Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 39

Thread: Win32:Evo-gen virus?

  1. 2014-03-07, 04:25 #11
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Default

    here's are the log from the online scanner

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png Win32/Conficker.X worm
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01 a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
    C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\FRST\Quarantine\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}05-03-2014_09-02-01\temp.zip a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\Program Files\iplay_en\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
    C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\Program Files\iplay_en\uninstall.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
  2. 2014-03-07, 12:27 #12
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll
    C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe
    C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.
    C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll
    C:\Program Files\iplay_en\uninstall.exe
    Reboot:
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    please post the log.

    Did this help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  3. 2014-03-08, 05:52 #13
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Question

    thank you for such a speedy respond
    here are the log (fixlog.txt)

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 01
    Ran by User at 2014-03-08 12:38:59 Run:2
    Running from C:\Documents and Settings\User\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll
    C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe
    C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.
    C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll
    C:\Program Files\iplay_en\uninstall.exe
    Reboot:
    end
    *****************

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\31AHJ45N\czkbby[1].png => Moved successfully.
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbar.dll => Moved successfully.
    C:\Documents and Settings\User\Application Data\iplay_en\encyclopediabritannicagamesbarX.dll => Moved successfully.
    "C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Cache\A\7A\AF0E8d01C:\Program Files\iplay_en\dtuser.exe" => File/Directory not found.
    "C:\Program Files\iplay_en\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom." => File/Directory not found.
    C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll => Moved successfully.
    C:\Program Files\iplay_en\uninstall.exe => Moved successfully.


    The system needed a reboot.

    ==== End of Fixlog ====

    I'm not sure if it helps, but my Avast still say a rootkit is found
    goes by the name "SVC:jcjymt > C:\WINDOWS\...\lvuwppj.dll" Wing32:Evo-gen[Susp] and ask me what action I should take.
  4. 2014-03-08, 13:14 #14
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    the file path wasn't complete. We'll have to do some digging around.

    Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

    How to use ComboFix

    Download ComboFix from here:
    Link 1
    Link 2
    Link 3

    Place ComboFix.exe on your Desktop <--Important
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
      Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
      ---------------------------------------------------------------------------------------------
    • If there are Internet issues after running ComboFix:
      Internet Explorer:
      Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
      Firefox:
      Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
      Chrome:
      Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
      Safari
      Launch Safari
      Go to general settings menu
      Then in Preferences/ Advanced
      Then on line click Proxies change settings ...
      Click Internet Options, then click the Connections tab, click Network Settings.
      Disable option (uncheck) for the use of proxy server ...
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  5. 2014-03-10, 02:47 #15
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Default

    sorry for the late reply
    here's the log from combofix

    ComboFix 14-03-05.01 - User 10/03/2014 9:28.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1051 [GMT 8:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-10 to 2014-03-10 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
    2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
    2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
    2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
    2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
    2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
    2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
    2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
    2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
    .
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    .
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
    .
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
    [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    .
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
    [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
    .
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
    [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    .
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
    [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
    .
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
    [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
    .
    [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
    [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
    [-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
    [-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
    [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
    .
    [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
    [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
    [-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
    [-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
    .
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
    [-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    .
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
    [-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
    .
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
    [-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
    .
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
    [-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
    [-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
    .
    [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
    .
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
    .
    [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
    .
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
    .
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
    [-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
    .
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
    [-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="d:\working\Work\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
    IME file REG_SZ CSBIG5P.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
    Ime File REG_SZ SOGOUPY.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
    IME file REG_SZ CSGBP.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
    2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
    "c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Vuze\\Azureus.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9440:TCP"= 9440:TCP:urzhc
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
    R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
    S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    yttdynkza
    jcjymt
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
    .
    2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    2014-03-10 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
    .
    2014-03-10 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
    .
    2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-09 c:\windows\Tasks\Norton Security Scan for User.job
    - c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
    .
    2014-03-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-03-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
    .
    2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
    .
    2014-03-10 c:\windows\Tasks\SogouImeMgr.job
    - c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
    DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    MSConfigStartUp-SearchEngineProtection - c:\program files\GamesBar\update\SearchEngineProtection.exe
    AddRemove-iplay_en - c:\program files\iplay_en\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-03-10 09:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jcjymt]
    "ServiceDll"="c:\windows\system32\lvuwppj.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2014-03-10 09:33:39
    ComboFix-quarantined-files.txt 2014-03-10 01:33
    .
    Pre-Run: 59,437,510,656 bytes free
    Post-Run: 59,591,168,000 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - D75379644FA3CCF4778264AEAA7107B3
    8F558EB6672622401DA993E1E865C861
  6. 2014-03-10, 13:31 #16
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Not much showing here but can remove a little.
    Got to get service pack on this machine or it will in time become unusable.


    Please go to one of the below sites to scan the following files:
    Virus Total (Recommended)
    jotti.org
    VirScan
    click on Browse, and upload the following file for analysis:

    C:\WINDOWS\System32\c:\windows\system32\lvuwppj.dll


    Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
    If it says already scanned -- click "reanalyze now"
    Please post the results in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.

    ~~~~~~~~~~~~~~~~~~~~~

    Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

    Driver::
    yttdynkza
    jcjymt
    NetSvc::
    yttdynkza
    jcjymt
    ClearJavaCache::

    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.


    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If there are internet issues afterward:

    *In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  7. 2014-03-11, 03:00 #17
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Default

    hmm the online scanner doesnt seems to be able to read the file.

    Virus Total seems to be stuck as "computing hash" phrase
    jotti.org progress bar doesn't even show anything
    VirScan however gave me "ERROR: Failed to find flength file!"


    I then proceed with the Defogger
    here are the Defogger log
    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 09:38 on 11/03/2014 (User)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.
    HKCU:DAEMON Tools Lite -> Removed

    Checking for services/drivers...
    SPTD -> Disabled (Service running -> reboot required)


    -=E.O.F=-

    Here are the Combofix with the scrips

    ComboFix 14-03-05.01 - User 11/03/2014 9:46.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1365 [GMT 8:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-11 00:24 . 2012-06-02 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
    2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
    2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
    2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
    2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
    2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
    2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
    2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
    2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
    2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
    .
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    .
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    .
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
    .
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
    [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    .
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
    [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
    .
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
    [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    .
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
    [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
    .
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
    [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
    .
    [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
    [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
    [-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
    [-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
    [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
    .
    [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
    [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
    [-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
    [-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
    .
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
    [-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    .
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
    [-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
    .
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
    [-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
    .
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
    [-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
    [-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
    .
    [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
    .
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
    .
    [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
    .
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
    .
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
    [-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
    .
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
    [-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
    IME file REG_SZ CSBIG5P.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
    Ime File REG_SZ SOGOUPY.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
    IME file REG_SZ CSGBP.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
    2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
    "c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Vuze\\Azureus.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9440:TCP"= 9440:TCP:urzhc
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
    R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
    S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
    S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
    .
    2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    2014-03-11 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
    .
    2014-03-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
    .
    2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-10 c:\windows\Tasks\Norton Security Scan for User.job
    - c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
    .
    2014-03-11 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-03-11 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
    .
    2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
    .
    2014-03-11 c:\windows\Tasks\SogouImeMgr.job
    - c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
    DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-03-11 09:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jcjymt]
    "ServiceDll"="c:\windows\system32\lvuwppj.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(376)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2014-03-11 09:49:18
    ComboFix-quarantined-files.txt 2014-03-11 01:49
    ComboFix2.txt 2014-03-10 01:33
    .
    Pre-Run: 59,477,909,504 bytes free
    Post-Run: 59,478,372,352 bytes free
    .
    - - End Of File - - 81E8EC06B386ECEAA83D4C3C2806A4DB
    8F558EB6672622401DA993E1E865C861
    I do suspect the file "lvuwppj.dll" is the culprit tho,
    Avast has being asking me if i were to delete it but when i check the Avast Virus Chest, it only shows an "x" instead of a file name.
  8. 2014-03-11, 12:26 #18
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Thank you for the logs.

    Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    KillAll::
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9440:TCP"=-
    Driver::
    jcjymt
    Rootkit::
    c:\windows\system32\lvuwppj.dll
    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.



    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If there are internet issues afterward:

    *In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Please post this log when finished.


    Your CryptoServices may not be running or it might be you will need to install a Service pack on this machine.

    Please navigate your browser to this page:
    http://support.microsoft.com/kb/822798

    Scroll about half way down, and press the "Fixit" button. Download and run the Fixit repair.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  9. 2014-03-12, 02:41 #19
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Default

    thank you for such a speedy reply
    here are the log from ComboFix



    I had also visit the Fixit place, and also found out my Windows version are Windows XP Service Pack 3 from the look of my System in the Control Panel. I wonder does this help?

    ComboFix 14-03-05.01 - User 12/03/2014 8:44.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1342 [GMT 8:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-12 to 2014-03-12 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-11 00:24 . 2012-06-02 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
    2014-03-07 02:22 . 2014-03-07 02:22 -------- d-----w- c:\program files\ESET
    2014-03-05 02:13 . 2014-03-05 02:13 -------- d-----w- c:\windows\ERUNT
    2014-03-05 01:33 . 2014-03-05 02:09 -------- d-----w- C:\AdwCleaner
    2014-03-04 01:29 . 2014-03-08 04:38 -------- d-----w- C:\FRST
    2014-03-03 05:59 . 2014-03-03 05:59 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skype
    2014-03-03 02:28 . 2014-03-03 02:28 -------- d-----w- c:\program files\Common Files\Skype
    2014-03-03 01:58 . 2014-03-03 01:58 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-03-03 01:57 . 2014-03-03 01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-03-03 01:57 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-01 02:32 . 2014-03-01 02:32 -------- d-----w- c:\program files\ERUNT
    2014-02-14 05:22 . 2014-02-14 05:37 -------- d-----w- c:\documents and settings\User\Application Data\.StarMade
    2014-02-13 06:07 . 2014-02-13 06:07 -------- d-----w- c:\program files\McAfee Security Scan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-21 04:35 . 2013-12-16 05:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-21 04:35 . 2011-12-30 02:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-05 23:59 . 2014-01-07 06:31 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2014-01-24 00:44 . 2014-01-07 06:31 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-01-24 00:44 . 2014-01-07 06:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-24 00:44 . 2014-01-07 06:31 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-01-24 00:44 . 2014-01-07 06:31 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2014-01-24 00:44 . 2014-01-07 06:31 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-24 00:44 . 2014-01-07 06:31 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-22 07:50 . 2014-01-22 07:31 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
    2014-01-07 06:31 . 2014-01-07 06:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-07 06:31 . 2014-01-07 06:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-16 05:31 . 2009-12-05 14:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-12-16 05:31 . 2009-12-05 14:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    .
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
    .
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    .
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
    .
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    .
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    .
    [-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3gdr\browser.dll
    [-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3qfe\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
    .
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
    .
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
    .
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2006-02-28 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
    .
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
    .
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
    [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    .
    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
    [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
    .
    [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3qfe\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\sp3gdr\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
    [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
    .
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\comctl32.dll
    [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    .
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
    .
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
    [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
    .
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
    .
    [-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\sp3gdr\kernel32.dll
    [-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f\sp3qfe\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
    [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    .
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    .
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
    .
    [-] 2014-02-05 . 516E371CC348141277A73EB9D3C25951 . 6021120 . . [8.00.6001.23562] . . c:\windows\SoftwareDistribution\Download\907b0b79dc3a251ab2313dc5216daff8\SP3QFE\mshtml.dll
    [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie8\mshtml.dll
    [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
    [-] 2006-02-28 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\ie7\mshtml.dll
    [-] 2006-02-20 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll
    .
    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
    .
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\mswsock.dll
    [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
    [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    .
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
    .
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
    .
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
    .
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
    .
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
    .
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    .
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
    .
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
    .
    [-] 2014-02-05 . E09551776D365BCA891BBFFB31EE4B4C . 920064 . . [8.00.6001.23562] . . c:\windows\SoftwareDistribution\Download\907b0b79dc3a251ab2313dc5216daff8\SP3QFE\wininet.dll
    [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie8\wininet.dll
    [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
    [-] 2006-02-28 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
    .
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
    .
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    .
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
    [-] 2006-02-28 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
    .
    [-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\SoftwareDistribution\Download\87a056c425c12d77e4b0efe9fe3acd91\sp3qfe\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3gdr\ole32.dll
    [-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\sp3qfe\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
    [-] 2006-02-28 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
    .
    [-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\SoftwareDistribution\Download\efc6606d13b2657017eb0460e00e68ef\sp3qfe\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
    [-] 2006-02-28 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
    .
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
    [-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
    [-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
    .
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
    .
    [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3gdr\shsvcs.dll
    [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\sp3qfe\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    .
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
    [-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
    [-] 2006-02-28 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
    .
    [-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntdll.dll
    [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntdll.dll
    [-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntdll.dll
    [-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntdll.dll
    [-] 2009-02-09 . C06986B55981B355090DD34DE809E4BB . 714752 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntdll.dll
    [-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
    [-] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\system32\ntdll.dll
    [-] 2006-02-28 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
    .
    [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\sp3gdr\msctfime.ime
    [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\sp3qfe\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
    [-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
    [-] 2006-02-28 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
    .
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    .
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
    [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
    [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
    .
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
    .
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
    .
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
    .
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    .
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2006-02-28 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
    .
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
    [-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
    .
    [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2004-08-03 14:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
    .
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
    .
    [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3QFE\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80\SP3GDR\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    .
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
    .
    [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2004-08-10 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
    .
    [-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntkrnlpa.exe
    [-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntkrnlpa.exe
    [-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntkrnlpa.exe
    [-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntkrnlpa.exe
    [-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntkrnlpa.exe
    [-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
    [-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
    [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
    [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2006-02-28 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    .
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
    .
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    .
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
    .
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
    .
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
    .
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
    .
    [-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\SoftwareDistribution\Download\c08b665da8c22012f43cbfaa106605b3\sp3qfe\ntoskrnl.exe
    [-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntoskrnl.exe
    [-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntoskrnl.exe
    [-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntoskrnl.exe
    [-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntoskrnl.exe
    [-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
    [-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
    [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
    [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
    [-] 2006-02-28 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    .
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
    .
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
    .
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    .
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
    [-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    [-] 2006-02-28 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
    .
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
    [-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
    [-] 2006-02-28 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
    .
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
    [-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
    [-] 2006-02-28 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
  10. 2014-03-12, 02:41 #20
    Trancidonia
    Trancidonia is offline
    Member
    Join Date
    Feb 2014
    Posts
    43

    Default

    continue...

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-01-24 00:44 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-24 144784]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-24 3767096]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-12-16 295512]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0220404]
    IME file REG_SZ CSBIG5P.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0230804]
    Ime File REG_SZ SOGOUPY.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
    IME file REG_SZ CSGBP.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 09:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2009-03-02 03:14 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-12-19 03:08 159744 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-12-19 03:08 135168 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImeGuardCom]
    2013-01-18 05:18 268920 ----a-w- c:\program files\SogouInput\Components\AddressSearch\1.0.0.1152\SGImeGuard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 12:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    2008-10-01 10:43 548864 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-12-19 03:07 131072 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 17:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-07-20 03:12 18670592 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-12-14 19:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-12-16 05:31 295512 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\PinyinUp.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGDownload.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\ImeUtil.exe"=
    "c:\\Program Files\\SogouInput\\6.5.0.9181\\SGTool.exe"=
    "c:\\Program Files\\SogouInput\\Components\\SogouComMgr.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "d:\\Program Files\\Vuze\\Azureus.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Illustrator CS6\\Support Files\\Contents\\Windows\\Illustrator.exe"=
    "d:\\Working\\Work\\Adobe\\Adobe Photoshop CS6\\Photoshop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [07/01/2014 2:31 PM 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [07/01/2014 2:31 PM 180248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/01/2014 2:31 PM 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/01/2014 2:31 PM 410784]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [07/01/2014 2:31 PM 67824]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/03/2014 9:57 AM 418376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/03/2014 9:57 AM 701512]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 3:19 PM 39056]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [09/01/2014 11:02 AM 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [09/01/2014 11:02 AM 1042272]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 AM 3275136]
    R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [22/01/2014 4:26 PM 531224]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/03/2014 9:57 AM 22856]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [09/01/2014 11:02 AM 171416]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 8:15 AM 172192]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2009 10:31 PM 1684736]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 2:43 AM 78136]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [22/01/2014 4:26 PM 12088]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [16/01/2014 8:39 AM 235696]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [22/01/2014 4:26 PM 76600]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [22/01/2014 4:27 PM 13112]
    S4 jcjymt;Shell Boot;c:\windows\system32\svchost.exe -k netsvcs [28/02/2006 8:00 PM 14336]
    S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-05 01:21 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 04:35]
    .
    2014-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    2014-03-12 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-07 00:44]
    .
    2014-03-12 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-09 02:57]
    .
    2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 02:48]
    .
    2014-03-11 c:\windows\Tasks\Norton Security Scan for User.job
    - c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-16 07:10]
    .
    2014-03-12 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-03-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1844237615-776561741-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 09:13]
    .
    2014-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-09 02:49]
    .
    2014-01-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-09 02:51]
    .
    2014-03-12 c:\windows\Tasks\SogouImeMgr.job
    - c:\progra~1\SOGOUI~1\SogouExe\SogouExe.exe [2013-03-11 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
    DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-03-12 08:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\progra~1\SOGOUI~1\650~1.918\SGTool.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
    c:\program files\Tablet\Wacom\Wacom_Tablet.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Tablet\Wacom\Wacom_TouchUser.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-12 08:50:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-12 00:50
    ComboFix2.txt 2014-03-11 01:49
    ComboFix3.txt 2014-03-10 01:33
    .
    Pre-Run: 58,303,565,824 bytes free
    Post-Run: 58,313,965,568 bytes free
    .
    - - End Of File - - 3148FB99755AA247C535EDAEDC9223E6
    8F558EB6672622401DA993E1E865C861
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules