Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Sporadic Google Redirect

This is a discussion on Sporadic Google Redirect within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I'm getting sporadic Google redirects. When I click on a Google search result, sometimes I get re-directed to some


 
 
Thread Tools Search this Thread
Old 11-12-2011, 09:44 AM   #1
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Hello,

I'm getting sporadic Google redirects. When I click on a Google search result, sometimes I get re-directed to some other site not related to what I clicked on. This started happening after I updated to Firefox 8.

I tried to run GMER, but I got a blue screen error after about 6hrs of scanning, so there is no GMER file attached.

Thanks for your help.

Here is DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Gabriel Cardona at 20:46:24 on 2011-11-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1499 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WIN98\system32\svchost -k DcomLaunch
svchost.exe
C:\WIN98\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WIN98\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = ftp=localhost:8000;gopher=localhost:8000;http=localhost:8000;https=localhost:8000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AutorunsDisabled - No File
BHO: JQSIEStartDetectorImpl - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\win98\system32\ctfmon.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [AppWebServ] rundll32.exe "c:\documents and settings\gabriel cardona\local settings\application data\acromain64\AppWebServ.dll",nsCommon64 Clipmap3xx
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\win98\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\win98\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi69df~1\office12\REFIEBAR.DLL
Trusted Zone: starrynight.com\orders
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file://c:\win98\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37683.8087152778
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E7B6AC3E-4F3F-41E2-BD03-F1772CC343E6} - hxxp://tools.wordenresearch.com/wsinstall/WordenStudioInstall.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E62CA98C-0B5E-4013-850F-A52215CDBDE3} : DhcpNameServer = 192.168.1.254
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\win98\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:ie50 /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\win98\system32\updcrl.exe -e -u c:\win98\system\verisignpub1.crl
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gabriel cardona\application data\mozilla\firefox\profiles\bim59yxg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\gabriel cardona\application data\mozilla\firefox\profiles\bim59yxg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gabriel cardona\application data\mozilla\firefox\profiles\bim59yxg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\gabriel cardona\application data\mozilla\firefox\profiles\bim59yxg.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\gabriel cardona\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fasttrak;fasttrak;c:\win98\system32\drivers\Fasttrak.sys [2005-11-5 75520]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 269480]
R2 avgntflt;avgntflt;c:\win98\system32\drivers\avgntflt.sys [2010-11-11 66616]
R2 UMediaServer;UMediaServer;c:\program files\unrealstreaming\umediaserver\UMediaServer.exe [2010-3-20 325584]
R3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\win98\system32\drivers\CAUSB.SYS [2003-4-26 67684]
S1 AEC671X;AEC671X;c:\win98\system32\drivers\aec671x.sys [2003-8-22 12128]
S1 DMX3191;DMX3191;c:\win98\system32\drivers\dmx3191.sys [2003-8-22 17700]
S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\win98\system32\drivers\BridDFU.sys [2004-1-1 16302]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\win98\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 UDNT;UDNT;c:\win98\system32\drivers\udnt.sys [2003-8-22 76260]
S3 camvid20;Philips ToUcam Camera; Video;c:\win98\system32\drivers\camdrv21.sys [2004-3-9 223232]
S3 gAGP440p;gAGP440p;c:\docume~1\gabrie~1\locals~1\temp\gAGP440p.sys [2003-5-18 15872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-13 30192]
S3 KTPCGJ;KTPCGJ;c:\docume~1\gabrie~1\locals~1\temp\ktpcgj.exe --> c:\docume~1\gabrie~1\locals~1\temp\KTPCGJ.exe [?]
S3 PSI;PSI;c:\win98\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 scsiscan;SCSI Scanner Driver;c:\win98\system32\drivers\scsiscan.sys [2003-4-26 11520]
S3 vsdatant;vsdatant;c:\win98\system32\vsdatant.sys [2002-2-18 176896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\win98\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\win98\system32\drivers\XLoader.sys [2004-9-3 13184]
S4 NetIQEndpoint;NetIQ Endpoint;c:\progra~1\netiq\endpoint\endpoint.exe [2004-10-9 708669]
.
=============== Created Last 30 ================
.
2011-11-09 03:13:19 -------- d-----w- c:\documents and settings\gabriel cardona\local settings\application data\AcroMain64
.
==================== Find3M ====================
.
2011-10-07 01:20:36 9608392 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
2011-08-16 01:12:25 9925160 ----a-w- c:\program files\common files\lpuninstall.exe
2011-08-16 00:09:43 404640 ----a-w- c:\win98\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:47:48.31 ===============
Attached Files
File Type: zip attach_110911.zip (5.7 KB, 32 views)
hayden52 is offline  
Sponsored Links
Advertisement
 
Old 11-12-2011, 01:11 PM   #2
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Hello

Do you only get the redirects when using Firefox or do they occur when using Internet Explorer also?


We are going to try running Gmer a little differently.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following everything except for the Sections and C drive boxes ticked
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Clark76 is offline  
Old 11-13-2011, 03:23 PM   #3
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Dear Clark76,

Thanks for helping me with this problem.

I don't know if the problem occurs with IE, as I don't use it. I noticed that the problem started after I updated to FF version 8.

I ran GMER again with the settings you recommended and got the blue screen re-boot again after 9 hours of scanning, so I don't have any GMER files to post.

Thanks
hayden52 is offline  
Sponsored Links
Advertisement
 
Old 11-13-2011, 03:38 PM   #4
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



I did an experiment, and IE does not seem to re-direct. When FF re-directs, it goes to topusaprizes.com more than other places, but not just there. This is the one I notice most often.

Thanks
hayden52 is offline  
Old 11-13-2011, 07:12 PM   #5
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Let try one last thing to get Gmer to run and that it is to try running it in safe mode.

Please print out or save the following instructions in Notepad.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Try running Gmer once more using the same settings as last time: Uncheck the following everything except for the Sections and C drive boxes ticked


If that still will not work then do the following in normal mode:

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.
  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.

  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
Clark76 is offline  
Old 11-14-2011, 06:21 AM   #6
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



I'm running GMER in safe mode. I will leave it running while I go to work, and I'll report back this evening.

Thanks
hayden52 is offline  
Old 11-14-2011, 03:52 PM   #7
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Thanks for the update. Hopefully you will have success on your return from work
Clark76 is offline  
Old 11-14-2011, 08:13 PM   #8
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



GMER failed again; blue screen re-boot after about 10 hours of scanning. RootRepeal just hangs and does nothing after I begin the scan. It says "Initializing, please wait" and all disk activity stops and the mouse and keyboard become unresponsive. I tried in Safe Mode with the same results.

Thanks
hayden52 is offline  
Old 11-14-2011, 08:26 PM   #9
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Now, the computer won't boot at all. It hangs after the POST finishes in a black screen. I tried the Windows recovery console, and it does the same thing. What do I do now?
hayden52 is offline  
Old 11-15-2011, 07:32 PM   #10
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Are you able to try booting into safe mode or does it not let you get even that far?
Clark76 is offline  
Old 11-16-2011, 07:06 AM   #11
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



I've tried booting to safe mode, but it hangs after loading a bunch of drivers. At this point, I'm looking for my original XP CD to see if I can repair the boot sector, which seems to have been corrupted.

Do you have any other suggestions? Does RootRepeal do this often?

Thanks
hayden52 is offline  
Old 11-16-2011, 09:50 AM   #12
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



I think running a repair is the best option at this point.

As for if this happens a lot for when running RootRepeal, no since there are no changes that occur. It was only scanning your system for any possible rootkit infections.

Please let me know if you are able to find your install disk and are able to do the repair.
Clark76 is offline  
Old 11-19-2011, 05:15 AM   #13
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Clark76:

I borrowed an XP disc from work and was able to run recovery console after jumping through several hoops. I have a Promise Fast Trak100 raid card for which the Windows CD needs the drivers in order to see the raid array, and it needs these on floppy. Well, I haven't had a floppy drive for several years now, so I ended up undoing the raid array and hooking up 1 of the mirrored drives directly to the IDE channel on the motherboard. I used Recovery Console to fix the master boot record and was able to boot into Windows. Upon starting, Avira warned of something, so I ean a full scan and it found several things, some of which may be false but I quarantined them anyway. Here is the Avira log:

Avira AntiVir Personal
Report file date: Friday, November 18, 2011 21:34

Scanning for 3560763 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GABRIEL

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/3/2011 19:59:01
AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/3/2011 19:59:01
LUKE.DLL : 10.3.0.5 45416 Bytes 7/3/2011 19:59:02
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/3/2011 19:59:04
AVREG.DLL : 10.3.0.9 88833 Bytes 7/13/2011 00:57:30
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:47:28
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 03:14:14
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 02:34:15
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 12:37:00
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 01:37:31
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 02:25:50
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 00:38:24
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 00:38:24
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 00:38:24
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 00:38:24
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 00:38:25
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 00:38:25
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 21:16:23
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 01:04:02
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 01:04:02
VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 12:36:53
VBASE017.VDF : 7.11.16.34 187904 Bytes 10/18/2011 11:37:26
VBASE018.VDF : 7.11.16.77 139264 Bytes 10/20/2011 11:37:26
VBASE019.VDF : 7.11.16.112 162816 Bytes 10/24/2011 01:14:27
VBASE020.VDF : 7.11.16.150 167424 Bytes 10/26/2011 00:12:33
VBASE021.VDF : 7.11.16.187 171520 Bytes 10/28/2011 20:55:25
VBASE022.VDF : 7.11.16.209 190976 Bytes 10/31/2011 15:45:58
VBASE023.VDF : 7.11.16.243 158208 Bytes 11/2/2011 00:43:51
VBASE024.VDF : 7.11.17.21 194560 Bytes 11/6/2011 13:32:41
VBASE025.VDF : 7.11.17.101 202752 Bytes 11/9/2011 01:42:43
VBASE026.VDF : 7.11.17.137 214528 Bytes 11/11/2011 01:01:32
VBASE027.VDF : 7.11.17.154 278528 Bytes 11/14/2011 02:33:05
VBASE028.VDF : 7.11.17.197 175616 Bytes 11/16/2011 03:15:23
VBASE029.VDF : 7.11.17.198 2048 Bytes 11/16/2011 03:15:24
VBASE030.VDF : 7.11.17.199 2048 Bytes 11/16/2011 03:15:24
VBASE031.VDF : 7.11.17.231 184832 Bytes 11/18/2011 03:15:25
Engineversion : 8.2.6.116
AEVDF.DLL : 8.1.2.2 106868 Bytes 10/26/2011 02:30:59
AESCRIPT.DLL : 8.1.3.86 471420 Bytes 11/19/2011 03:15:34
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 01:08:53
AESBX.DLL : 8.2.1.34 323957 Bytes 6/2/2011 00:35:52
AERDL.DLL : 8.1.9.15 639348 Bytes 9/10/2011 00:25:00
AEPACK.DLL : 8.2.13.4 684406 Bytes 11/11/2011 01:42:52
AEOFFICE.DLL : 8.1.2.20 201083 Bytes 11/19/2011 03:15:33
AEHEUR.DLL : 8.1.2.192 3838328 Bytes 11/19/2011 03:15:33
AEHELP.DLL : 8.1.18.0 254327 Bytes 10/26/2011 02:30:51
AEGEN.DLL : 8.1.5.14 405877 Bytes 11/19/2011 03:15:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 01:08:47
AECORE.DLL : 8.1.24.0 196983 Bytes 10/26/2011 02:30:49
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 22:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 7/3/2011 19:59:01
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 02:02:32
AVARKT.DLL : 10.0.26.1 255336 Bytes 7/3/2011 19:58:59
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/3/2011 19:59:01
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/3/2011 19:58:58
RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/3/2011 19:58:58

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Friday, November 18, 2011 21:34

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '57' Module(s) have been scanned
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'wallmast.exe' - '22' Module(s) have been scanned
Scan process 'firefox.exe' - '90' Module(s) have been scanned
Scan process 'mozystat.exe' - '33' Module(s) have been scanned
Scan process 'OpenDNSUpdater.exe' - '85' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '78' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '30' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'alg.exe' - '31' Module(s) have been scanned
Scan process 'LVComSer.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '44' Module(s) have been scanned
Scan process 'unsecapp.exe' - '36' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '14' Module(s) have been scanned
Scan process 'UMediaServer.exe' - '33' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '6' Module(s) have been scanned
Scan process 'Explorer.EXE' - '107' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'MsgSvr.exe' - '34' Module(s) have been scanned
Scan process 'MsgAgt.exe' - '42' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'mozybackup.exe' - '48' Module(s) have been scanned
Scan process 'LVComSer.exe' - '39' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'inetinfo.exe' - '77' Module(s) have been scanned
Scan process 'FolderSizeSvc.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'FlipShareService.exe' - '58' Module(s) have been scanned
Scan process 'cvpnd.exe' - '41' Module(s) have been scanned
Scan process 'CTsvcCDA.exe' - '9' Module(s) have been scanned
Scan process 'btwdins.exe' - '26' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '16' Module(s) have been scanned
Scan process 'spoolsv.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1301' files ).


Starting the file scan:

Begin scan in 'C:\' <GabrielHD>
C:\Documents and Settings\Gabriel Cardona\Local Settings\Temp\ms0cfg32.exe
[0] Archive type: NSIS
--> ProgramFilesDir/msCommonSched.dll
[DETECTION] Is the TR/Kazy.43653.58 Trojan
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\eicar.com.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\eicar_com.zip
[0] Archive type: ZIP
--> eicar.com
[DETECTION] Contains code of the Eicar-Test-Signature virus
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\FlipVideoUpdater.exe
[0] Archive type: NSIS
--> ProgramFilesDir/Windows 3ivx Installer.exe
[1] Archive type: NSIS
--> ProgramFilesDir/3ivx_dec.dll
[DETECTION] Is the TR/Fake.Smoke.159 Trojan
--> ProgramFilesDir/3ivxVfWCodec_dec.dll
[DETECTION] Is the TR/Fake.Smoke.138 Trojan
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\WebPage.exe
[0] Archive type: Inno Setup
--> {tmp}\__ToolbarBrowser.exe
[DETECTION] Is the TR/Agent.ugp.1 Trojan
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0169651.exe
[0] Archive type: NSIS
--> ProgramFilesDir/3ivx_dec.dll
[DETECTION] Is the TR/Fake.Smoke.159 Trojan
--> ProgramFilesDir/3ivxVfWCodec_dec.dll
[DETECTION] Is the TR/Fake.Smoke.138 Trojan
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0208540.dll
[DETECTION] Is the TR/Fake.Smoke.159 Trojan

Beginning disinfection:
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0208540.dll
[DETECTION] Is the TR/Fake.Smoke.159 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4cba0ec0.qua'.
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0169651.exe
[DETECTION] Is the TR/Fake.Smoke.138 Trojan
[NOTE] The file was moved to the quarantine directory under the name '542c2167.qua'.
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\WebPage.exe
[DETECTION] Is the TR/Agent.ugp.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '07a27b54.qua'.
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\FlipVideoUpdater.exe
[DETECTION] Is the TR/Fake.Smoke.138 Trojan
[NOTE] The file was moved to the quarantine directory under the name '618c3489.qua'.
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\eicar_com.zip
[DETECTION] Contains code of the Eicar-Test-Signature virus
[NOTE] The file was moved to the quarantine directory under the name '24121984.qua'.
C:\Documents and Settings\Gabriel Cardona\My Documents\Downloads\eicar.com.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
[NOTE] The file was moved to the quarantine directory under the name '5b092be5.qua'.
C:\Documents and Settings\Gabriel Cardona\Local Settings\Temp\ms0cfg32.exe
[DETECTION] Is the TR/Kazy.43653.41 Trojan
[NOTE] The file was moved to the quarantine directory under the name '166c07a5.qua'.


End of the scan: Saturday, November 19, 2011 07:08
Used time: 5:29:10 Hour(s)

The scan has been done completely.

28440 Scanned directories
1478849 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1478839 Files not concerned
21294 Archives were scanned
0 Warnings
8 Notes
597067 Objects were scanned with rootkit scan
1 Hidden objects were found

Let me know what I should do next.


Thanks
hayden52 is offline  
Old 11-19-2011, 10:16 AM   #14
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Glad to hear you where able to get it able to boot again.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
Clark76 is offline  
Old 11-19-2011, 03:13 PM   #15
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Here is the log for aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-19 17:14:35
-----------------------------
17:14:35.437 OS Version: Windows 5.1.2600 Service Pack 3
17:14:35.437 Number of processors: 1 586 0x801
17:14:35.437 ComputerName: GABRIEL UserName:
17:14:36.140 Initialize success
17:14:50.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:14:50.312 Disk 0 Vendor: WDC_WD2000BB-14GUC0 21.02J21 Size: 190782MB BusType: 3
17:14:50.328 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000093
17:14:50.328 Disk 1 Vendor: Size: 488MB BusType: 0
17:14:52.375 Disk 0 MBR read successfully
17:14:52.375 Disk 0 MBR scan
17:14:52.375 Disk 0 Windows XP default MBR code
17:14:52.375 Disk 0 scanning sectors +390716865
17:14:52.468 Disk 0 scanning C:\WIN98\system32\drivers
17:15:21.437 Service scanning
17:15:23.359 Modules scanning
17:15:34.046 Disk 0 trace - called modules:
17:15:34.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:15:34.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a813ab8]
17:15:34.437 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000084[0x8a87d2a0]
17:15:34.437 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a82c940]
17:15:34.437 Scan finished successfully
17:15:59.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gabriel Cardona\Desktop\MBR.dat"
17:15:59.343 The log file has been saved successfully to "C:\Documents and Settings\Gabriel Cardona\Desktop\aswMBR.txt"
Attached Files
File Type: zip MBR.zip (499 Bytes, 23 views)
hayden52 is offline  
Old 11-19-2011, 05:16 PM   #16
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



We are going to use ComboFix.exe next. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.
Clark76 is offline  
Old 11-19-2011, 07:08 PM   #17
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Here's the combofix log:

ComboFix 11-11-19.04 - Gabriel Cardona 11/19/2011 2050.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1685 [GMT -6:00]
Running from: c:\documents and settings\Gabriel Cardona\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
c:\documents and settings\Gabriel Cardona\WINDOWS
C:\DSCN0190.JPG
c:\win98\CSC\d6
c:\win98\dasetup.log
c:\win98\system32\Cache
c:\win98\system32\PowerToyReadme.htm
c:\win98\system32\regobj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-09 03:13 . 2011-11-19 03:20 -------- d-----w- c:\documents and settings\Gabriel Cardona\Local Settings\Application Data\AcroMain64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 01:12 . 2011-08-16 01:12 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-11-09 02:48 . 2011-07-02 22:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-13 14:02 . 2011-08-13 14:02 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\win98\ERDNT\cache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\win98\SYSTEM32\dllcache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\win98\SYSTEM32\DRIVERS\beep.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\win98\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\win98\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\win98\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB930916$\ntfs.sys
[-] 2001-08-23 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ315403$\ntfs.sys
.
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\win98\ERDNT\cache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\win98\SYSTEM32\dllcache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\win98\SYSTEM32\DRIVERS\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\win98\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\win98\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\win98\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\win98\SYSTEM32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\win98\SYSTEM32\DRIVERS\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\win98\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\win98\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\win98\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\win98\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\win98\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\win98\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\win98\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\win98\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\win98\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\win98\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\browser.dll
[-] 2004-03-30 . 34B4B8B9BC07449E9B340C93C468F92A . 48640 . . [5.1.2600.105] . . c:\win98\$NtUninstallKB841873$\browser.dll
[-] 2001-08-23 . 1C9CDCAD17F23BB7206451802307C529 . 49152 . . [5.1.2600.0] . . c:\win98\$NtUninstallKB835732$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\win98\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\win98\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB905414$\netman.dll
.
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\win98\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\win98\SYSTEM32\comres.dll
[7] 2004-08-04 08:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\win98\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\win98\ERDNT\cache\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\win98\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\win98\SYSTEM32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\win98\SYSTEM32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\win98\$NtServicePackUninstall$\qmgr.dll
[7] 2002-01-22 . 9507281D9AFD440F0DA09BE6B7093C43 . 179712 . . [6.0.2600.27] . . c:\win98\$NtUninstallKB842773$\qmgr.dll
[-] 2001-08-23 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . c:\win98\$NtUninstallQ314862$\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\win98\ERDNT\cache\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\win98\SYSTEM32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\win98\SYSTEM32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\win98\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\win98\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\win98\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\win98\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\win98\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\win98\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\win98\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB873333$\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\win98\$xpsp1hfm$\KB828741\rpcss.dll
[-] 2003-08-25 . D6755C39AE02ECDA111156401EC62022 . 204288 . . [5.1.2600.118] . . c:\win98\$NtUninstallKB828741$\rpcss.dll
[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\win98\$xpsp1hfm$\KB824146\rpcss.dll
[-] 2003-07-05 . 32DA962BB6ECDC219809DAB25FEF967C . 203264 . . [5.1.2600.115] . . c:\win98\$NtUninstallKB824146$\rpcss.dll
[-] 2003-07-05 . CB95493F46B8113362D8925AD6A5A4FA . 202752 . . [5.1.2600.1243] . . c:\win98\$xpsp1hfm$\KB823980\rpcss.dll
[-] 2001-08-23 . 3F1C4DC5F03535E544996968DD225837 . 259072 . . [5.1.2600.0] . . c:\win98\$NtUninstallKB823980$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\win98\ERDNT\cache\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\win98\SYSTEM32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\win98\SYSTEM32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\win98\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\win98\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\win98\ERDNT\cache\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\win98\SYSTEM32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\win98\SYSTEM32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\win98\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\win98\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB896423$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\win98\ERDNT\cache\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\win98\SYSTEM32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\win98\SYSTEM32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\win98\ServicePackFiles\i386\wuauclt.exe
[7] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\win98\$NtServicePackUninstall$\wuauclt.exe
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\win98\ERDNT\cache\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\win98\SYSTEM32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\win98\SYSTEM32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\win98\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\win98\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\win98\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\win98\$NtUninstallKB923191$\comctl32.dll
[-] 2004-04-16 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\win98\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll
[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 1998-05-18 15:52 . 7B0DAACACD98548A43BC286EE408C5E8 . 458752 . . [4.72.3110.1] . . c:\win98\SYSTEM\COMCTL32.DLL
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\win98\$NtServicePackUninstall$\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\win98\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\win98\ERDNT\cache\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\win98\SYSTEM32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\win98\SYSTEM32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\win98\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\win98\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\win98\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\win98\ServicePackFiles\i386\es.dll
[-] 2005-07-26 05:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\win98\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 05:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\win98\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 08:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\win98\$NtUninstallKB902400$\es.dll
[-] 2004-03-06 03:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\win98\$xpsp1hfm$\KB828741\es.dll
[-] 2001-08-23 14:00 . F5963768CFD62FDB926FDB588EE69315 . 224768 . . [2001.12.4414.42] . . c:\win98\$NtUninstallKB828741$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\win98\ERDNT\cache\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\win98\SYSTEM32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\win98\SYSTEM32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\win98\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\win98\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\win98\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\win98\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\win98\$NtUninstallKB935839$\kernel32.dll
[7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB917422$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\win98\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\win98\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB900725$\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\lpk.dll
.
[7] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\win98\ERDNT\cache\mshtml.dll
[7] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\win98\SYSTEM32\mshtml.dll
[7] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\win98\SYSTEM32\dllcache\mshtml.dll
[7] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\win98\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[7] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\win98\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[7] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\win98\ie8updates\KB2360131-IE8\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\win98\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\win98\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\win98\ie8updates\KB982381-IE8\mshtml.dll
[7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\win98\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\win98\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\win98\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\win98\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\win98\ie8updates\KB978207-IE8\mshtml.dll
.
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\win98\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\win98\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\win98\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\win98\SYSTEM32\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\win98\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\win98\$NtServicePackUninstall$\msvcrt.dll
[-] 2001-10-10 03:43 . 0B9C183D1565B48FA6E5D1D3D4B86BCC . 266293 . . [6.00.8397.0] . . c:\win98\Vbox\Installers\Symantec_Norton AntiVirus 2001_7.0_en-us\Nav9xME\MSVCRT.DLL
[7] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\win98\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\win98\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\win98\ERDNT\cache\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\win98\SYSTEM32\mswsock.dll
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\win98\SYSTEM32\dllcache\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\win98\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\win98\$NtServicePackUninstall$\mswsock.dll
[7] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\win98\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB951748_0$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\win98\ERDNT\cache\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\win98\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\win98\SYSTEM32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\win98\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\win98\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\win98\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB893756$\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\win98\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\win98\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\win98\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\win98\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB890859$\user32.dll
[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\win98\$xpsp1hfm$\KB824141\user32.dll
[-] 2002-11-22 . 1BD18B332A07FD10BF0322C352A78078 . 528896 . . [5.1.2600.104] . . c:\win98\$NtUninstallKB824141$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\win98\$xpsp1hfm$\Q328310\user32.dll
[-] 2001-08-23 . BE57A5C3ABD240514B98F6BCA872FB21 . 561152 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ328310$\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\userinit.exe
.
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\win98\ERDNT\cache\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\win98\SYSTEM32\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\win98\SYSTEM32\dllcache\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\win98\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\win98\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[7] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\win98\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\win98\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\win98\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\win98\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\win98\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\win98\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\win98\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\win98\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\win98\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\win98\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\win98\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\win98\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\win98\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\win98\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\win98\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\win98\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\win98\ie8\wininet.dll
[7] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\win98\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\win98\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\win98\$NtUninstallKB963027$\wininet.dll
[7] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\win98\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\win98\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . c:\win98\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 . 9EEA04BC4C3FA521D256D89940FAB4DB . 659456 . . [6.00.2900.3395] . . c:\win98\$NtServicePackUninstall$\wininet.dll
[7] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\win98\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\win98\$NtUninstallKB956390$\wininet.dll
[7] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\win98\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-04-21 . 1EFB8A3EA8454AEC1BB8A240A2845598 . 659456 . . [6.00.2900.3354] . . c:\win98\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\win98\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\win98\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\win98\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\win98\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\win98\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\win98\ServicePackFiles\i386\wininet.dll
[-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . c:\win98\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-02-16 . 0C690E77C0E924C45B4D7045B182FFF1 . 659456 . . [6.00.2900.3314] . . c:\win98\$NtUninstallKB950759_0$\wininet.dll
[-] 2007-12-07 . 57D1B5150CF6331FAC6B3E04C1FCB966 . 659456 . . [6.00.2900.3268] . . c:\win98\$NtUninstallKB947864$\wininet.dll
[-] 2007-12-07 . 085A7C37F9C6EDE1BA870B7DBEC06399 . 666112 . . [6.00.2900.3268] . . c:\win98\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2007-10-11 . 2005AD86A22AEE68E21EE59F9CCB77F2 . 659456 . . [6.00.2900.3231] . . c:\win98\$NtUninstallKB944533$\wininet.dll
[-] 2007-10-11 . 80D660A49E0D118144423099B2A9F5DA . 666112 . . [6.00.2900.3231] . . c:\win98\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-08-22 . 1901AD51DA8BE9F8B38D5D526E5D1788 . 658944 . . [6.00.2900.3199] . . c:\win98\$NtUninstallKB942615$\wininet.dll
[-] 2007-08-22 . A1BC17EB3758D73C3938B2318820F5B4 . 665600 . . [6.00.2900.3199] . . c:\win98\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-06-26 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164] . . c:\win98\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-06-26 . 184E47C8F7B331025E6DC92740DB188F . 658944 . . [6.00.2900.3164] . . c:\win98\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\win98\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\win98\$NtUninstallKB937143$\wininet.dll
[-] 2007-02-20 . B258C922D22DEEC880B60720531D7627 . 665600 . . [6.00.2900.3086] . . c:\win98\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-02-20 . 30D1C47E40EFBB792FF8D3C3B51CE507 . 658944 . . [6.00.2900.3086] . . c:\win98\$NtUninstallKB933566$\wininet.dll
[-] 2007-01-04 . 3FFA1573FC274E5AA7467D03941C45EE . 665088 . . [6.00.2900.3059] . . c:\win98\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-01-04 . 8C393DF5234CBCBFF1EE31902D6B40AE . 658944 . . [6.00.2900.3059] . . c:\win98\$NtUninstallKB931768$\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\win98\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 6B2735ADFF5A5D3B9130CA4A794722F0 . 658944 . . [6.00.2900.3020] . . c:\win98\$NtUninstallKB928090$\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\win98\$NtUninstallKB925454$\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\win98\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\win98\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\win98\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\win98\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\win98\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\win98\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\win98\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\win98\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\win98\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-03 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\win98\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-03 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\win98\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\win98\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\win98\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-02 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\win98\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-05-02 . 1A078AF3F85D10BA56444C23B3A18E74 . 657920 . . [6.00.2900.2668] . . c:\win98\$NtUninstallKB896727$\wininet.dll
[-] 2005-03-10 . 6F018D6319BE4F96426EA829B79E05D5 . 656896 . . [6.00.2900.2627] . . c:\win98\$NtUninstallKB883939$\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\win98\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . c:\win98\$NtUninstallKB890923$\wininet.dll
[-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\win98\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . c:\win98\$NtUninstallKB867282$\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\win98\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\win98\$NtUninstallKB834707$\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\win98\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\win98\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\win98\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\win98\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\win98\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\win98\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\win98\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\win98\ERDNT\cache\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\win98\SYSTEM32\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\win98\SYSTEM32\dllcache\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\win98\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\win98\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\win98\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\win98\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\win98\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\win98\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\win98\$hf_mig$\KB873333\SP2QFE\ole32.dll
[7] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB873333$\ole32.dll
[-] 2004-03-06 . D651E85D49FE38C8B98A62ED1392FF40 . 1183744 . . [5.1.2600.1362] . . c:\win98\$xpsp1hfm$\KB828741\ole32.dll
[-] 2003-08-25 . FF0AEB337C4991C866DD805758AB1B4F . 1093632 . . [5.1.2600.118] . . c:\win98\$NtUninstallKB828741$\ole32.dll
[-] 2003-08-25 . FFAAAB74B30B2E22738E0D54E9F2B048 . 1172992 . . [5.1.2600.1263] . . c:\win98\$xpsp1hfm$\KB824146\ole32.dll
[-] 2003-07-05 . 5F0F174798A8A6C1CE90FFBD4C5B953D . 1092096 . . [5.1.2600.115] . . c:\win98\$NtUninstallKB824146$\ole32.dll
[-] 2003-07-05 . 510CEB482636B4A9EED6F2DA3444AEB1 . 1120256 . . [5.1.2600.1243] . . c:\win98\$xpsp1hfm$\KB823980\ole32.dll
[-] 2001-08-23 . 88685B60DBC9997F2A29F1F691170FD1 . 1141248 . . [5.1.2600.0] . . c:\win98\$NtUninstallKB823980$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\win98\SYSTEM32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\win98\SYSTEM32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\win98\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\win98\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\win98\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\win98\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\win98\SYSTEM32\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\win98\SYSTEM32\dllcache\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\win98\ServicePackFiles\i386\ksuser.dll
[7] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\win98\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\win98\ERDNT\cache\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\win98\ServicePackFiles\i386\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\win98\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\win98\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\win98\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\win98\$NtUninstallKB928255$\shsvcs.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-23 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ309521$\sfcfiles.dll
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\win98\$hf_mig$\KB841873\SP1QFE\schedsvc.dll
[-] 2001-08-23 . F6E2095CBC14522CEACD2853620FAF4D . 158720 . . [4.71.2600.1] . . c:\win98\$NtUninstallKB841873$\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2001-08-23 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ315000$\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\termsrv.dll
[-] 2001-08-23 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ311889$\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\appmgmts.dll
[7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\appmgmts.dll
.
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\win98\ERDNT\cache\acpiec.sys
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\win98\SYSTEM32\DRIVERS\acpiec.sys
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\win98\ERDNT\cache\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\win98\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\win98\SYSTEM32\DRIVERS\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\win98\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\win98\$NtServicePackUninstall$\aec.sys
[7] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\win98\$NtUninstallKB900485$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\DRIVERS\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\win98\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\win98\ERDNT\cache\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\win98\SYSTEM32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\win98\SYSTEM32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\win98\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\win98\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\win98\$NtServicePackUninstall$\mfc40u.dll
[-] 2001-08-23 14:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\win98\$NtUninstallKB924667$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\win98\$xpsp1hfm$\KB828035\msgsvc.dll
[-] 2001-08-23 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\win98\$NtUninstallKB828035$\msgsvc.dll
.
[7] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\win98\ERDNT\cache\mspmsnsv.dll
[7] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\win98\SYSTEM32\mspmsnsv.dll
[7] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\win98\SYSTEM32\dllcache\mspmsnsv.dll
[7] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\win98\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2004-09-22 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\win98\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 08:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\win98\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2004-08-04 08:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\win98\ServicePackFiles\i386\mspmsnsv.dll
.
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\win98\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\win98\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\win98\ERDNT\cache\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\win98\SYSTEM32\ntkrnlpa.exe
[7] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\win98\SYSTEM32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\win98\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\win98\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\win98\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\win98\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\win98\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\win98\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\win98\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\win98\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\win98\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\win98\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\win98\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\win98\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\win98\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] . . c:\win98\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\win98\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\win98\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2002-12-12 . 3A3E10244C0124126D250EBCCD41E75B . 1948288 . . [5.1.2600.1150] . . c:\win98\$xpsp1hfm$\Q811493\ntkrnlpa.exe
[7] 2002-02-25 . 01FD1F7C82B263F1667A1CEA095756C5 . 1897856 . . [5.1.2600.31] . . c:\win98\$NtUninstallQ811493$\ntkrnlpa.exe
[-] 2001-08-23 . 46E2E3DCF54B819CFB2EBFE48A22B5C9 . 1896704 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ317277$\ntkrnlpa.exe
.
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\win98\ERDNT\cache\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\win98\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\win98\SYSTEM32\ntmssvc.dll
[7] 2004-08-04 08:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\win98\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\win98\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\win98\$NtServicePackUninstall$\upnphost.dll
[7] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB931261$\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\win98\ERDNT\cache\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\win98\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\win98\SYSTEM32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\win98\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\win98\ERDNT\cache\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\win98\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\win98\SYSTEM32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\win98\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\win98\ERDNT\cache\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\win98\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\win98\SYSTEM32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\win98\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\olepro32.dll
[7] 2004-08-04 08:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\version.dll
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\win98\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\win98\SYSTEM32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\win98\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\win98\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\win98\$NtServicePackUninstall$\iexplore.exe
.
[7] 2010-10-30 20:42 . E1AB298BAFC8ECCA8C322A29C5FDC68C . 912344 . . [1.9.2.12] . . c:\win98\ERDNT\cache\firefox.exe
.
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\win98\Driver Cache\i386\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\win98\ERDNT\cache\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\win98\SYSTEM32\ntoskrnl.exe
[7] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\win98\SYSTEM32\dllcache\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\win98\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\win98\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\win98\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\win98\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\win98\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\win98\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\win98\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\win98\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\win98\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\win98\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\win98\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\win98\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\win98\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\win98\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\win98\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] . . c:\win98\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\win98\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\win98\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2002-12-12 . 51EF4A22AF3E9E94E4AA9E9D7DF619DF . 1924480 . . [5.1.2600.1150] . . c:\win98\$xpsp1hfm$\Q811493\ntoskrnl.exe
[7] 2002-02-25 . 257AAFD1F77990355BB6E83650D52680 . 1875584 . . [5.1.2600.31] . . c:\win98\$NtUninstallQ811493$\ntoskrnl.exe
[-] 2001-08-23 . A29222D5281056E497408FCC9062F749 . 1982208 . . [5.1.2600.0] . . c:\win98\$NtUninstallQ317277$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\ERDNT\cache\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\win98\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\win98\$NtServicePackUninstall$\wiaservc.dll
[7] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB927802$\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\midimap.dll
[7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\win98\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\win98\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\win98\SYSTEM32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\win98\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\win98\$NtServicePackUninstall$\rasadhlp.dll
[7] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\win98\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-12 15:18 3546904 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-12 15:18 3546904 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2010-07-27 06:30 8462336 ----a-w- c:\win98\SYSTEM32\shell32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"NvCplDaemon"="c:\win98\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\win98\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-13 30192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Ellen\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - [N/A]
.
c:\documents and settings\Gabriel Cardona\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - [N/A]
Mozilla Firefox.lnk - [N/A]
WallMaster.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ws_ftp\\WS_FTP95.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\NetIQ\\Qcheck\\qcheck.exe"=
"c:\\Program Files\\Schwab\\SSPro\\SSPro.exe"=
"c:\\Program Files\\Liquid Entertainment\\War of the Ring(tm)\\Rings.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SparkCast\\SparkCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\bin\\cdsMsgServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\pcb\\bin\\productServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\bin\\cdsNameServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\pcb\\bin\\allegro.exe"=
"c:\\Program Files\\Ultra Fractal 3\\Uf3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:RSP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 fasttrak;fasttrak;c:\win98\SYSTEM32\DRIVERS\Fasttrak.sys [11/5/2005 2:38 PM 75520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 9:20 PM 136360]
R2 UMediaServer;UMediaServer;c:\program files\UnrealStreaming\UMediaServer\UMediaServer.exe [3/20/2010 11:21 PM 325584]
R3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\win98\SYSTEM32\DRIVERS\CAUSB.SYS [4/26/2003 10:17 AM 67684]
S1 AEC671X;AEC671X;c:\win98\SYSTEM32\DRIVERS\aec671x.sys [8/22/2003 6:40 PM 12128]
S1 DMX3191;DMX3191;c:\win98\SYSTEM32\DRIVERS\dmx3191.sys [8/22/2003 6:40 PM 17700]
S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\win98\SYSTEM32\DRIVERS\BridDFU.sys [1/1/2004 11:47 PM 16302]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\win98\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 UDNT;UDNT;c:\win98\SYSTEM32\DRIVERS\udnt.sys [8/22/2003 6:40 PM 76260]
S3 camvid20;Philips ToUcam Camera; Video;c:\win98\SYSTEM32\DRIVERS\camdrv21.sys [3/9/2004 12:48 PM 223232]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\GABRIE~1\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\GABRIE~1\LOCALS~1\Temp\gAGP440p.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/13/2011 7:53 AM 30192]
S3 KTPCGJ;KTPCGJ;c:\docume~1\GABRIE~1\LOCALS~1\Temp\KTPCGJ.exe --> c:\docume~1\GABRIE~1\LOCALS~1\Temp\KTPCGJ.exe [?]
S3 PSI;PSI;c:\win98\SYSTEM32\DRIVERS\psi_mf.sys [7/7/2010 8:05 AM 14904]
S3 scsiscan;SCSI Scanner Driver;c:\win98\SYSTEM32\DRIVERS\scsiscan.sys [4/26/2003 9:55 AM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\win98\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\win98\SYSTEM32\DRIVERS\XLoader.sys [9/3/2004 10:42 PM 13184]
S4 NetIQEndpoint;NetIQ Endpoint;c:\progra~1\NetIQ\Endpoint\endpoint.exe [10/9/2004 11:29 PM 708669]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-03-05 01:07 7168 ------w- c:\win98\SYSTEM32\updcrl.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = ftp=localhost:8000;gopher=localhost:8000;http=localhost:8000;https=localhost:8000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: starrynight.com\orders
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file://c:\win98\Java\classes\xmldso.cab
DPF: {E7B6AC3E-4F3F-41E2-BD03-F1772CC343E6} - hxxp://tools.wordenresearch.com/wsinstall/WordenStudioInstall.cab
FF - ProfilePath - c:\documents and settings\Gabriel Cardona\Application Data\Mozilla\Firefox\Profiles\bim59yxg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AppWebServ - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-19 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]
@DACL=(02 0000)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CLSID]
@DACL=(02 0000)
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\CurVer]
@DACL=(02 0000)
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*_*w]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="???????????"
"ReinstallString"="???\1f?\13\09"
"DeviceInstanceIds"=multi:"nf\\cx_05857.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(640)
c:\win98\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\win98\system32\ieframe.dll
c:\win98\system32\webcheck.dll
c:\win98\system32\WPDShServiceObj.dll
c:\win98\system32\btncopy.dll
c:\win98\system32\PortableDeviceTypes.dll
c:\win98\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\win98\System32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\win98\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\MozyHome\mozybackup.exe
c:\win98\system32\nvsvc32.exe
c:\program files\Promise\Utility\MsgAgt.exe
c:\program files\Promise\Utility\MsgSvr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\win98\System32\MsPMSPSv.exe
c:\win98\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\win98\system32\RUNDLL32.EXE
c:\program files\MozyHome\mozystat.exe
c:\program files\WallMaster\wallmast.exe
.
**************************************************************************
.
Completion time: 2011-11-19 20:47:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 02:47
ComboFix2.txt 2010-11-12 03:12
.
Pre-Run: 22,847,164,416 bytes free
Post-Run: 24,580,841,472 bytes free
.
- - End Of File - - F0BA7F487CBF8A3F483DAE48AAF5225C
hayden52 is offline  
Old 11-19-2011, 08:45 PM   #18
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,902
OS: XP Pro, Windows 7, Fedora



Click Start > Run and then copy and past the following into the run box:
sc stop cryptsvc then click OK

Click Start > Run and then copy and past the following into the run box:
sc start cryptsvc then click OK


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad and copy/paste the text in the codebox below into it:

Code:
https://www.techsupportforum.com/forums/f50/sporadic-google-redirect-612118-new-post.html

Collect::
c:\docume~1\GABRIE~1\LOCALS~1\Temp\KTPCGJ.exe

DDS::
Trusted Zone: starrynight.com\orders
Driver::
KTPCGJ

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]

ClearJavaCache::
Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe

If prompted to allow Combofix to update itself, please allow it to do so.

Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats and the option Scan unwanted applications are checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Please provide the following logs with your next post:

C:\ComboFix.txt
ESET Scan report

Also include an update on how your system is running
Clark76 is offline  
Old 11-20-2011, 02:57 PM   #19
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



Here is ComboFix.txt:

ComboFix 11-11-20.01 - Gabriel Cardona 11/20/2011 3:56.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2303.1726 [GMT -6:00]
Running from: c:\documents and settings\Gabriel Cardona\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gabriel Cardona\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\win98\CSC\d6
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KTPCGJ
-------\Service_COMSysApp
-------\Service_KTPCGJ
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-09 03:13 . 2011-11-19 03:20 -------- d-----w- c:\documents and settings\Gabriel Cardona\Local Settings\Application Data\AcroMain64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 01:12 . 2011-08-16 01:12 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-11-09 02:48 . 2011-07-02 22:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-13 14:02 . 2011-08-13 14:02 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.24.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-11 15:50 . 2011-11-20 10:16 215044 c:\win98\SYSTEM32\inetsrv\MetaBase.bin
+ 2011-11-20 10:17 . 2011-11-20 10:17 425984 c:\win98\ERDNT\AutoBackup\11-20-2011\Users\00000002\UsrClass.dat
+ 2011-11-20 10:17 . 2005-10-20 17:02 163328 c:\win98\ERDNT\AutoBackup\11-20-2011\ERDNT.EXE
+ 2011-11-20 10:17 . 2011-11-20 10:17 10960896 c:\win98\ERDNT\AutoBackup\11-20-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-09-12 15:18 3546904 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-09-12 15:18 3546904 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2010-07-27 06:30 8462336 ----a-w- c:\win98\SYSTEM32\shell32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"NvCplDaemon"="c:\win98\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\win98\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-13 30192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Ellen\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - [N/A]
.
c:\documents and settings\Gabriel Cardona\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - [N/A]
Mozilla Firefox.lnk - [N/A]
WallMaster.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ws_ftp\\WS_FTP95.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\NetIQ\\Qcheck\\qcheck.exe"=
"c:\\Program Files\\Schwab\\SSPro\\SSPro.exe"=
"c:\\Program Files\\Liquid Entertainment\\War of the Ring(tm)\\Rings.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SparkCast\\SparkCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\bin\\cdsMsgServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\pcb\\bin\\productServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\bin\\cdsNameServer.exe"=
"c:\\Cadence\\SPB_16.3\\tools\\pcb\\bin\\allegro.exe"=
"c:\\Program Files\\Ultra Fractal 3\\Uf3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:RSP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 fasttrak;fasttrak;c:\win98\SYSTEM32\DRIVERS\Fasttrak.sys [11/5/2005 2:38 PM 75520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 9:20 PM 136360]
R2 UMediaServer;UMediaServer;c:\program files\UnrealStreaming\UMediaServer\UMediaServer.exe [3/20/2010 11:21 PM 325584]
R3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\win98\SYSTEM32\DRIVERS\CAUSB.SYS [4/26/2003 10:17 AM 67684]
S1 AEC671X;AEC671X;c:\win98\SYSTEM32\DRIVERS\aec671x.sys [8/22/2003 6:40 PM 12128]
S1 DMX3191;DMX3191;c:\win98\SYSTEM32\DRIVERS\dmx3191.sys [8/22/2003 6:40 PM 17700]
S2 BridDfu;LINKSYS WAP11 USB Device Driver;c:\win98\SYSTEM32\DRIVERS\BridDFU.sys [1/1/2004 11:47 PM 16302]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\win98\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 UDNT;UDNT;c:\win98\SYSTEM32\DRIVERS\udnt.sys [8/22/2003 6:40 PM 76260]
S3 camvid20;Philips ToUcam Camera; Video;c:\win98\SYSTEM32\DRIVERS\camdrv21.sys [3/9/2004 12:48 PM 223232]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\GABRIE~1\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\GABRIE~1\LOCALS~1\Temp\gAGP440p.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/13/2011 7:53 AM 30192]
S3 PSI;PSI;c:\win98\SYSTEM32\DRIVERS\psi_mf.sys [7/7/2010 8:05 AM 14904]
S3 scsiscan;SCSI Scanner Driver;c:\win98\SYSTEM32\DRIVERS\scsiscan.sys [4/26/2003 9:55 AM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\win98\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\win98\SYSTEM32\DRIVERS\XLoader.sys [9/3/2004 10:42 PM 13184]
S4 NetIQEndpoint;NetIQ Endpoint;c:\progra~1\NetIQ\Endpoint\endpoint.exe [10/9/2004 11:29 PM 708669]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 09:32 128512 ----a-w- c:\win98\SYSTEM32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-03-05 01:07 7168 ------w- c:\win98\SYSTEM32\updcrl.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = ftp=localhost:8000;gopher=localhost:8000;http=localhost:8000;https=localhost:8000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file://c:\win98\Java\classes\xmldso.cab
DPF: {E7B6AC3E-4F3F-41E2-BD03-F1772CC343E6} - hxxp://tools.wordenresearch.com/wsinstall/WordenStudioInstall.cab
FF - ProfilePath - c:\documents and settings\Gabriel Cardona\Application Data\Mozilla\Firefox\Profiles\bim59yxg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-20 04:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*_*w]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="???????????"
"ReinstallString"="???\1f?\13\09"
"DeviceInstanceIds"=multi:"nf\\cx_05857.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(7596)
c:\win98\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\win98\system32\ieframe.dll
c:\win98\system32\webcheck.dll
c:\win98\system32\WPDShServiceObj.dll
c:\win98\system32\btncopy.dll
c:\win98\system32\PortableDeviceTypes.dll
c:\win98\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\win98\System32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\win98\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\MozyHome\mozybackup.exe
c:\win98\system32\nvsvc32.exe
c:\program files\Promise\Utility\MsgAgt.exe
c:\program files\Promise\Utility\MsgSvr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\win98\System32\MsPMSPSv.exe
c:\win98\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\win98\system32\RUNDLL32.EXE
c:\program files\MozyHome\mozystat.exe
c:\program files\WallMaster\wallmast.exe
.
**************************************************************************
.
Completion time: 2011-11-20 04:28:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 10:27
ComboFix2.txt 2011-11-20 02:47
ComboFix3.txt 2010-11-12 03:12
.
Pre-Run: 24,688,132,096 bytes free
Post-Run: 24,688,480,256 bytes free
.
- - End Of File - - 08DA295013542CD8E013F421635827D9

Here is ESET Scan Report:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01e1baf4d7b92b49bb197bbf2dfd85d5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-20 05:16:55
# local_time=2011-11-20 11:16:55 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 34149419 34149419 0 0
# compatibility_mode=1797 16775141 100 93 0 58216881 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 13 190483181 315090410 0 0
# scanned=396541
# found=2
# cleaned=2
# scan_time=13882
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0137636.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4312D2EB-02E5-4C4E-AFD3-2C6BC285EB38}\RP911\A0173335.dll Win32/Adware.Aureate application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

The system seems to be OK, though I haven't done many Google searches to see if the re-direct is gone.

Thanks
hayden52 is offline  
Old 11-20-2011, 03:46 PM   #20
Registered Member
 
Join Date: Nov 2010
Posts: 32
OS: Windows XP SP3



I did some Google searches, and the re-direct seems to be gone. Before, I would get re-directed at least 1 out of 5 times, now I tested it 20 or so times with no re-direct.

Thanks
hayden52 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google building Postini features into Apps
Google has started to move email security features from its Postini service into Google Apps, so that IT administrators who use both products don't have to toggle back and forth. "Today, we're excited to announce our first step in creating a unified Google Apps experience by moving some Postini...
Glaswegian Computer Security News 0 07-18-2011 01:12 PM
Google Redirect Virus
For about a week now, whenever I search something on Google, the links take me to adverts. I cannot open Windows Action Center and my internet seems to be running slower. I believe I have the Google Redirect virus, and when I ran a full scan using McAfee, it said "1 viruses and spyware...
BethSowray Resolved HJT Threads 9 07-10-2011 02:00 PM
Google Redirect
Hi everyone! Last week my computer had bluescreened and it had the Critical Disk Error virus which I was able to remove using rkill & Malware, but now it seems that I am having the Google Redirect problem. Not sure if these two are related, but wanted to include that in there in case it was. ...
irenekau Resolved HJT Threads 1 06-14-2011 01:06 PM
Google and other search engine result redirect.
The virus seems to be attacking when I click on any search results and sends me to a whole other page. It happens intermittently. Also, its happening with yahoo search engine too. As a first step I run HJT. below is a log. Please help! Thank you. Logfile of Trend Micro HijackThis v2.0.4
lancasterguy Resolved HJT Threads 13 04-03-2011 10:51 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:58 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts