlatform-MusicServer-HTTP
wuolservice
Intel_MIPMNMP
USB_RNDIS
EQDRV5
downloadmanagerlite
GT680x
NTSIM
nmservice
sweepsrv.sys
RapiMgr
lvselsus
AVCSTRM
arcltsrv
snoopfreesvc
Cap7134
phc600
ulcdrhlp
AmeLanPc
W700mdm
proxyhostservice
MRESP50a64
tones
dladresm
REVOSENS
XAudio
amdk77
mdvrmng
W2acehid
pserve
LMS
ohci1394
ASDR
ikhlayer
USB11LDR
GBFSHook
USB_NDIS_51
CTMMOUNT
tapeware
ccalib8
cypresslink
MSSQL$AUTODESKVAULT
PcdrNt
dsunidrv
eeyeevnt
z525mdm
nvgts
bthserv
irda
procmon10
wacomvhid
s217mgmt
https-nassry
SWMX00
w550mgmt
spupdsvc
imonnt
FsVga
pdscheduler
db2jds
SrvcEPIOMngr
n3900
db2remotecmd
csctl50
wlsetupsvc
ftsata2
e1000
FileDisk
avgio
dtsagntsvc
cmigameport
ageremodemaudio
blueservice
tfsndres
STV680m
cpsvc
dlbx_device
RR2IOMod
pgpsdkservice
SeratoUsb
NVR0Dev
elagopro
persfw
backupexecjobengine
[email protected]:+fah+fah-service+fah502-console.exe
mpfservice
CTEDSPFX.DLL
MRENDIS5
ccs
TCtrlIO
nmap
win32sl
SenFiltService
se59mdm
zfdwm
tfsnpool
addfiltr
oraclewebassistant
aspi32
remotelyanywhere
tosrfsnd
lkclassads
PTDCMdm
vmkbd
DcFpoint
iPassPeriodicUpdateApp
dmisrv
oraclesnmppeerencapsulator
hotspotshieldservice
SQLAgent$MICROSOFTSMLBIZ
psadd
vcsw
ntrtscan
milshieldcleaner
mksupdateint
cdralw2k
oracle_load_balancer_60_server-forms6ip14
VAIOMediaPlatform-VideoServer-HTTP
cpqarry2
nHancer
eaps2kbd
maxbackserviceint
hpwirelessmgr
dashsvc
mrpostman
flashpnt
jukebox3
unrealircd
vpnva
MTC0001_ESB
dklogger
mqdmmdfl
AtiHdmiService
CBN
tnbrlds
SiSRaid
netmnt
webrootadminconsole
RalinkRegistryWriter
symsnap
advservice
AVWLP_USB
BCMTPM
WINUSB
w300mdfl
besclient
a016mgmt
trackcam4
p2pgasvc
mohfilt
pinnacleupdatesvc
npkcusb
truecrypt
jobserver_report
cpqvcagent
scramby
rt61
belgium_id_card_service
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 16:38]
.
2012-03-05 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programmi\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-26 14:24]
.
2012-03-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1897051121-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-02-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1897051121-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cedacri.it
Trusted Zone: teleborsa.it\cedacri
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\admin\Dati applicazioni\Mozilla\Firefox\Profiles\3iuyc5x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: [email protected] - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: [email protected] - c:\programmi\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-UniblueRegistryBooster - c:\programmi\Uniblue\RegistryBooster\launcher.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ESET Online Scanner - c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\[email protected]:+fah+fah-service+fah502-console.exe]
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,4d,d1,b8,26,d1,47,4a,b2,f9,71,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,4d,d1,b8,26,d1,47,4a,b2,f9,71,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-03-05 10:05:32 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-03-05 09:05
ComboFix2.txt 2010-09-02 09:33
.
Pre-Run: 233.247.117.312 byte disponibili
Post-Run: 233.025.994.752 byte disponibili
.
- - End Of File - - 6A10746F9C52181845CD49C283FC5FE7
beppe1968 is offline  
Old 03-05-2012, 04:47 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe. Good job! Did you uninstall Ad-Watch? Are you able to connect now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-05-2012, 07:49 AM   #12
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
I uninstalled Ad-aware.
No internet connection yet: I went to the pc dealer and must bring the pc in order to check and fix the network card. If you agree I'll do this and then come back to you. Let me know
beppe1968 is offline  
Old 03-05-2012, 07:55 AM   #13
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Please Chemist also take note of this:
I checked Network Connection window and saw that now the connection to the LAN is enabled (I have a High Speed internet connection, or at least I was supposed to have..).
The browser do not connect though
beppe1968 is offline  
Old 03-05-2012, 08:02 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe. Let's try one more run of ComboFix and see if you can connect.

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
SecCenter::
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

File::
c:\windows\Tasks\Ad-Aware Update (Weekly).job

Driver::
Lavasoft Ad-Aware Service
Lavasoft Kernexplorer

NetSvc::
mcods
automate6
arhidfltr
sandradatasrv
ami0nt
mf
cdudf_xp
cmdmon
GT890x
SECYPUSB
LVVI500A
gusvc
entech
db2governor
w70n51
nvnforce
pctavsvc
mnsframework
cpqdfw
ARPolicy
ufad-ws60
iPassP
umwdf
icam4usb
ARSVC
bwsvc
artdhcp
clisvc
elservice
vc5secs
atixsaudio
mfeavfk
mrobeservice
sglogplayer
p3
T6963C
w200mdm
slservice
TOSHIBASoftModem
pdlndldl
PID_08A0
tdimsys
btwusb
se2Dnd5
venturi2
cwafreportscheduler
flashcom
lxrjd31d
wmp54gssvc
sfhlp01
symantecantibotfilter
wlancig
pcandis5
sonytvc
cacheserver
jconfigd
iisadmin
SWNC5E00
mwssched
SPLITCAM
cvspydr2
slapd-config52
EKECioCtl
cimnotify
ZTEusbnmea
aswtdi
se2Cunic
LHidKe
lvuvc
tsdhd
raysat3_4_6_18server
C-Dilla
keymaestro
hwdatacard
OEM02Dev
olcamsrv
upsmonservice
s616unic
SABSVC
lvcomser
crystalaps
qcdonner
bhmonitorservice
tsircsrv
dvd43llh
lockmgr
pdlnsx25
Cam5607
emclisrv
NITaggerService
netrcacm
MXOFX
winachsx
z800bus
CXAVXBAR
PDExchange
LVRS
twdns
vstor2
starwindservice
ccispwdsvc
VrAcFil
NICSer_WPC300N
p17
adpu320
MaVctrl
Usb20Scan
ctaud2k
usbsermpt
rmedia
qconsvc
nidomainservice
elnkservice
cm102u32
ncupdatesvc
ICAM5USB
quickhealfirewall
AYDrvNT_ALYAC
emitray
se27unic
NVXBAR
Dfs
vvoice
lvtuner
drvnddm
vpctcom
agp440
wlidsvc
DynDNS_Updater_Service
hcwPVRP2
FreshIO
uphclean
hdaudaddservice
acedrv05
EL2000
SymIMMP
firelm01
avgems
steamdvr
sympxsvc
MREMP50a64
xpagentserver
aracpi
BVRPMPR5
statusagent
InCDsrvR
usbbus
tdsmapi
ilicensesvc
UPATC
cwafeventrouter
tfsnopio
pdlnepkt
pxfhbus
x10nets
oracleorahomemanagementserver
CcmExec
nsm1mdfl
ATSWPDRV
soma
atksgt
MQAC
NVR0FLASHDev
tsscoreservice
forcewarewebinterface
mcnasvc
MA8032U
aolavupd
superproserver
snpstd2
usbvm321
wg6n
rp_fws
backupexecagentbrowser
carboncopyscheduler
lxdmCATSCustConnectService
backupexecrpcservice
tcpip6
REVO
TeamViewer
wintabservice
sisperf
SaiMini
QPSched
vstor2-ws60
avsvcmonitor
brmfrmps
ccdecode
sqlagent$pinnaclesys
lbtserv
Xyz777s
mmc_2K
PSDNServ
scan
dlcj_device
iaimtv2
ihcservice
traprcvr
SE2Cmdm
NvNdis
CTSYN
SISNICXP
useraccess7
WD_FireWire_HID
rnadiagnosticsservice
gdrv
NWSAP
rt2500usb
pgfilter
npapimon
hwpsgt
com0com
zpcollector
MREMPR5
plscsi
quickbooksdb
aswupdsv
sandboxu
adiusbaw
NxFsMon
msgame
OEM02Vfx
bc_ip_f
ovsecurityserver
emu10k1
lmouflt2
slabbus
SbcpHid
WMIService
NtMtlFax
rvsinst
hibernation
InterBaseServer
AIRPLUS
btkrnl
SRTSP
iksysflt
pml
ZDPSp50
zBackupAssistService
tsmapip
isamsmt
wlluc48
prismxl
nimcrpcsu
rrrspy
Appn
fallback
pvservice
SQLAgent$ABBEYIIOFFLINE
CTMFLT
cpqalert
CAMCHALA
pavdrv
tosrfcom
Atmuni
SPFDRV
cercsr6
caboagp
BCM42RLY
CnxTrLan
elbydelay
szserver
MobilePreInstallerService
vmauthdservice
ELhid
IBMTPCHK
ADSMService
erecoveryservice
regdefend
winpowerrmi
Alpham1
symtdi
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
taphss
SimpTcp
c34nb4c5
KMW_USB
mcshield
AsIO
se44nd5
s117mgmt
pshost
s7oppitx
slee_503_service
dlcg_device
EPSON_EB_RPCV4_01
sfcure01
iteatapi
Subsonic
iAimFP6
pelmouse
nod32krn
DeviceScanner
mks_scan
elbycdio
zendcoreapache
cxlpt
oracle_load_balancer_60_client-forms6ip14
w800mdm
pdlncbas
retrolauncher
ipassconnectengine
PAR1284
fcdabus
CSDriver
spcsutilityservice
s716mdfl
WDM_YAMAHAAC97
mscsptisrv
PBADRV
zpaction
TNaviSrv
Invoker
KR10N
s125obex
rkhdrv31
tbaspi
ASFWHide
avcgbdr
btwdndis
cvsnt
axskbus
bridgemp
ASInsHelp
msgsrvservice
issuser
Hardlock
iaimtv0
VRFIL
bcm4sbxp
MKEMUSB
PhilCam8116
HSX_DP
swupdtmr
ma_cmidi_installerservice
ssm_mdfl
DC21x4
SaiNtHid
oracle%oracle_home_service%clientcache80
w300mdm
VAIOMediaPlatform-MusicServer-HTTP
wuolservice
Intel_MIPMNMP
USB_RNDIS
EQDRV5
downloadmanagerlite
GT680x
NTSIM
nmservice
sweepsrv.sys
RapiMgr
lvselsus
AVCSTRM
arcltsrv
snoopfreesvc
Cap7134
phc600
ulcdrhlp
AmeLanPc
W700mdm
proxyhostservice
MRESP50a64
tones
dladresm
REVOSENS
XAudio
amdk77
mdvrmng
W2acehid
pserve
LMS
ohci1394
ASDR
ikhlayer
USB11LDR
GBFSHook
USB_NDIS_51
CTMMOUNT
tapeware
ccalib8
cypresslink
MSSQL$AUTODESKVAULT
PcdrNt
dsunidrv
eeyeevnt
z525mdm
nvgts
bthserv
irda
procmon10
wacomvhid
s217mgmt
https-nassry
SWMX00
w550mgmt
spupdsvc
imonnt
FsVga
pdscheduler
db2jds
SrvcEPIOMngr
n3900
db2remotecmd
csctl50
wlsetupsvc
ftsata2
e1000
FileDisk
avgio
dtsagntsvc
cmigameport
ageremodemaudio
blueservice
tfsndres
STV680m
cpsvc
dlbx_device
RR2IOMod
pgpsdkservice
SeratoUsb
NVR0Dev
elagopro
persfw
backupexecjobengine
[email protected]:+fah+fah-service+fah502-console.exe
mpfservice
CTEDSPFX.DLL
MRENDIS5
ccs
TCtrlIO
nmap
win32sl
SenFiltService
se59mdm
zfdwm
tfsnpool
addfiltr
oraclewebassistant
aspi32
remotelyanywhere
tosrfsnd
lkclassads
PTDCMdm
vmkbd
DcFpoint
iPassPeriodicUpdateApp
dmisrv
oraclesnmppeerencapsulator
hotspotshieldservice
SQLAgent$MICROSOFTSMLBIZ
psadd
vcsw
ntrtscan
milshieldcleaner
mksupdateint
cdralw2k
oracle_load_balancer_60_server-forms6ip14
VAIOMediaPlatform-VideoServer-HTTP
cpqarry2
nHancer
eaps2kbd
maxbackserviceint
hpwirelessmgr
dashsvc
mrpostman
flashpnt
jukebox3
unrealircd
vpnva
MTC0001_ESB
dklogger
mqdmmdfl
AtiHdmiService
CBN
tnbrlds
SiSRaid
netmnt
webrootadminconsole
RalinkRegistryWriter
symsnap
advservice
AVWLP_USB
BCMTPM
WINUSB
w300mdfl
besclient
a016mgmt
trackcam4
p2pgasvc
mohfilt
pinnacleupdatesvc
npkcusb
truecrypt
jobserver_report
cpqvcagent
scramby
rt61
belgium_id_card_service

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

DirLook::
c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\963c7253

Folder::
c:\programmi\Lavasoft
Save this Notepad file as CFScript.txt to your USB drive and transfer it to the desktop of the infected computer.





Referring to the picture above, drag CFScript onto ComboFix.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-05-2012, 12:10 PM   #15
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
thanks...
Here is the log
I've also read mikiemoies writeup.
Still no internet connection even if the LAN connection is enabled.
What suggestion?


ComboFix 12-03-04.02 - admin 05/03/2012 20.27.14.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2691 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Tasks\Ad-Aware Update (Weekly).job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Ad-Aware Update (Weekly).job
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-05 al 2012-03-05 )))))))))))))))))))))))))))))))))))
.
.
2012-03-04 16:36 . 2012-03-05 00:36 -------- d-----w- c:\documents and settings\Administrator.BOCCI-B430185CD
2012-02-27 11:32 . 2012-02-28 14:47 -------- d-sh--w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\963c7253
2012-02-11 13:56 . 2012-02-11 14:01 -------- d-----w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\Nokia
2012-02-11 13:55 . 2012-02-11 13:55 -------- d-----w- c:\programmi\File comuni\Nokia
2012-02-11 13:55 . 2012-02-11 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2012-02-11 13:54 . 2012-02-11 13:54 -------- d-----w- c:\programmi\PC Connectivity Solution
2012-02-11 13:54 . 2011-11-01 09:07 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-11 13:54 . 2011-11-01 09:07 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-11 13:54 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-11 13:54 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-11 13:54 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-11 13:54 . 2011-11-01 09:07 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-02-11 13:54 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-11 13:54 . 2011-11-01 09:07 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2012-02-11 13:54 . 2011-11-01 09:07 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 21:16 . 2011-06-06 07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 18:18 . 2011-10-21 20:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-10 14:24 . 2011-11-26 23:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\963c7253 ----
.
2012-02-27 11:32 . 2012-02-27 11:32 2048 --sha-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\963c7253\@
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:13 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2007-10-29 12:00 . B979BBBA74F4F5DB69C3A5DFDC52828C . 845824 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 60977C9BAE8F86F9075829325303D0C9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2007-10-29 . 216F8454A9415DD3E451B169DC3121C4 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2007-10-29 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 5DC6E15B3989AF66D09F39786FD7154E . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\4693278\comctl32.dll
[-] 2010-08-23 . B01635393A2B490FE49B7F97A9E41071 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2007-10-29 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2007-10-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2007-10-29 . D81759006D620D41F7FD1D2A4A10C7F3 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 837B282813808C17E9C94E56300AA29E . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
[-] 2011-11-04 . EB7E064DD88FA4F9DA6B2B76F624ADD4 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\mshtml.dll
[-] 2011-11-04 . EB7E064DD88FA4F9DA6B2B76F624ADD4 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-11-04 . E431160D9EBBE0DC3EAD35627B972352 . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . F0FDED4B8E077DF1160DE0CB6EF92D7B . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2011-10-03 . 2DE1BFE4FD2EE9B117B059A1EE464EC9 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . 1A8649F2BCD575AE0D462E933CD74024 . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2011-07-25 . D3013B21AF40E59D5587BE8C8F323CE9 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . 0C91400EDF1C7BF1B9095EB7D005060A . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . 639DF85E298EC8DD0F41D4928197A1D7 . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . EE2BAEA8398F22C189FEA265DCD3406C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 4E44B6487F67D2E649767097A2C176D1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2010-12-20 . 56A765688E464290255ADC5E31016BC7 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 72E5D4895E301F19CBC72A7CBE9CE22B . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . A31163076E0D5AED751B3253FA62FC44 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 4F82A743CF2FBAFE4A085EB073AD9173 . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . B33D831E06B389528B0A97466DA59449 . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . A042F8C1299295D09424E858DFBE4808 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 1332791F84379AA928AD7C9BC41C1FEF . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . 3E0358C6C60B7D136743000790A28335 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 3152E3D40DFDDCD584D4A1B2D43A43FF . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 75EC978702E3F76FD42F3BE0F2CB3F02 . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 111E92E71316073204785FA8261D1057 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . 7527782E1A07BCA7C58E3F3CF39A6E76 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-10-29 . 83C2B9AD98490B6CC164FC2BA8F01CB6 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . 84068701B8A68CE44B329C24448337F0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-22 . 97DA2BA7C17D5D6404A92375CCD485C9 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . 83E7AF0C577D813124C4AE6D188C8D58 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 68EFBA5BAE7E5A36ABCC8386E8593FC9 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . BB2407CD8BAF3C0B0DFCB293492D4233 . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . DB2E2E87EDF8DCDC6B0B76244B2B97D1 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie8\mshtml.dll
[-] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . C977B8BD90795AB2AC79C364616C35CB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . C1ABBFE345CC9557BAA8FBDC8B572D06 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-04-29 . B49494080ED7D6D749D65786494ABD9A . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . DE364398A00B79DD448874155977EC0B . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . CA3BD4783DC7CA85E949EA6FF5906617 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . 6325783D4583E0EEBF26AA1286F26E70 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 4BE72F3F57BF111BE500F6681006E3D4 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 3B3A745E1C92A877C3F237ADFBA8348C . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . F543C74EB47E1C1DB9362BDFE06433EE . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . 571EAAB1E810CE9595C67A0EC9AE6DCF . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 14154D51ED61852B3AD4845103302ECE . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . 8A10F937FC26806AB238CEAFB2E619C5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . D5BE7B893C3A37E76463B58FF8810DB5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-29 . AE8C1E1E7B979D4346E754A25A31DC3C . 3070464 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2006-02-20 . 94CFA560D9EEAA14E4CB9AC88DCFB2F6 . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
.
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 2C67745B5DF03CB227679B2DB895AF1D . 247296 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . E0723611F1A6CAAA66956AD234781617 . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . DBEA9D34E2A62E3484F65AC975566D7B . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . C6B69A18D39744725FB73AC85E46032B . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . C6B69A18D39744725FB73AC85E46032B . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 7E1CEE90214FA6DEF0E601CD7A9FC950 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2007-10-29 . 337CB52AF1F7CF6C0F57EC8BD14DC6D1 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2011-11-04 . BE94B711CF6F539A220EE5042DA61B82 . 916992 . . [8.00.6001.19165] . . c:\windows\system32\wininet.dll
[-] 2011-11-04 . BE94B711CF6F539A220EE5042DA61B82 . 916992 . . [8.00.6001.19165] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-11-04 . 397B1D2692A9380D8A3EA29AD1FE0AD9 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 5CB924722A179B5203045E8D9994C312 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . A08C03655C0AADBB74C804C4BCB5F475 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 0FCE3E748360B53853B26DC1CBDC4601 . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . B4BAA858C13DA6E84F67E902C1B3C969 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . A4D5DFE6E80655BA2D2F7AC6A6173AB1 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 1E85D17C400AEB2E49C76223E723B6CB . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 30293249364C27963E086CB367FC1240 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 8CCD793488C8A4774FC360B215DB1B91 . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . C5C97B1DC198BE6AB29319EA211B617C . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 01840F3C16BE7ECD0DF2793A9AE13928 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . DC9B370A01F1BCD9DB40C5010335AF59 . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . C1118FF7E47EDB4B07E7B4B2B69B6A89 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 939FD4412E1EE25C91BD95562CFF1912 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 3FD601CE35491BD7AFF335B3D1C75884 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 7274EB34AEBFDA1DC9B3032F5E62F8D0 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . FA2483ACCF72BD0516587B98303410AF . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . A5E6F403200AF075E03210FDFE019C18 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 188C0BB5DD640C6F711FA0C4295CF0CE . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . DFF254528086EC43A009CE2EFFBB8635 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 9DD114AA65811E8ADC42F7E9F9AA2128 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-10-29 . C519BD50898ED820C8F76DCAFA8C45F5 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . CA616511815109192BF0CB7EBD6AA566 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . CFA6FEE390549F82BC9A1FBF616CE8FE . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 1680D62563A5081A85754528AAF77D1E . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . D58780F07D0F5C83B3DB634BBB273D39 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 9A9F818B89CD92F1BAD393B525A16051 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 349808BF272A3CAB2BE7E4C6662BCDC1 . 827392 . . [7.00.6000.16876] . . c:\windows\ie8\wininet.dll
[-] 2009-04-29 . B7DFEFC4FC10B8AC464FCDCA309267B6 . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 0F74B461F95EC8373FFF5990DC619A75 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . A4C79606C0D9835E8A5A8E5E5804AE60 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . FE184A2B736F216CCC22ABEEBB40787D . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . C1089010BCC3FD01056D26E9A36BBB79 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-14 . 663E74D98D2E67C1343D367388EDD711 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . 61D4F43D26EC9D21BEB6F38F22B396AB . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 93DB90BE4A10EC784DDC9C8601A28AA6 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . ED2A73AB0EBA3C4CB6794077CD09EC95 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-29 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
.
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2007-10-29 . 0C1F495C1761C126BC820F4DE4C8B967 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2007-10-29 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 084F6A2BCD2B5D4E461EA61760F625F7 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 084F6A2BCD2B5D4E461EA61760F625F7 . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 2D2188BF003969FE99871005908736C4 . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 73E284809F5B963374DB8FFAF39AD824 . 1287680 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 705E8550BA69B3A8828E8836CF647AF4 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2007-10-29 . 66364440C71911D07468F3791206FB87 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-07-26 . D5622B6D4CD43F2223718820C0A178AD . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . FDCB65B500C748D9D36BCCD20156B7C5 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7E958544A86CDB308F849BAB7EC78908 . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 7313DD91D93A33472E76D857EE7FFDE8 . 1284608 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
.
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9B9E11304DF13254CF177F95F7A33D9B . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EC73FF04C4700137413C48DAE1F7756A . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 2123D430FD85EFB80F1F139431A3A6F0 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2007-10-29 . D80FEA125DC5860E4BC786AE07DE6DB8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-19 . FBBB356A996903FFB831BF72FD2A3E85 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2009-07-27 . DCCC606FC144F6E44E497F9A906F1C30 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . DCCC606FC144F6E44E497F9A906F1C30 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 274E03035A46A3B8966193CAD34108E3 . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . A982208204830A213D7963BF2A215E56 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2007-10-29 . 500E8EF27757B1C463A4A263ED2C95D2 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2006-12-19 . FAD73705BED0910E910DE852B0F8AEBC . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 89F95338182388B65DC381AEAAB62079 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2007-10-29 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2007-10-29 . 250D4F4E1E27543C121378268FE07208 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2010-09-18 07:18 . A656C2591548FF037C61BADF969D88D0 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . B4E33B4CC916871D83C276CA29AFDD55 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 02:13 . EE45F8D08BAEDA5316EA2C4F0B3C07AF . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2007-10-29 12:00 . 907601D4078A5526CDA46536A4288E44 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:18 . BB6786F692227DD59F1C872CCA19282D . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2011-10-26 . 30A4105504577DD96606AA4D47FE4A24 . 2073088 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-26 . 30A4105504577DD96606AA4D47FE4A24 . 2073088 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-26 . 5F5C1118777EF8D1D8B2611BFE60F1B8 . 2030592 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[-] 2011-10-26 . F96F854FA4FCEA69E84AF45E7214297E . 2073088 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 4B3685502B1B7E155E368D922525436B . 2073088 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 13872257E9C553A6501A6968C57BCE00 . 2030592 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . E24DAC79581355DC65A3637DD88EE635 . 2070656 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . D87FD9753A358E4CBBF48FB8E2489D50 . 2028032 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-17 . EAB8C02BE368E4E30F5DECBA0AECDA9B . 2067456 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 18AABF80852FAC8338456AEC72E09463 . 2020352 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 806A7A41A7AC42BDC1EE9A47E61151CE . 2019328 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2009-02-09 . A9E9D393BF5E247C526D39B9AF8DEF06 . 2066688 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-14 . 5E95F445B70ADCF8876D1203852262A1 . 2069632 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-10-29 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2007-02-28 . F89D8E24FBE047506D60B850D00BDEE3 . 2063104 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . F5DA1E6ECAD8B9705A2DF4A7E5A2D16D . 2019328 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . AC8E98040F804FC77B4EC7A870DAFE3E . 2018816 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
.
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2007-10-29 . E99A5DF2A937580361D6C698E4620DBA . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2007-10-29 . CC954D05B696D408EA1A962651FC6F83 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2007-10-29 . 613E66ACE3FAE6523E6F1A0183AF7F2D . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:13 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2007-10-29 12:00 . CB6B225CC6C85CDA0430EF12441EA5B6 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2007-10-29 . 8058A9383E61C45D25B93B26605F2A80 . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2007-10-29 . 9B5A59851D9A237C86210E07E2195A12 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2011-10-26 . 737D3FFDE5AF7765130EBFE791ADFDE2 . 2196480 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-26 . 737D3FFDE5AF7765130EBFE791ADFDE2 . 2196480 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2011-10-26 . E637261B377AB45A0D37F5D6F91F7E6F . 2152448 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-26 . 8F56D4D711634350147677E2E90097D4 . 2196480 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . B2FF616428ED134689DFB2C6856CC26E . 2196480 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . D78BB8B7F4AA08E983C65323D1400725 . 2152448 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-28 . F5B0511DB9F383DA5DCE638F4AFDA5B0 . 2149888 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-28 . 52219984EC19C4066F15EED46E3ACA55 . 2193792 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 60156ACC2D37BD3B7EDACD13AC46EC6B . 2140672 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . BBBEA4BEF0F730C9DFB2F5F8F4BEE2C3 . 2190592 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 6B45DCA7B594AF854D98797E5D0DA966 . 2139648 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2009-02-09 . 653218414CC0F50BDB8F9C51057D5A3C . 2189824 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 . 7D804C28404E94F57967DE3394201D55 . 2192768 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-10-29 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2007-02-28 . 763EA08993B467A3AF048EF185B1F805 . 2185856 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 4FBB54345FE2BBB1314C97377A8EABEE . 2139648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . E4C79833B41219E8A075D19DD81FED14 . 2139136 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
.
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2007-10-29 . 8B97D00E5C6A593EBB605CE4B8A5CAA5 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2007-10-29 . 2BB718BB4252909C389B3966492B0F30 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
[-] 2006-12-19 . D954F36C577677B9A8041CF0D937D155 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . 385CF0E9C4679D23E1E8715AF2116D03 . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2007-10-29 . EAAA11BE5C162266E698F7658BD8A1DA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2007-10-29 . 057393DFF71E294EDF6DB3AD2A0CD0DE . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
[-] 2006-06-26 . 2A43C2548324DA7D1971E721965064C2 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 266D8FA8F97CBBBA8BADE273F47215D9 . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( [email protected]_08.57.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 19:39 . 2012-03-05 19:39 16384 c:\windows\Temp\Perflib_Perfdata_e6c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"NokiaSuite.exe"="c:\programmi\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"nwiz"="nwiz.exe" [2007-11-28 1626112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-16 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-23 273528]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-3-20 295606]
Adobe Acrobat Synchronizer.lnk - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk.disabled [2008-5-8 1737]
HP Digital Imaging Monitor.lnk.disabled [2008-4-7 1788]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\programmi\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"iTunesHelper"=c:\programmi\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Attansic\\Attansic Ethernet Utility\\Mimo.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Programmi\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Avira\\AntiVir Desktop\\ipmgui.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21/10/2011 21.00.56 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/10/2011 21.00.57 86224]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [05/04/2008 15.43.13 38656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/10/2011 11.37.21 16512]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11/02/2012 14.54.37 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11/02/2012 14.54.37 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-05 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programmi\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-11-26 14:24]
.
2012-03-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2012-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1897051121-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2012-02-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1897051121-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cedacri.it
Trusted Zone: teleborsa.it\cedacri
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\admin\Dati applicazioni\Mozilla\Firefox\Profiles\3iuyc5x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: [email protected] - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: [email protected] - c:\programmi\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 20:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\[email protected]:+fah+fah-service+fah502-console.exe]
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-03-05 20:44:28 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2012-03-05 19:44
ComboFix2.txt 2012-03-05 09:05
ComboFix3.txt 2010-09-02 09:33
.
Pre-Run: 233.235.664.896 byte disponibili
Post-Run: 233.211.441.152 byte disponibili
.
- - End Of File - - 72EB9B605B5A790F395AC2F072FCBC83
beppe1968 is offline  
Old 03-05-2012, 01:13 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the 'Internet Services' option remains checked.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-05-2012, 03:57 PM   #17
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
thanks again for your persistence
Here is the scan

Farbar Service Scanner Version: 01-03-2012
Ran by admin (administrator) on 06-03-2012 at 00:51:53
Running from "C:\Documents and Settings\admin\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2010-09-10 00:40] - [2008-04-14 03:13] - 0126976 ____A (Microsoft Corporation) 699EE7F752A25180AEB92C3A0EAEE440

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2007-10-29 13:00] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) B7A1162B1A26DF7B60D5D9500006096C

C:\WINDOWS\system32\svchost.exe
[2007-10-29 13:00] - [2008-04-14 03:14] - 0014336 ____A (Microsoft Corporation) BB8363ABEC09AA2F9B363484E282117C

C:\WINDOWS\system32\rpcss.dll
[2007-10-29 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) BC4E0226341AAEC1222336B3AED86BAB

C:\WINDOWS\system32\services.exe
[2010-09-10 00:40] - [2009-02-09 12:22] - 0111104 ____N (Microsoft Corporation) 26845F272435302E0F3322E660A24F7D


Extra List:
=======
Gpc(3) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
Attention! IpSec Tag value should be 5. Attention! IpSec Tag value is missing and it should be 5.

**** End of log ****
beppe1968 is offline  
Old 03-05-2012, 04:22 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist peek.txt del /q peek.txt
regedit /a peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec" 
notepad peek.txt
del %0
Save this as peek.bat Choose to Save type as - All Files then transfer the file to your desktop.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Copy/paste that information into your next reply, please.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-06-2012, 11:16 AM   #19
Registered Member
 
Join Date: Nov 2008
Location: Italy
Posts: 118
OS: windows 7 home premium



Hi Chemist,
here is the log.
Wait for you

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,73,\
65,63,2e,73,79,73,00
"Group"="PNP_TDI"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
beppe1968 is offline  
Old 03-06-2012, 12:28 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, giuseppe.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,73,\
  65,63,2e,73,79,73,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Save the file as fix.reg and choose to Save as type: - All Files then transfer it to your desktop.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Reboot your computer. Are you able to connect now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
What's the best genre and which game?
So what's the best genre in gaming, which game is best, and why?
FulSal_CD Gaming Discussion 24 03-15-2012 06:37 AM
Graphics card and new mobo compatability.
I have an MSI Geforce GTS 250 512mb card. i believe ddr2. but my computer is a dell vostro 200 mini.. not slim. nothing has been upgraded but ram and gcard. i cant find the card on the internet. the only model they have is the ddr3. so is mine ddr2 or 3? my desktop is about 5 years old. gcard was...
jakea808 Motherboards, Bios & CPU 6 03-02-2012 08:19 PM
Auto Download and notify to install
What will happen if we configure these settings "Auto Download and notify to install" in Group Policy in WSUS server Active directory Please help when Updates will be downloaded any time limit?
labist Windows Servers 1 02-28-2012 09:25 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:47 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts