Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 2003 Server with Backdoor Trojan

Started by rahanna , Sep 01 2012 12:09 PM

Please log in to reply

#121
rahanna

Posted 08 September 2012 - 11:10 AM

Member

Topic Starter
Member
96 posts

Ron,

OK ... I did all what you told me about stopping the Sens service, exporting the good Sens and merging it into the registry, then starting the Sens service again ... See attached screenshot of the Sens registry Before and After ...

Then I ran AutoRuns and for some reason some of the bad entries didn't want to delete as seen attached

I have exported the current Sens as NewSens.txt

Please find hereinafter the Junk.txt for [ tasklist /m > \junk.txt ]

As for the [ dir /a /s a.dll > \junk2.txt ] it came back with File Not found

Image Name PID Modules
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 360 ntdll.dll
csrss.exe 408 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, USER32.dll, KERNEL32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, sxs.dll
winlogon.exe 436 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, CRYPT32.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
MSASN1.dll, NDdeApi.dll, PROFMAP.dll,
NETAPI32.dll, USERENV.dll, PSAPI.DLL,
REGAPI.dll, SETUPAPI.dll, VERSION.dll,
WINSTA.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, MSGINA.dll, SHSVCS.dll,
SHLWAPI.dll, sfc.dll, sfc_os.dll,
WINTRUST.dll, imagehlp.dll, ole32.dll,
apphelp.dll, msctfime.ime, Comctl32.dll,
WINSCARD.DLL, WTSAPI32.dll, sxs.dll,
WINMM.dll, serwvdrv.dll, umdmxfrm.dll,
shell32.dll, rsaenh.dll, wsock32.dll,
iphlpapi.dll, icmp.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, WLDAP32.dll,
credui.dll, ATL.DLL, OLEAUT32.dll,
rtutils.dll, SAMLIB.dll, mswsock.dll,
NTMARTA.DLL, rasadhlp.dll, kerberos.dll,
cryptdll.dll, hnetcfg.dll, wshtcpip.dll,
NTDSAPI.DLL, DNSAPI.dll, cscdll.dll,
dimsntfy.dll, WlNotify.dll, WINSPOOL.DRV,
MPR.dll, COMCTL32.dll, UxTheme.dll,
msv1_0.dll, msacm32.drv, MSACM32.dll,
imaadp32.acm, msadp32.acm, msg711.acm,
CLBCatQ.DLL, COMRes.dll, msgsm32.acm,
tssoft32.acm, tsd32.dll, msg723.acm,
xpsp2res.dll, msaud32.acm, sl_anet.acm,
l3codeca.acm, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, msvcp60.dll,
Cabinet.dll, scredir.dll, rdpsnd.dll,
AUTHZ.dll, cryptnet.dll, SensApi.dll,
sclgntfy.dll, ES.DLL, tsappcmp.dll,
drprov.dll, SnacNp.dll, ntlanman.dll,
NETUI0.dll, NETUI1.dll, davclnt.dll,
MPRUI.dll, NETUI2.dll, comdlg32.dll,
netmsg.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, cscui.dll, tv.dll
services.exe 484 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, USERENV.dll,
SCESRV.dll, AUTHZ.dll, NETAPI32.dll,
umpnpmgr.dll, WINSTA.dll, NCObjAPI.DLL,
msvcp60.dll, IMM32.DLL, eventlog.dll,
WS2_32.dll, WS2HELP.dll, PSAPI.DLL,
wtsapi32.dll, ESENT.dll, SETUPAPI.dll,
Cabinet.dll, ole32.dll
lsass.exe 496 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, LSASRV.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
SAMSRV.dll, cryptdll.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, MSASN1.dll,
NETAPI32.dll, SAMLIB.dll, MPR.dll,
NTDSAPI.dll, WLDAP32.dll, IMM32.DLL,
msprivs.dll, kerberos.dll, msv1_0.dll,
iphlpapi.dll, PSAPI.DLL, netlogon.dll,
w32time.dll, msvcp60.dll, USERENV.dll,
AUTHZ.dll, schannel.dll, CRYPT32.dll,
wdigest.dll, rsaenh.dll, relog_ap.dll,
NTDSA.dll, NTDSATQ.dll, MSWSOCK.dll,
ESENT.dll, setupapi.dll, ntdsmsg.dll,
ws03res.dll, ntdsbsrv.dll, WSOCK32.dll,
VSSAPI.DLL, ATL.DLL, ole32.dll,
OLEAUT32.dll, KDCSVC.dll, RASSFM.dll,
scecli.dll, hnetcfg.dll, wshtcpip.dll,
pwdssp.dll, msapsspc.dll, MSVCRT40.dll,
NTDSKCC.dll, W32TOPL.dll, winrnr.dll,
netman.dll, netshell.dll, rtutils.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
CLUSAPI.dll, MPRAPI.dll, ACTIVEDS.dll,
adsldpc.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, WINMM.dll, WZCSvc.DLL, WMI.dll,
DHCPCSVC.DLL, WTSAPI32.dll, WINSTA.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WZCSAPI.DLL, comctl32.dll,
serwvdrv.dll, umdmxfrm.dll, rasadhlp.dll,
dssenh.dll, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, es.dll,
ipsecsvc.dll, oakley.DLL, WINIPSEC.DLL,
pstorsvc.dll, psbase.dll, wlbsctrl.dll,
SnacNp.dll, w3ssl.dll, strmfilt.dll,
HTTPAPI.dll, vss_ps.dll, msxml3.dll
svchost.exe 652 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, rpcss.dll,
msvcrt.dll, WS2_32.dll, WS2HELP.dll,
USER32.dll, GDI32.dll, IMM32.DLL,
xpsp2res.dll, rsaenh.dll, PSAPI.DLL,
CLBCatQ.DLL, OLEAUT32.dll, ole32.dll,
COMRes.dll, VERSION.dll, msi.dll,
WTSAPI32.dll, WINSTA.dll, NETAPI32.dll,
USERENV.dll
svchost.exe 816 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, rpcss.dll,
msvcrt.dll, WS2_32.dll, WS2HELP.dll,
USER32.dll, GDI32.dll, IMM32.DLL,
xpsp2res.dll, rsaenh.dll, PSAPI.DLL,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
CLBCatQ.DLL, OLEAUT32.dll, ole32.dll,
COMRes.dll, VERSION.dll, msi.dll
Smc.exe 880 ntdll.dll, kernel32.dll, USERENV.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, USER32.dll, GDI32.dll,
CRYPT32.dll, MSASN1.dll, Trident.dll,
deuParser.dll, MSVCP80.dll, MSVCR80.dll,
TseConfig.dll, SpNet.dll, WS2_32.dll,
WS2HELP.dll, SHELL32.dll, SHLWAPI.dll,
SyLog.dll, NacManager.plg, MFC80.DLL,
VERSION.dll, OLEAUT32.dll, ole32.dll,
SETUPAPI.dll, SyLink.dll, NETAPI32.dll,
DataMan.dll, WSOCK32.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
tse.dll, PSSensor.dll, SSSensor.dll,
IdsTrafficPipe.dll, wpsman.dll, PSAPI.DLL,
tfman.dll, WTSAPI32.dll, WINSTA.dll,
iphlpapi.dll, SgHI.dll, SfConfig.dll,
SgConfig.dll, snmpapi.dll, Netport.dll,
msi.dll, IMM32.DLL, comctl32.dll,
MFC80ENU.DLL, ccL608.dll, SmcRes.dll,
CLBCatQ.DLL, COMRes.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, WLDAP32.dll,
credui.dll, ATL.DLL, rtutils.dll,
SAMLIB.dll, rasapi32.dll, rasman.dll,
TAPI32.dll, WINMM.dll, serwvdrv.dll,
umdmxfrm.dll, AVMan.plg, GUProxy.plg,
LuMan.plg, AvManRes.dll, AvPluginImpl.dll,
ATL80.DLL, GUProxyRes.dll, LUManRes.dll,
xpsp2res.dll, rsaenh.dll, NTMARTA.DLL,
inetmib1.dll, SgHIRes.dll, DNSAPI.dll,
VDMDBG.DLL, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, SpNetRes.dll, TseRes.dll,
SXS.DLL, apphelp.dll, msctfime.ime,
sensapi.dll, rasadhlp.dll, winrnr.dll,
msv1_0.dll, cryptdll.dll, ccVrTrst.dll,
MSVCP71.dll, MSVCR71.dll, ccL60U.dll,
WinTrust.dll, imagehlp.dll,
ManagedUnloader.dll, SyLinkRes.dll, tv.dll
svchost.exe 920 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, dhcpcsvc.dll,
msvcrt.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, PSAPI.DLL,
USER32.dll, GDI32.dll, IMM32.DLL,
dnsrslvr.dll, netman.dll, netshell.dll,
rtutils.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, ole32.dll, OLEAUT32.dll,
ATL.DLL, CLUSAPI.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
WLDAP32.dll, SAMLIB.dll, SETUPAPI.dll,
RASAPI32.dll, rasman.dll, TAPI32.dll,
WINMM.dll, CRYPT32.dll, MSASN1.dll,
WZCSvc.DLL, WMI.dll, WTSAPI32.dll,
WINSTA.dll, ESENT.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WZCSAPI.DLL, comctl32.dll, serwvdrv.dll,
umdmxfrm.dll, rsaenh.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, security.dll,
ntdsapi.dll, kerberos.dll, cryptdll.dll
svchost.exe 964 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, lmhsvc.dll,
iphlpapi.dll, PSAPI.DLL, WS2_32.dll,
WS2HELP.dll, mswsock.dll, DNSAPI.dll,
rasadhlp.dll, w32time.dll, msvcp60.dll,
NETAPI32.dll, USERENV.dll, hnetcfg.dll,
wshtcpip.dll, winrnr.dll
svchost.exe 1008 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, wzcsvc.dll,
rtutils.dll, WMI.dll, DHCPCSVC.DLL,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, PSAPI.DLL, OLEAUT32.dll,
CRYPT32.dll, MSASN1.dll, WTSAPI32.dll,
WINSTA.dll, NETAPI32.dll, SHLWAPI.dll,
ESENT.dll, ATL.DLL, rsaenh.dll, rastls.dll,
CRYPTUI.dll, WINTRUST.dll, imagehlp.dll,
VERSION.dll, MPRAPI.dll, ACTIVEDS.dll,
adsldpc.dll, credui.dll, SHELL32.dll,
SETUPAPI.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, WINMM.dll, WinSCard.dll,
COMCTL32.dll, Comctl32.dll, serwvdrv.dll,
umdmxfrm.dll, raschap.dll, SymRasMan.dll,
RasSymEap.dll, Cryptdll.dll, shsvcs.dll,
CLBCatQ.DLL, COMRes.dll, schedsvc.dll,
NTDSAPI.dll, AUTHZ.dll, USERENV.dll,
sens32.dll, es.dll, wiarpc.dll, MSIDLE.DLL,
audiosrv.dll, wkssvc.dll, srvsvc.dll,
HNETCFG.DLL, winspool.drv, aelupsvc.dll,
apphelp.dll, browser.dll, cryptsvc.dll,
certcli.dll, VSSAPI.DLL, MPR.dll, sfc.dll,
sfc_os.dll, dmserver.dll, SXS.DLL,
comsvcs.dll, seclogon.dll, trkwks.dll,
wmisvc.dll, wuauserv.dll, wuaueng.dll,
WINHTTP.dll, Cabinet.dll, mspatcha.dll,
mswsock.dll, wshtcpip.dll, wbemcore.dll,
msvcp60.dll, esscli.dll, wbemcomn.dll,
FastProx.dll, wbemsvc.dll, wmiutils.dll,
repdrvfs.dll, wmiprvsd.dll, NCObjAPI.DLL,
wbemess.dll, ncprov.dll, netman.dll,
netshell.dll, CLUSAPI.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WZCSAPI.DLL, netcfgx.dll, WINIPSEC.DLL,
rasmans.dll, Sens.dll, rastapi.dll,
ntlsapi.dll, rasppp.dll, kerberos.dll,
ipbootp.dll, msv1_0.dll, msi.dll,
RASDLG.dll, rasadhlp.dll
spoolsv.exe 1544 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, IMM32.DLL,
SPOOLSS.DLL, WS2_32.dll, WS2HELP.dll,
NETAPI32.dll, iphlpapi.dll, PSAPI.DLL,
DNSAPI.dll, rasadhlp.dll, localspl.dll,
ole32.dll, OLEAUT32.dll, VERSION.dll,
sfc_os.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, imagehlp.dll, USERENV.dll,
winspool.drv, cnbjmon.dll, CNAS0MOK.DLL,
WININET.dll, SHLWAPI.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, comctl32.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
apphelp.dll, msctfime.ime, HPBMMON.DLL,
hpdomon.dll, pjlmon.dll, usbmon.dll,
HPBHealr.dll, mdimon.dll, msi.dll,
lmdimon8.dll, tcpmon.dll, wsnmp32.dll,
tcpmib.dll, WSOCK32.dll, mgmtapi.dll,
snmpapi.dll, FSPPMFP.DLL, hpprn05.dll,
HPPRNC01.dll, hpzpp052.dll, hpzpp4wm.DLL,
hpzpp4wn.dll, lmdippr8.dll, mdippr.dll,
filterpipelineprintproc.dll, winrnr.dll,
WLDAP32.dll, win32spl.dll, NETRAP.dll,
NTDSAPI.dll, inetpp.dll, icmp.dll,
CLBCatQ.DLL, COMRes.dll, xpsp2res.dll,
ADMWPROX.DLL, rsaenh.dll, NTMARTA.DLL,
SAMLIB.dll, kerberos.dll, cryptdll.dll,
ACTIVEDS.dll, adsldpc.dll, credui.dll,
SHELL32.dll, ATL.DLL, adsldp.dll, SXS.DLL,
unidrvui.dll, unidrv.dll, HPZST4wn.DLL,
PS5UI.DLL, PSCRIPT5.DLL, mscms.dll,
EF4M8U20.oem, tv.dll
msdtc.exe 1572 ntdll.dll, kernel32.dll, ole32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
MSDTCTM.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, msvcp60.dll, MSDTCPRX.dll,
OLEAUT32.dll, NETAPI32.dll, MTXCLU.DLL,
VERSION.dll, WSOCK32.dll, MSDTCLOG.dll,
XOLEHLP.dll, MSWSOCK.dll, WINMM.dll,
IMM32.DLL, CLUSAPI.DLL, RESUTILS.DLL,
USERENV.dll, serwvdrv.dll, umdmxfrm.dll,
COMRES.DLL, MTxOCI.Dll, CLBCatQ.DLL,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll
AASCServer.exe 1656 ntdll.dll, mscoree.dll, KERNEL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
mscoreei.dll, SHLWAPI.dll, GDI32.dll,
USER32.dll, msvcrt.dll, IMM32.DLL,
mscorwks.dll, MSVCR80.dll, shell32.dll,
comctl32.dll, mscorlib.ni.dll, ole32.dll,
mscorjit.dll, System.ni.dll,
System.ServiceProcess.ni.dll, AASCLib.dll,
System.Runtime.Remoting.ni.dll, ws2_32.dll,
WS2HELP.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, System.Configuration.ni.dll,
System.Xml.ni.dll, DNSAPI.dll, winrnr.dll,
WLDAP32.dll, rasadhlp.dll
dbsrv9.exe 1708 ntdll.dll, kernel32.dll, dbserv9.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, WSOCK32.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
SHELL32.dll, SHLWAPI.dll, comdlg32.dll,
COMCTL32.dll, dbctrs9.dll, ole32.dll,
IMM32.DLL, comctl32.dll, dblgen9.dll,
dbunic9.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, IpHlpApi.dll, PSAPI.DLL
beremote.exe 1756 ntdll.dll, kernel32.dll, WSOCK32.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, bestdutl.dll,
beclass.dll, MSWSOCK.dll, ole32.dll,
MPR.dll, NETAPI32.dll, VERSION.dll,
ACTIVEDS.dll, adsldpc.dll, WLDAP32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
ATL.DLL, OLEAUT32.dll, WINSPOOL.DRV,
comdlg32.dll, COMCTL32.dll, VXCRYPTO.dll,
MSVCR71.dll, besocket.dll, MSVCP71.dll,
iphlpapi.dll, PSAPI.DLL, benetapi.dll,
benetutl.dll, ndmpcomm.dll, bedscomn.dll,
bemsdk.dll, serdll.dll, libvxSigComp2.dll,
bebsdu.dll, IMM32.DLL, comctl32.dll,
hnetcfg.dll, wshtcpip.dll, clusapi.dll,
ndmpsrvr.dll, bedssms.dll, SETUPAPI.dll,
bedsnt5.dll, USERENV.dll, intranw.dll,
OLEACC.dll, bedsadc.dll, bedssql2.dll,
ODBC32.dll, odbcint.dll, bedsxchg.dll,
bedsxese.dll, bedsmbox.dll, MAPI32.dll,
MAPIProv.dll, edbprov.dll, beerrors_EN.dll,
VirtApi.dll, FLTLIB.DLL, bedsnote.dll,
bedsmdoc.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, bedssps2.dll,
bedsupfs.dll, bedsshadow.dll,
engine_EN.dll, bedsoffhost.dll,
bedsdpm.dll, bedscps.dll, bedsagnt.dll,
bedssmsp.dll, bedsra.dll, bedsrman.dll,
dbsb.dll, vxACE_3I.dll, bedsdb2.dll,
bedsss.dll, bedsadgran.dll, NTDSAPI.dll,
DNSAPI.dll, sisbkup.dll, sfc.dll,
sfc_os.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, imagehlp.dll, ntdsbcli.dll,
ntdsbmsg.dll, certadm.dll, certcli.dll,
benettcp.dll, edbbcli.dll, MSMAPI32.DLL,
MAPIR.DLL, xpsp2res.dll, NTMARTA.DLL,
SAMLIB.dll, BEDiskFind.dll, BeDisk.dll,
BeXML.dll, esebcli2.dll, CLBCatQ.DLL,
COMRes.dll, adsldp.dll, SXS.DLL,
winrnr.dll, rasadhlp.dll, kerberos.dll,
cryptdll.dll, netman.dll, netshell.dll,
rtutils.dll, MPRAPI.dll, RASAPI32.dll,
rasman.dll, TAPI32.dll, WINMM.dll,
WZCSvc.DLL, WMI.dll, DHCPCSVC.DLL,
WTSAPI32.dll, WINSTA.dll, ESENT.dll,
WZCSAPI.DLL, serwvdrv.dll, umdmxfrm.dll,
rsaenh.dll, SnacNp.dll, drprov.dll,
ntlanman.dll, NETUI0.dll, NETUI1.dll,
davclnt.dll, sqloledb.dll, MSDART.DLL,
MSDATL3.dll, oledb32.dll, OLEDB32R.DLL,
DBNETLIB.DLL, security.dll, msv1_0.dll,
SQLOLEDB.RLL, schannel.dll, dssenh.dll,
DBnmpNTw.dll, vssapi.dll, msxml3.dll,
vss_ps.dll, ES.DLL, comsvcs.dll,
dskquota.dll
ccSvcHst.exe 1788 ntdll.dll, kernel32.dll, ole32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
MSVCP71.dll, MSVCR71.dll, ccL60U.dll,
OLEAUT32.dll, IMM32.DLL, ws2_32.dll,
WS2HELP.dll, DBGHELP.DLL, VERSION.dll,
xpsp2res.dll, SHLWAPI.dll, ccVrTrst.dll,
SETUPAPI.dll, WSOCK32.dll, Crypt32.dll,
MSASN1.dll, WinTrust.dll, imagehlp.dll,
rsaenh.dll, PSAPI.DLL, userenv.dll,
netapi32.dll, ccSvc.dll, ccSet.dll,
CCSETPLG.DLL, SUBENG.DLL, SHELL32.dll,
comctl32.dll, SUBRES.loc, CCEVTPLG.DLL,
ccEvtCli.dll, SPBBCEVT.DLL, CLBCatQ.DLL,
COMRes.dll, msi.dll, SRTSP32.DLL,
ccProSub.dll, CCSETEVT.DLL, ATL71.DLL,
bbRGen.dll, SubConn.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
SAVSubmitter.dll, SAVSubmitterRes.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
DNSAPI.dll, winrnr.dll, WLDAP32.dll,
rasadhlp.dll
dsm_sa_eventmgr32.exe 1864 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, IMM32.DLL, comctl32.dll,
dcsupt32.dll, WS2_32.dll, WS2HELP.dll,
dcisep32.dll, dcsgen32.dll, dcsmil32.dll,
omaep32.dll, omacs32.dll, NETAPI32.dll,
WLDAP32.dll, dsupt32.dll, OLEAUT32.dll,
ole32.dll, MSVCP80.dll, MSVCR80.dll,
NTMARTA.DLL, SAMLIB.dll,
dsm_sm_dcsipe32.dll, dsm_sm_evtmsg32.dll,
xmlsup32.dll, dsm_sm_queue.dll,
dcship32.dll, mswsock.dll, DNSAPI.dll,
winrnr.dll
dsm_sa_datamgr32.exe 1880 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, IMM32.DLL, comctl32.dll,
dcsupt32.dll, WS2_32.dll, WS2HELP.dll,
dcadpt32.dll, SETUPAPI.dll, bmapi.dll,
ole32.dll, CFGMGR32.dll, iphlpapi.dll,
PSAPI.DLL, VERSION.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, imagehlp.dll,
dccoop32.dll, dciemp32.dll, dchipm32.dll,
dcienv32.dll, dchbas32.dll, DNSAPI.dll,
dclra32.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, dcosp32.dll, CLUSAPI.dll,
OLEAUT32.dll, pdh.dll, comdlg32.dll,
COMCTL32.dll, ODBC32.dll, odbcbcp.dll,
odbcint.dll, perfos.dll, dcsecp32.dll,
dcwfm32.dll, dcifru32.dll,
dsm_sm_ral32.dll, dsm_sm_queue.dll,
DSM_SM_VAL.dll, dsm_sm_lsivil.dll,
Megalib.dll, WSOCK32.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll,
dsm_sm_afavil.dll, afaapi.dll,
afaappse.dll, RPCNS4.dll, MPR.dll,
dsm_sm_enclvil.dll, dsm_sm_nrsvil.dll,
DSM_SM_HEL.dll, dsm_sm_sasvil.dll,
storelib.dll, storelibir.dll, xpsp2res.dll,
dsm_sm_sasenclvil.dll, dcsmil32.dll,
CLBCatQ.DLL, COMRes.dll, wbemprox.dll,
wbemcomn.dll, wbemsvc.dll, fastprox.dll,
msvcp60.dll, NTDSAPI.dll, WLDAP32.dll,
apphelp.dll, msctfime.ime, NTMARTA.DLL,
SAMLIB.dll, winrnr.dll, tv.dll
dfssvc.exe 1900 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
NETAPI32.dll, ACTIVEDS.dll, adsldpc.dll,
WLDAP32.dll, USER32.dll, GDI32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
ATL.DLL, ole32.dll, OLEAUT32.dll,
CLUSAPI.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, RESUTILS.dll,
USERENV.dll, IMM32.DLL, comctl32.dll,
mswsock.dll, winrnr.dll, rasadhlp.dll,
hnetcfg.dll, wshtcpip.dll, kerberos.dll,
cryptdll.dll, MSASN1.dll, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, adsldp.dll, SXS.DL
dns.exe 1928 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
WS2_32.dll, WS2HELP.dll, USER32.dll,
GDI32.dll, NETAPI32.dll, WLDAP32.dll,
DNSAPI.dll, NTDSAPI.dll, SHLWAPI.dll,
iphlpapi.dll, PSAPI.DLL, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, credui.dll,
SHELL32.dll, ATL.DLL, ole32.dll,
OLEAUT32.dll, rtutils.dll, SAMLIB.dll,
SETUPAPI.dll, IMM32.DLL, comctl32.dll,
rsaenh.dll, netman.dll, netshell.dll,
CLUSAPI.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, WINMM.dll, CRYPT32.dll,
MSASN1.dll, WZCSvc.DLL, WMI.dll,
DHCPCSVC.DLL, WTSAPI32.dll, WINSTA.dll,
ESENT.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, WZCSAPI.DLL,
serwvdrv.dll, umdmxfrm.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, kerberos.dll,
cryptdll.dll, msv1_0.dll, security.dll,
ICMP.DLL
svchost.exe 1980 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, ersvc.dll,
USERENV.dll, WINSTA.dll, NETAPI32.dll
inetinfo.exe 2060 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, IISUTIL.dll,
ole32.dll, CRYPT32.dll, MSASN1.dll,
IMM32.DLL, rpcref.dll, IisRTL.DLL,
WS2_32.dll, WS2HELP.dll, iisadmin.dll,
VSSAPI.DLL, ATL.DLL, OLEAUT32.dll,
NETAPI32.dll, MPR.dll, COADMIN.dll,
PSAPI.DLL, AUTHZ.dll, ADMWPROX.dll,
IISCFG.DLL, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, metadata.dll,
msxml3.dll, SHLWAPI.dll, rsaenh.dll,
SHELL32.dll, comctl32.dll, svcext.dll,
Security.dll, IISMAP.dll, es.dll,
wamreg.dll, ftpsvc2.dll, ISATQ.dll,
INFOCOMM.dll, ODBC32.dll, COMCTL32.dll,
comdlg32.dll, odbcint.dll, schannel.dll,
USERENV.dll, lonsint.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, wintrust.dll,
imagehlp.dll, iscomlog.dll, DNSAPI.dll,
winrnr.dll, iislog.dll, msi.dll, vss_ps.dll
ismserv.exe 2092 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
WLDAP32.dll, NETAPI32.dll, cryptdll.dll,
ntdsmsg.dll, ws03res.dll, WS2_32.DLL,
WS2HELP.dll, mswsock.dll, hnetcfg.dll,
GDI32.dll, USER32.dll, IMM32.DLL,
wshtcpip.dll, DNSAPI.dll, winrnr.dll,
rasadhlp.dll, msv1_0.dll, iphlpapi.dll,
PSAPI.DLL, ismip.dll, W32TOPL.dll,
NTDSAPI.dll, ismsmtp.dll, ATL.DLL,
ole32.dll, OLEAUT32.dll, ACTIVEDS.dll,
adsldpc.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, comctl32.dll, ICMP.DLL
jqs.exe 2108 ntdll.dll, kernel32.dll, WS2_32.dll,
msvcrt.dll, WS2HELP.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, MSVCR100.dll,
user32.dll, GDI32.dll, IMM32.DLL,
psapi.dll, pdh.dll, SHLWAPI.dll,
comdlg32.dll, COMCTL32.dll, SHELL32.dll,
ole32.dll, OLEAUT32.dll, ODBC32.dll,
odbcbcp.dll, VERSION.dll, CRYPT32.dll,
MSASN1.dll, comctl32.dll, odbcint.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
perfos.dll, perfdisk.dll
mbamservice.exe 2188 ntdll.dll, kernel32.dll, IPHLPAPI.DLL,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, PSAPI.DLL, USER32.dll,
GDI32.dll, WS2_32.dll, WS2HELP.dll,
mbam.dll, SHLWAPI.dll, SHELL32.dll,
VERSION.dll, mbamnet.dll, CRYPT32.dll,
MSASN1.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, mbamcore.dll, USERENV.dll,
MPR.dll, WINTRUST.dll, imagehlp.dll,
IMM32.DLL, comctl32.dll, rsaenh.dll,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
ole32.dll
MDM.EXE 2272 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ole32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
OLEAUT32.dll, SHELL32.dll, SHLWAPI.dll,
VERSION.dll, IMM32.DLL, comctl32.dll,
psapi.dll, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, tv.dll
mr2kserv.exe 2292 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, IMM32.DLL, xpsp2res.dll
msftesql.exe 2316 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
MSFTE.DLL, USER32.dll, GDI32.dll,
ole32.dll, OLEAUT32.dll, PSAPI.DLL,
VERSION.dll, dbghelp.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, imagehlp.dll,
IMM32.DLL, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, msftepxy.dll
sqlservr.exe 2344 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, sqlos.dll,
USERENV.dll, USER32.dll, GDI32.dll,
WINMM.dll, opends60.dll, NETAPI32.dll,
IMM32.DLL, serwvdrv.dll, umdmxfrm.dll,
psapi.dll, instapi.dll, sqlevn70.RLL,
rsaenh.dll, AUTHZ.DLL, MSCOREE.DLL,
mscoreei.dll, ole32.dll, msv1_0.dll,
cryptdll.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, kerberos.dll, MSASN1.dll,
schannel.dll, CRYPT32.dll, security.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, msfte.dll, OLEAUT32.dll,
dbghelp.dll, WINTRUST.dll, imagehlp.dll,
dssenh.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, ntdsapi.dll, DNSAPI.dll,
winrnr.dll, rasadhlp.dll, xpsp2res.dll,
CLBCatQ.DLL, COMRes.dll, sqlncli.dll,
COMCTL32.dll, comdlg32.dll, SQLNCLIR.RLL,
msftepxy.dll, xplog70.dll, xplog70.RLL
sqlservr.exe 2404 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, sqlos.dll,
USERENV.dll, USER32.dll, GDI32.dll,
WINMM.dll, opends60.dll, NETAPI32.dll,
IMM32.DLL, serwvdrv.dll, umdmxfrm.dll,
psapi.dll, instapi.dll, sqlevn70.RLL,
rsaenh.dll, AUTHZ.DLL, MSCOREE.DLL,
mscoreei.dll, ole32.dll, msv1_0.dll,
cryptdll.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, kerberos.dll, MSASN1.dll,
schannel.dll, CRYPT32.dll, security.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, dssenh.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, ntdsapi.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll,
xpsp2res.dll, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, sqlncli.dll, COMCTL32.dll,
comdlg32.dll, SQLNCLIR.RLL, xplog70.dll,
xplog70.RLL
sqlservr.exe 2444 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, sqlos.dll,
USERENV.dll, USER32.dll, GDI32.dll,
WINMM.dll, opends60.dll, NETAPI32.dll,
IMM32.DLL, serwvdrv.dll, umdmxfrm.dll,
psapi.dll, instapi.dll, sqlevn70.RLL,
rsaenh.dll, AUTHZ.DLL, MSCOREE.DLL,
mscoreei.dll, ole32.dll, msv1_0.dll,
cryptdll.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, kerberos.dll, MSASN1.dll,
schannel.dll, CRYPT32.dll, security.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, dssenh.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, ntdsapi.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll,
xpsp2res.dll, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, sqlncli.dll, COMCTL32.dll,
comdlg32.dll, SQLNCLIR.RLL, xplog70.dll,
xplog70.RLL
sqlservr.exe 2516 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, sqlos.dll,
USERENV.dll, USER32.dll, GDI32.dll,
WINMM.dll, opends60.dll, NETAPI32.dll,
IMM32.DLL, serwvdrv.dll, umdmxfrm.dll,
psapi.dll, instapi.dll, sqlevn70.RLL,
rsaenh.dll, AUTHZ.DLL, MSCOREE.DLL,
mscoreei.dll, ole32.dll, msv1_0.dll,
cryptdll.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, kerberos.dll, MSASN1.dll,
schannel.dll, CRYPT32.dll, security.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, dssenh.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, ntdsapi.dll,
DNSAPI.dll, xpsp2res.dll, CLBCatQ.DLL,
OLEAUT32.dll, COMRes.dll, sqlncli.dll,
COMCTL32.dll, comdlg32.dll, SQLNCLIR.RLL,
xplog70.dll, xplog70.RLL
sqlservr.exe 2628 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, MSVCP80.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, sqlos.dll,
USERENV.dll, USER32.dll, GDI32.dll,
WINMM.dll, opends60.dll, NETAPI32.dll,
IMM32.DLL, serwvdrv.dll, umdmxfrm.dll,
psapi.dll, instapi.dll, sqlevn70.RLL,
rsaenh.dll, AUTHZ.DLL, MSCOREE.DLL,
mscoreei.dll, ole32.dll, msv1_0.dll,
cryptdll.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, kerberos.dll, MSASN1.dll,
schannel.dll, CRYPT32.dll, security.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, dssenh.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, ntdsapi.dll,
DNSAPI.dll
ntfrs.exe 2748 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, ole32.dll,
WLDAP32.dll, NETAPI32.dll, ESENT.dll,
dbghelp.dll, VERSION.dll, NTDSAPI.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
NTFRSAPI.DLL, VSSAPI.DLL, ATL.DLL,
OLEAUT32.dll, MPR.dll, IMM32.DLL,
NTMARTA.DLL, SAMLIB.dll, xpsp2res.dll,
CLBCatQ.DLL, COMRes.dll, es.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
winrnr.dll, rasadhlp.dll, kerberos.dll,
cryptdll.dll, MSASN1.dll, rsaenh.dll,
PSAPI.DLL, ICMP.DLL, iphlpapi.dll,
vss_ps.dll, msxml3.dll, SHLWAPI.dll
dsm_om_shrsvc32.exe 2804 ntdll.dll, kernel32.dll, omacs32.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
NETAPI32.dll, WLDAP32.dll, USER32.dll,
GDI32.dll, dsupt32.dll, SHELL32.dll,
SHLWAPI.dll, OLEAUT32.dll, ole32.dll,
MSVCP80.dll, MSVCR80.dll, omsas32.dll,
dnet32.dll, WSOCK32.dll, dweb32.dll,
devent32.dll, omintf32.dll, MPR.dll,
IMM32.DLL, NTMARTA.DLL, SAMLIB.dll,
comctl32.dll
svchost.exe 2952 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, regsvc.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
IMM32.DLL, msv1_0.dll, cryptdll.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
PSAPI.DLL, kerberos.dll, MSASN1.dll
ReporterSvc.exe 3008 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, MSVCRT.dll, IMM32.DLL,
perl58.dll,
42db37dadb779dbfc5da8bdd7ec61c52.dll,
44abde5de65f3f034faac2c132713018.dll,
7acaa276f32e012922082aa697dfa218.dll,
8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll,
7aace6f21e4c397996b145b7fd777643.dll,
31aa023220b46a62dd91739a3bf1cad4.dll,
1ff4eae997b1753d848dbbc61d1b4345.dll,
36971e8ed4d19cc0a7051079b039c204.dll,
b2774d247dfbf0abe8539e577ee59b4c.dll,
ole32.dll, VERSION.dll,
0a6b9f23e356336cc61530f586d0c66a.dll,
89f4ac43ba2b792785d9d472365e562b.dll
ReportingServicesService. 3056 ntdll.dll, mscoree.dll, KERNEL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
mscoreei.dll, SHLWAPI.dll, GDI32.dll,
USER32.dll, msvcrt.dll, IMM32.DLL,
mscorwks.dll, MSVCR80.dll, shell32.dll,
comctl32.dll, mscorlib.ni.dll,
mscorsec.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, imagehlp.dll, COMCTL32.dll,
rsaenh.dll, PSAPI.DLL, userenv.dll,
VERSION.dll, netapi32.dll, cryptnet.dll,
WLDAP32.dll, SensApi.dll, ole32.dll,
System.ni.dll,
System.ServiceProcess.ni.dll, mscorjit.dll,
ReportingServicesLibrary.dll,
ReportingServicesNativeServer.dll,
ATL80.DLL, MSVCP80.dll, OLEAUT32.dll,
msvcm80.dll,
Microsoft.ReportingServices.Diagnostics.dll,
Microsoft.ReportingServices.Interfaces.dll,
System.Web.ni.dll,
System.Configuration.ni.dll,
System.Xml.ni.dll,
ReportingServicesNativeClient.dll,
System.dll, System.Configuration.dll,
System.Xml.dll, System.Web.dll,
sqlboot.dll, msv1_0.dll, cryptdll.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
System.Data.dll, security.dll,
schannel.dll, xpsp2res.dll, kerberos.dll,
ntdsapi.dll, DNSAPI.dll, instapi.dll,
dssenh.dll, CLBCatQ.DLL, COMRes.dll,
WMINet_Utils.dll, wmiutils.dll,
wbemprox.dll, wbemcomn.dll, mswsock.dll,
winrnr.dll, rasadhlp.dll, wbemsvc.dll,
fastprox.dll, msvcp60.dll,
diasymreader.dll, System.Transactions.dll,
System.EnterpriseServices.dll,
System.Management.dll
locator.exe 3272 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
NETAPI32.dll, ACTIVEDS.dll, adsldpc.dll,
WLDAP32.dll, USER32.dll, GDI32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
ATL.DLL, ole32.dll, OLEAUT32.dll,
IMM32.DLL, comctl32.dll
dsm_om_connsvc32.exe 3300 ntdll.dll, kernel32.dll, omacs32.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
NETAPI32.dll, WLDAP32.dll, USER32.dll,
GDI32.dll, dsupt32.dll, SHELL32.dll,
SHLWAPI.dll, OLEAUT32.dll, ole32.dll,
MSVCP80.dll, MSVCR80.dll, IMM32.DLL,
NTMARTA.DLL, SAMLIB.dll, comctl32.dll,
jvm.dll, WINMM.dll, MSVCR71.dll,
serwvdrv.dll, umdmxfrm.dll, hpi.dll,
PSAPI.DLL, verify.dll, java.dll, zip.dll,
omajdb32.dll, omadb32.dll, csda32.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
drsda32.dll, dcsgen32.dll, dcsmil32.dll,
dcsupt32.dll, hipda32.dll, dcship32.dll,
dcecfl32.dll, rasadhlp.dll, sunmscapi.dll,
CRYPT32.dll, MSASN1.dll, rsaenh.dll,
net.dll, hnetcfg.dll, wshtcpip.dll
snmp.exe 3328 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
snmpapi.dll, WS2_32.dll, WS2HELP.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
WLDAP32.dll, hnetcfg.dll, GDI32.dll,
USER32.dll, IMM32.DLL, wshtcpip.dll,
rasadhlp.dll, dhcpmib.dll, DHCPSAPI.DLL,
DSAUTH.dll, adsldpc.dll, NETAPI32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
iphlpapi.dll, PSAPI.DLL, comctl32.dll,
besnmp.dll, mgmtapi.dll, wsnmp32.dll,
MSVCR71.dll, tapealrt.dll, MSVCP71.dll,
bcmif.dll, BMAPI.dll, ole32.dll,
CFGMGR32.dll, setupapi.dll, VERSION.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
imagehlp.dll, baspmgnt.dll,
dsm_sa_snmp32.dll, dcsupt32.dll,
dcsnis32.dll, dcship32.dll, dcsgen32.dll,
dcsmil32.dll, dcsfru32.dll, invmib32.dll,
omadb32.dll, omacs32.dll, libxml2.dll,
WSOCK32.dll, MSVCR80.dll, NTMARTA.DLL,
SAMLIB.dll, dsm_sm_ssimp32.dll,
xmlsup32.dll, DSM_SM_DSCIL32.dll,
dsm_sm_dcsif32.dll, dsm_sm_queue.dll,
dsm_sm_evtmsg32.dll, dcsnra32.dll,
dcsdrs32.dll, lmmib2.dll, WINSPOOL.DRV,
inetmib1.dll, MPRAPI.dll, ACTIVEDS.dll,
ATL.DLL, OLEAUT32.dll, rtutils.dll,
hostmib.dll, snmpmib.dll, evntagnt.dll,
msvcp60.dll, igmpagnt.dll, mcastmib.dll,
ripagnt.dll, ospfagnt.dll, btpagnt.dll,
httpmib.dll, IISUTIL.dll, ftpmib.dll,
INFOADMN.dll, IisRTL.DLL, winsmib.dll,
winsrpc.dll
sqlbrowser.exe 3348 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, WS2_32.dll, WS2HELP.dll,
psapi.dll, instapi.dll, mswsock.dll,
hnetcfg.dll, GDI32.dll, USER32.dll,
IMM32.DLL, wshtcpip.dll
sqlwriter.exe 3368 ntdll.dll, kernel32.dll, MSVCR80.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, ole32.dll, GDI32.dll,
USER32.dll, IMM32.DLL, psapi.dll,
sqlwvss.dll, MSVCP80.dll, OLEAUT32.dll,
VSSAPI.DLL, ATL.DLL, NETAPI32.dll, MPR.dll,
xpsp2res.dll, SAMLIB.dll, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, es.dll,
vss_ps.dll, msxml3.dll, SHLWAPI.dll,
sqlncli.dll, COMCTL32.dll, comdlg32.dll,
SHELL32.dll, WS2_32.dll, WS2HELP.dll,
CRYPT32.dll, MSASN1.dll, comctl32.dll,
SQLNCLIR.RLL, kerberos.dll, cryptdll.dll,
msv1_0.dll, iphlpapi.dll, ntdsapi.dll,
DNSAPI.dll, WLDAP32.dll, security.dll,
schannel.dll, USERENV.dll, instapi.dll,
rsaenh.dll, dssenh.dll
svchost.exe 3400 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, tapisrv.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
WLDAP32.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, ATL.DLL, ole32.dll,
OLEAUT32.dll, PSAPI.DLL, rtutils.dll,
WINMM.dll, IMM32.DLL, comctl32.dll,
serwvdrv.dll, umdmxfrm.dll, unimdm.tsp,
SETUPAPI.dll, uniplat.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, imagehlp.dll,
unimdmat.dll, VERSION.dll, modemui.dll,
kmddsp.tsp, ndptsp.tsp, ipconf.tsp,
h323.tsp, WS2_32.dll, WS2HELP.dll,
MSWSOCK.dll, hidphone.tsp, HID.DLL
TeamViewer_Service.exe 3412 ntdll.dll, kernel32.dll, USERENV.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, USER32.dll, GDI32.dll,
CRYPT32.dll, MSASN1.dll, imagehlp.dll,
WINTRUST.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, SHELL32.dll, SHLWAPI.dll,
IMM32.DLL, comctl32.dll, rsaenh.dll,
PSAPI.DLL, VERSION.dll, cryptnet.dll,
WLDAP32.dll, SensApi.dll, ole32.dll,
apphelp.dll, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, iertutil.dll, urlmon.dll,
WININET.dll, Normaliz.dll, SETUPAPI.dll,
tv.dll, NTMARTA.DLL, SAMLIB.dll
lserver.exe 3444 ntdll.dll, kernel32.dll, mstlsapi.dll,
msvcrt.dll, ACTIVEDS.dll, adsldpc.dll,
NETAPI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, WLDAP32.dll, USER32.dll,
GDI32.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, ATL.DLL, ole32.dll,
OLEAUT32.dll, CRYPT32.dll, MSASN1.dll,
REGAPI.dll, ESENT.dll, WS2_32.dll,
WS2HELP.dll, VSSAPI.DLL, MPR.dll,
msvcp60.dll, IMM32.DLL, comctl32.dll,
xpsp2res.dll, mswsock.dll, DNSAPI.dll,
winrnr.dll, rasadhlp.dll, tls236.dll,
SAMLIB.dll, hnetcfg.dll, wshtcpip.dll,
rsaenh.dll, PSAPI.DLL, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, es.dll,
adsldp.dll, SXS.DLL, NTDSAPI.DLL,
kerberos.dll, cryptdll.dll, msv1_0.dll,
iphlpapi.dll, vss_ps.dll, msxml3.dll
svchost.exe 3592 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, wecsvc.dll,
msvcrt.dll, WsmSvc.DLL, OLEAUT32.dll,
USER32.dll, GDI32.dll, ole32.dll,
NETAPI32.dll, USERENV.dll, IPHLPAPI.DLL,
PSAPI.DLL, WS2_32.dll, WS2HELP.dll,
IMM32.DLL
pvlsvr.exe 3756 ntdll.dll, kernel32.dll, MCHXFACE.dll,
msvcrt.dll, bestdutl.dll, beclass.dll,
USER32.dll, GDI32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, MSWSOCK.dll,
ole32.dll, MPR.dll, NETAPI32.dll,
VERSION.dll, ACTIVEDS.dll, adsldpc.dll,
WLDAP32.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, ATL.DLL, OLEAUT32.dll,
WINSPOOL.DRV, comdlg32.dll, COMCTL32.dll,
VXCRYPTO.dll, MSVCR71.dll, besocket.dll,
MSVCP71.dll, iphlpapi.dll, PSAPI.DLL,
ODBC32.dll, SETUPAPI.dll, bemsdk.dll,
serdll.dll, libvxSigComp2.dll,
DeviceIo.dll, bescsicap.dll, vxACE_3I.dll,
python24.dll, MFC71U.DLL, tsappcmp.dll,
IMM32.DLL, comctl32.dll, hnetcfg.dll,
wshtcpip.dll, odbcint.dll, MFC71ENU.DLL,
pvltypes.dll, clusapi.dll, pvlsvr_EN.dll,
xpsp2res.dll, CLBCatQ.DLL, COMRes.dll,
oledb32.dll, MSDART.DLL, OLEDB32R.DLL,
comsvcs.dll, sqloledb.dll, MSDATL3.dll,
DBNETLIB.DLL, security.dll, msv1_0.dll,
cryptdll.dll, ntdsapi.dll, DNSAPI.dll,
crypt32.dll, MSASN1.dll, winrnr.dll,
rasadhlp.dll, schannel.dll, USERENV.dll,
rsaenh.dll, dssenh.dll, SQLOLEDB.RLL,
SQLSRV32.dll, SQLUNIRL.dll, NDDEAPI.DLL,
sqlsrv32.rll, odbccp32.dll, devtypes.dll,
WINTRUST.dll, imagehlp.dll, ntmsapi.dll,
ipvlapi.dll
exmgmt.exe 3892 ntdll.dll, kernel32.dll, dsaccess.DLL,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
DNSAPI.dll, msvcrt.dll, WS2_32.dll,
WS2HELP.dll, Epoxy.dll, USER32.dll,
GDI32.dll, EXCHMEM.dll, dbghelp.dll,
VERSION.dll, PSAPI.DLL, pttrace.dll,
NETAPI32.dll, NTDSAPI.dll, WLDAP32.dll,
ACTIVEDS.dll, adsldpc.dll, credui.dll,
SHELL32.dll, SHLWAPI.dll, ATL.DLL,
ole32.dll, OLEAUT32.dll, CLUSAPI.dll,
COMCTL32.dll, ICMP.dll, iphlpapi.dll,
MSVCP60.dll, RESUTILS.dll, USERENV.dll,
IMM32.DLL, comctl32.dll, xpsp2res.dll,
MAPI32.DLL, MPR.dll, CLBCatQ.DLL, COMRes.dl
Rtvscan.exe 244 ntdll.dll, kernel32.dll, urlmon.dll,
msvcrt.dll, ole32.dll, GDI32.dll,
USER32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, OLEAUT32.dll, SHLWAPI.dll,
iertutil.dll, VERSION.dll, MSVCR80.dll,
WSOCK32.dll, WS2_32.dll, WS2HELP.dll,
NETAPI32.dll, MPR.dll, PSAPI.DLL,
USERENV.dll, I2ldvp3.dll, MSVCP80.dll,
SHELL32.dll, ACTIVEDS.dll, adsldpc.dll,
WLDAP32.dll, credui.dll, ATL.DLL,
WTSAPI32.dll, WINSTA.dll, CRYPT32.dll,
MSASN1.dll, IMM32.DLL, comctl32.dll,
ccL608.dll, shfolder.dll, ActaRes.dll,
PScanRes.dll, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, msi.dll, NAVNTUTL.DLL,
ccVrTrst.dll, MSVCP71.dll, MSVCR71.dll,
ccL60U.dll, SETUPAPI.dll, WinTrust.dll,
imagehlp.dll, rsaenh.dll, ccSvc.dll,
GEDataStore.dll, dec_abi.dll, ccScanw.dll,
ecmldr32.DLL, mswsock.dll, DNSAPI.dll,
rasadhlp.dll, SRTSP32.DLL, ccProSub.dll,
ccEvtCli.dll, SymProtectStorage.dll,
SPBBCEvt.dll, RTVScanPS.dll,
ManagedUnloader.dll, SXS.DLL, winrnr.dll,
hnetcfg.dll, wshtcpip.dll, PDH.DLL,
comdlg32.dll, ODBC32.dll, odbcbcp.dll,
odbcint.dll, perfproc.dll, perfdisk.dll,
msl.dll, LINKINFO.dll, ntshrui.dll,
NTMARTA.DLL, SAMLIB.dll, SAVSubmitter.dll,
SAVSubmitterRes.dll, subeng.dll, SUBRES.loc
wmiprvse.exe 500 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, wbemcomn.dll,
OLEAUT32.dll, ole32.dll, FastProx.dll,
msvcp60.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, WLDAP32.dll,
NETAPI32.dll, NCObjAPI.DLL, faultrep.DLL,
VERSION.dll, USERENV.dll, WINSTA.dll,
SETUPAPI.dll, SHLWAPI.dll, IMM32.DLL,
xpsp2res.dll, CLBCatQ.DLL, COMRes.dll,
wbemsvc.dll, wmiutils.dll, wmiprov.dll,
WMI.dll, NTMARTA.DLL, SAMLIB.dll,
authz.dll, esscli.dll
svchost.exe 1232 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, iisw3adm.dll,
WS2_32.dll, WS2HELP.dll, HTTPAPI.dll,
SHLWAPI.dll, IISUTIL.dll, CRYPT32.dll,
MSASN1.dll, W3CACHE.dll, W3TP.dll,
LONSINT.dll, IisRTL.DLL, rsaenh.dll,
PSAPI.DLL, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, VERSION.dll, ADMWPROX.DLL,
msi.dll
svchost.exe 1104 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, wsmsvc.dll,
OLEAUT32.dll, NETAPI32.dll, USERENV.dll,
IPHLPAPI.DLL, PSAPI.DLL, WS2_32.dll,
WS2HELP.dll, shell32.dll, SHLWAPI.dll,
comctl32.dll, HTTPAPI.dll, Ntdsapi.dll,
DNSAPI.dll, mswsock.dll, winrnr.dll,
rasadhlp.dll, hnetcfg.dll, wshtcpip.dll,
msv1_0.dll, cryptdll.dll, wevtfwd.dll,
WsmRes.dll, winhttp.dll
SemSvc.exe 1852 ntdll.dll, kernel32.dll, VERSION.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
IMM32.DLL, semsvcres.dll, jvm.dll,
WINMM.dll, serwvdrv.dll, umdmxfrm.dll,
hpi.dll, PSAPI.DLL, verify.dll, java.dll,
zip.dll, net.dll, WS2_32.dll, WS2HELP.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
rsaenh.dll, SHELL32.dll, SHLWAPI.dll,
comctl32.dll, DNSAPI.dll, winrnr.dll,
WLDAP32.dll, rasadhlp.dll, jslic.dll,
nio.dll, iphlpapi.dll, MPRAPI.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
credui.dll, ATL.DLL, ole32.dll,
OLEAUT32.dll, rtutils.dll, SAMLIB.dll,
SETUPAPI.dll, security.dll, msv1_0.dll,
cryptdll.dll
beserver.exe 4464 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, BeSQL.dll,
beclass.dll, USER32.dll, GDI32.dll,
WSOCK32.dll, WS2_32.dll, msvcrt.dll,
WS2HELP.dll, MSWSOCK.dll, ole32.dll,
MPR.dll, NETAPI32.dll, VERSION.dll,
ACTIVEDS.dll, adsldpc.dll, WLDAP32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
ATL.DLL, OLEAUT32.dll, WINSPOOL.DRV,
comdlg32.dll, COMCTL32.dll, VXCRYPTO.dll,
MSVCR71.dll, besocket.dll, MSVCP71.dll,
iphlpapi.dll, PSAPI.DLL, bemsdk.dll,
serdll.dll, libvxSigComp2.dll,
bestdutl.dll, bedscomn.dll, vxACE_3I.dll,
msgq.dll, ODBC32.dll, BeXML.dll,
tsappcmp.dll, IMM32.DLL, comctl32.dll,
hnetcfg.dll, wshtcpip.dll, odbcint.dll,
clusapi.dll, engine_EN.dll, xpsp2res.dll,
CLBCatQ.DLL, COMRes.dll, oledb32.dll,
MSDART.DLL, OLEDB32R.DLL, comsvcs.dll,
sqloledb.dll, MSDATL3.dll, DBNETLIB.DLL,
security.dll, msv1_0.dll, cryptdll.dll,
ntdsapi.dll, DNSAPI.dll, crypt32.dll,
MSASN1.dll, winrnr.dll, rasadhlp.dll,
schannel.dll, USERENV.dll, rsaenh.dll,
dssenh.dll, SQLOLEDB.RLL, netman.dll,
netshell.dll, rtutils.dll, MPRAPI.dll,
SAMLIB.dll, SETUPAPI.dll, RASAPI32.dll,
rasman.dll, TAPI32.dll, WINMM.dll,
WZCSvc.DLL, WMI.dll, DHCPCSVC.DLL,
WTSAPI32.dll, WINSTA.dll, ESENT.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WZCSAPI.DLL, serwvdrv.dll,
umdmxfrm.dll, INSTOPS.DLL, OLEACC.dll,
msi.dll, LIBVXNS3IU.DLL,
libvxSiglogger1I.dll, vxxml4c.dll,
vxicuuc24.dll, vxicudt24l.dll,
LIBVXSIGSCHEDULE2U.DLL, libvxSigFCL2U.dll,
beerrors_EN.dll, ipvlapi.dll, DeviceIo.dll,
bescsicap.dll, python24.dll, u2lbe9_en.dll,
mscoree.dll, mscoreei.dll, sxs.dll,
mscorwks.dll, MSVCR80.dll, mscorlib.ni.dll,
mscorsec.dll, WINTRUST.dll, imagehlp.dll,
cryptnet.dll, SensApi.dll, CRF.dll,
mscorjit.dll, diasymreader.dll,
shfolder.dll, System.ni.dll,
System.Web.ni.dll, System.Web.dll,
System.dll, System.Configuration.dll,
webengine.dll, msxml4.dll,
System.Configuration.ni.dll,
System.Xml.dll, SQLSRV32.dll, SQLUNIRL.dll,
NDDEAPI.DLL, sqlsrv32.rll, odbccp32.dll,
LIBVXMAPIMAIL3IU.DLL, LIBVXVIMMAIL1I.DLL,
LIBVXPRINTNOTE1I.DLL, HTMLayout.dll,
LIBVXPAGER3I.DLL, LIBVXSMTPMAIL3I.DLL,
LIBVXTRAP2.DLL, libvxSnmpLib1.dll,
mapi32.dll, MSMAPI32.DLL, MAPIR.DLL,
NTMARTA.DLL, Microsoft.JScript.dll,
adsldp.dll, System.Data.dll,
System.Drawing.dll, System.Web.Mobile.dll,
System.ServiceModel.dll,
Microsoft.ReportViewer.Common.dll,
Microsoft.ReportViewer.WebForms.dll,
System.Web.RegularExpressions.dll,
Microsoft.ReportViewer.WinForms.dll,
System.Xml.ni.dll, System.Data.ni.dll,
System.Drawing.ni.dll,
System.Windows.Forms.ni.dll,
SMDiagnostics.dll, App_Web_ygesaohv.DLL,
ADMWPROX.DLL,
Microsoft.ReportViewer.ProcessingObjectModel
.dll, System.Windows.Forms.dll,
Microsoft.VisualBasic.dll, gdiplus.dll,
becatdrv.dll, catshare.dll, BECATDRV_EN.dll
w3wp.exe 4912 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, ole32.dll,
IISUTIL.dll, CRYPT32.dll, MSASN1.dll,
IMM32.DLL, xpsp2res.dll, w3core.dll,
OLEAUT32.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, W3CACHE.dll, W3TP.dll,
w3dt.dll, HTTPAPI.dll, SHLWAPI.dll,
strmfilt.dll, W3COMLOG.dll, LONSINT.dll,
IisRTL.DLL, NETAPI32.dll, wamreg.DLL,
IISMAP.dll, iisres.dll, CLBCatQ.DLL,
COMRes.dll, VERSION.dll, ADMWPROX.DLL,
rsaenh.dll, PSAPI.DLL, RpcProxy.dll,
ACTIVEDS.dll, adsldpc.dll, WLDAP32.dll,
credui.dll, SHELL32.dll, ATL.DLL,
comctl32.dll, aspnet_filter.dll,
MSVCR100_CLR0400.dll, w3isapi.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
rasadhlp.dll, gzip.dll, msi.dll,
msv1_0.dll, cryptdll.dll, iphlpapi.dll,
secars.dll, pdh.dll, comdlg32.dll,
COMCTL32.dll, ODBC32.dll, odbcbcp.dll,
odbcint.dll, secarsres.dll, hnetcfg.dll,
wshtcpip.dll, perfos.dll
benetns.exe 5216 ntdll.dll, kernel32.dll, beclass.dll,
USER32.dll, GDI32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, WSOCK32.dll,
WS2_32.dll, msvcrt.dll, WS2HELP.dll,
MSWSOCK.dll, ole32.dll, MPR.dll,
NETAPI32.dll, VERSION.dll, ACTIVEDS.dll,
adsldpc.dll, WLDAP32.dll, credui.dll,
SHELL32.dll, SHLWAPI.dll, ATL.DLL,
OLEAUT32.dll, WINSPOOL.DRV, comdlg32.dll,
COMCTL32.dll, VXCRYPTO.dll, MSVCR71.dll,
besocket.dll, MSVCP71.dll, iphlpapi.dll,
PSAPI.DLL, bestdutl.dll, vxACE_3I.dll,
bemsdk.dll, serdll.dll, libvxSigComp2.dll,
tsappcmp.dll, IMM32.DLL, comctl32.dll,
hnetcfg.dll, wshtcpip.dll, clusapi.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll
bengine.exe 5280 ntdll.dll, kernel32.dll, vxACE_3I.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, WS2_32.dll,
msvcrt.dll, WS2HELP.dll, MSWSOCK.dll,
MSVCP71.dll, MSVCR71.dll, vxTAO_3I.dll,
vxTAO_IORTable_3I.dll,
vxTAO_PortableServer_3I.dll, tsappcmp.dll,
IMM32.DLL, beclass.dll, WSOCK32.dll,
ole32.dll, MPR.dll, NETAPI32.dll,
VERSION.dll, ACTIVEDS.dll, adsldpc.dll,
WLDAP32.dll, credui.dll, SHELL32.dll,
SHLWAPI.dll, ATL.DLL, OLEAUT32.dll,
WINSPOOL.DRV, comdlg32.dll, COMCTL32.dll,
VXCRYPTO.dll, besocket.dll, iphlpapi.dll,
PSAPI.DLL, comctl32.dll, hnetcfg.dll,
wshtcpip.dll, clusapi.dll, bestdutl.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll,
xpsp2res.dll, engine_EN.dll, bemsdk.dll,
serdll.dll, libvxSigComp2.dll, CLBCatQ.DLL,
COMRes.dll, ipvlapi.dll, DeviceIo.dll,
bescsicap.dll, python24.dll, becatsrv.dll,
synthetic.dll, catshare.dll, catindex.dll,
catcommon.dll, ODBC32.dll, segodbc.dll,
catupgrade.dll, bebsdu.dll, bedscomn.dll,
BeCatDrv.dll, odbcint.dll, BECATDRV_EN.dll,
BeCatSrv_EN.dll, ImageBasedFHPlugin.dll,
LegacyBEPlugin.dll, BEImage.dll, BeXML.dll,
DynamicQueryPlugin.dll, OracleFHPlugin.dll,
RemoteFHQueryPlugin.dll, DB2FHPlugin.dll,
NdmpFHPlugin.dll, libbasictemplate.dll,
libcatalog.dll, SQLSRV32.dll, SQLUNIRL.dll,
NDDEAPI.DLL, sqlsrv32.rll, odbccp32.dll,
DBNETLIB.DLL, security.dll, msv1_0.dll,
cryptdll.dll, ntdsapi.dll, crypt32.dll,
MSASN1.dll, schannel.dll, USERENV.dll,
rsaenh.dll, dssenh.dll, ndmpcomm.dll,
benetapi.dll, benetutl.dll, benettcp.dll,
shuie.dll, beui.dll, msxml4.dll
svchost.exe 5532 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, NTMARTA.DLL,
msvcrt.dll, USER32.dll, GDI32.dll,
WLDAP32.dll, SAMLIB.dll, ole32.dll,
IMM32.DLL, xpsp2res.dll, termsrv.dll,
ICAAPI.dll, WS2_32.dll, WS2HELP.dll,
OLEAUT32.dll, AUTHZ.dll, mstlsapi.dll,
ACTIVEDS.dll, adsldpc.dll, NETAPI32.dll,
credui.dll, SHELL32.dll, SHLWAPI.dll,
ATL.DLL, CRYPT32.dll, MSASN1.dll,
REGAPI.dll, comctl32.dll, rsaenh.dll,
PSAPI.DLL, CLBCatQ.DLL, COMRes.dll,
VERSION.dll, adsldp.dll, SXS.DLL,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
DNSAPI.dll, winrnr.dll, rasadhlp.dll,
NTDSAPI.DLL, USERENV.dll, kerberos.dll,
cryptdll.dll, imagehlp.dll, msv1_0.dll,
iphlpapi.dll, rdpwsx.dll, WINSPOOL.DRV
explorer.exe 3560 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, SHLWAPI.dll,
SHELL32.dll, ole32.dll, OLEAUT32.dll,
BROWSEUI.dll, SHDOCVW.dll, CRYPT32.dll,
MSASN1.dll, CRYPTUI.dll, WINTRUST.dll,
imagehlp.dll, NETAPI32.dll, WLDAP32.dll,
VERSION.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, apphelp.dll, msctfime.ime,
CLBCatQ.DLL, COMRes.dll, cscui.dll,
CSCDLL.dll, themeui.dll, MSIMG32.dll,
xpsp2res.dll, USERENV.dll, LINKINFO.dll,
ntshrui.dll, urlmon.dll, iertutil.dll,
WININET.dll, Normaliz.dll, ieframe.dll,
msi.dll, MSCTF.dll, WINSTA.dll,
webcheck.dll, MLANG.dll, SETUPAPI.dll,
stobject.dll, BatMeter.dll, POWRPROF.dll,
WTSAPI32.dll, NETSHELL.dll, rtutils.dll,
credui.dll, WS2_32.dll, WS2HELP.dll,
ATL.DLL, iphlpapi.dll, PSAPI.DLL,
CLUSAPI.dll, mslbui.dll, fxsst.dll,
msvcp60.dll, WINMM.dll, WINSPOOL.DRV,
FXSAPI.dll, rdpsnd.dll, FXSRES.DLL,
NTMARTA.DLL, SAMLIB.dll, PDFShell.dll,
MSVCP90.dll, MSVCR90.dll, MPR.dll,
drprov.dll, SnacNp.dll, ntlanman.dll,
NETUI0.dll, NETUI1.dll, davclnt.dll,
MSVCR80.dll, MSVCP80.dll, ccL608.dll,
browselc.dll, COMCTL32.dll, shdoclc.dll,
serwvdrv.dll, umdmxfrm.dll, msacm32.drv,
MSACM32.dll, imaadp32.acm, msadp32.acm,
msg711.acm, msgsm32.acm, tssoft32.acm,
tsd32.dll, msg723.acm, msaud32.acm,
sl_anet.acm, l3codeca.acm, PRINTUI.dll,
ACTIVEDS.dll, adsldpc.dll, CFGMGR32.dll,
actxprxy.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, msv1_0.dll, cryptdll.dll,
mscms.dll, PS5UI.DLL, PSCRIPT5.DLL,
zipfldr.dll, mydocs.dll, Cabinet.dll,
rsaenh.dll, tv.dll, tishell.dll,
timounter.dll, comdlg32.dll,
UnlockerCOM.dll, mbamext.dll, vpshell2.dll,
VpShellRes.dll, DWRCShell.DLL, DWRCSh32.DLL
SmcGui.exe 476 ntdll.dll, kernel32.dll, DataMan.dll,
USER32.dll, GDI32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ole32.dll,
msvcrt.dll, OLEAUT32.dll, MSVCP80.dll,
MSVCR80.dll, SyLog.dll, SpNet.dll,
WS2_32.dll, WS2HELP.dll, SHELL32.dll,
SHLWAPI.dll, NacManager.plg, MFC80.DLL,
VERSION.dll, SETUPAPI.dll, PSAPI.DLL,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, TseConfig.dll, ATL80.DLL,
gdiplus.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, msi.dll, tsappcmp.dll,
IMM32.DLL, comctl32.dll, MFC80ENU.DLL,
ccL608.dll, ccVrTrst.dll, MSVCP71.dll,
MSVCR71.dll, ccL60U.dll, WSOCK32.dll,
Crypt32.dll, MSASN1.dll, WinTrust.dll,
imagehlp.dll, SmcGuiRes.dll, SpNetRes.dll,
CLBCatQ.DLL, COMRes.dll, xpsp2res.dll,
apphelp.dll, msctfime.ime, UxTheme.dll,
MSCTF.dll, RICHED32.DLL, RICHED20.dll,
RTVScanPS.dll, msxml3.dll, rsaenh.dll,
userenv.dll, ccSetEvt.dll, ATL71.DLL,
ccProSub.dll, ccEvtCli.dll, ccSvc.dll,
ProtectionUtil.dll, MFC80U.DLL,
ccL60U8.dll, ProtectionUtilRes.dll,
ProtectionProviderPS.dll, SavMainUI.dll,
SavMainUIRes.dll, ActaRes.dll, SRTSP32.DLL,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
ManagedUnloader.dll, tv.dll
ccApp.exe 4800 ntdll.dll, kernel32.dll, COMCTL32.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, ole32.dll, MSVCP71.dll,
MSVCR71.dll, ccL60U.dll, OLEAUT32.dll,
tsappcmp.dll, IMM32.DLL, ws2_32.dll,
WS2HELP.dll, DBGHELP.DLL, VERSION.dll,
apphelp.dll, msctfime.ime, ccVrTrst.dll,
SETUPAPI.dll, WSOCK32.dll, Crypt32.dll,
MSASN1.dll, WinTrust.dll, imagehlp.dll,
SHELL32.dll, rsaenh.dll, PSAPI.DLL,
userenv.dll, netapi32.dll, ccSet.dll,
CCALERT.DLL, SAVSES~1.DLL, MSCTF.dll,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll, tv.dl
mbamgui.exe 796 ntdll.dll, kernel32.dll, COMCTL32.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, mbam.dll, SHELL32.dll,
VERSION.dll, mbamnet.dll, CRYPT32.dll,
MSASN1.dll, IPHLPAPI.DLL, PSAPI.DLL,
WS2_32.dll, WS2HELP.dll, WTSAPI32.dll,
WINSTA.dll, NETAPI32.dll, IMM32.DLL,
rsaenh.dll, apphelp.dll, msctfime.ime,
ole32.dll, MSCTF.dll, UxTheme.dll,
NTMARTA.DLL, WLDAP32.dll, SAMLIB.dll,
SETUPAPI.dll, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, urlmon.dll, iertutil.dll,
WININET.dll, Normaliz.dll, USERENV.dll,
tv.dll
ctfmon.exe 5140 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MSCTF.dll,
MSUTB.dll, IMM32.DLL, USERENV.dll,
ole32.dll, apphelp.dll, msctfime.ime,
uxtheme.dll, OLEAUT32.DLL, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, tv.dll
TeamViewer.exe 4232 ntdll.dll, kernel32.dll, COMCTL32.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, PSAPI.DLL,
MPR.dll, SHELL32.dll, ole32.dll,
OLEAUT32.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, CRYPT32.dll,
MSASN1.dll, imagehlp.dll, IMM32.DLL,
SETUPAPI.dll, wtsapi32.dll, WINSTA.dll,
NETAPI32.dll, msimg32.dll, userenv.dll,
tv.dll, NTMARTA.DLL, WLDAP32.dll,
SAMLIB.dll, Wintrust.dll, uxtheme.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
rasadhlp.dll, hnetcfg.dll, wshtcpip.dll,
apphelp.dll, msctfime.ime, Riched20.dll,
rsaenh.dll, NETRAP.dll
dllhost.exe 264 ntdll.dll, kernel32.dll, msvcrt.dll,
ole32.dll, GDI32.dll, USER32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
IMM32.DLL, CLBCatQ.DLL, OLEAUT32.dll,
COMRes.dll, VERSION.dll, xpsp2res.dll,
COMSVCS.DLL, rsaenh.dll, PSAPI.DLL, ES.DLL,
NETAPI32.dll, txflog.dll, SXS.DLL,
XOLEHLP.dll, MSDTCPRX.dll, msvcp60.dll,
MTXCLU.DLL, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, CLUSAPI.DLL, RESUTILS.DLL,
USERENV.dll, mswsock.dll, DNSAPI.dll,
winrnr.dll, WLDAP32.dll, rasadhlp.dll,
catsrv.dll, clbcatex.dll
regedit.exe 1716 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, COMCTL32.dll,
SHLWAPI.dll, comdlg32.dll, SHELL32.dll,
AUTHZ.dll, ACLUI.dll, ole32.dll,
OLEAUT32.dll, ulib.dll, clb.dll, IMM32.DLL,
MSCTF.dll, tv.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, apphelp.dll,
msctfime.ime, UxTheme.dll, mslbui.dll
autoruns.exe 4792 ntdll.dll, kernel32.dll, VERSION.dll,
msvcrt.dll, COMCTL32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, COMDLG32.dll,
SHELL32.dll, ole32.dll, OLEAUT32.dll,
IMM32.DLL, uxtheme.dll, Wintrust.dll,
CRYPT32.dll, MSASN1.dll, imagehlp.dll,
MSCTF.dll, tv.dll, NTMARTA.DLL,
WLDAP32.dll, SAMLIB.dll, apphelp.dll,
msctfime.ime, mslbui.dll, CLBCatQ.DLL,
COMRes.dll, SETUPAPI.dll, mstask.dll,
NTDSAPI.dll, DNSAPI.dll, WS2_32.dll,
WS2HELP.dll, NETAPI32.dll, MPR.dll,
USERENV.dll, ws03res.dll
cmd.exe 5476 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MPR.dll, IMM32.DLL
tasklist.exe 1560 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
VERSION.dll, USER32.dll, GDI32.dll,
MPR.dll, ole32.dll, OLEAUT32.dll,
WS2_32.dll, WS2HELP.dll, framedyn.dll,
NETAPI32.dll, dbghelp.dll, SHLWAPI.dll,
IMM32.DLL, xpsp2res.dll, CLBCatQ.DLL,
COMRes.dll, wbemprox.dll, wbemcomn.dll,
Winsta.dll, wbemsvc.dll, fastprox.dll,
msvcp60.dll, NTDSAPI.dll, DNSAPI.dll,
WLDAP32.dll, wmiutils.dll
wmiprvse.exe 1452 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, wbemcomn.dll,
OLEAUT32.dll, ole32.dll, FastProx.dll,
msvcp60.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, WLDAP32.dll,
NETAPI32.dll, NCObjAPI.DLL, faultrep.DLL,
VERSION.dll, USERENV.dll, WINSTA.dll,
SETUPAPI.dll, SHLWAPI.dll, IMM32.DLL,
xpsp2res.dll, CLBCatQ.DLL, COMRes.dll,
wbemprox.dll, wbemsvc.dll, wmiutils.dll,
cimwin32.dll, framedyn.dll, WTSAPI32.dll,
CFGMGR32.DLL, WMI.DLL

Attached Thumbnails

#122
rahanna

Posted 08 September 2012 - 11:15 AM

Member

Topic Starter
Member
96 posts

Ron,

One of the things that I also noticed is that after a restart, all the hidden system files are showing under Windows Explorer ...

It seems that the Trojan unchecks the box for the Folder Options -> View -> Hide Protected OS Files (recommended)

See attached

What do you think ???

Attached Thumbnails

#123
rahanna

Posted 08 September 2012 - 01:11 PM

Member

Topic Starter
Member
96 posts

Ron,

What do you think should be done next ???

I still didn't restart the Server as I am worried of the infection coming back again ...

Let me know ...

Thanks,

#124
RKinner

Posted 08 September 2012 - 01:24 PM

Malware Expert

Expert
24,625 posts

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:


/md5start
ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
GDI32.dll
USER32.dll
COMCTL32.dll
SHLWAPI.dll
comdlg32.dll
SHELL32.dll
AUTHZ.dll
ACLUI.dll
ole32.dll
OLEAUT32.dll
ulib.dll
clb.dll
IMM32.DLL
MSCTF.dll
tv.dll
NTMARTA.DLL
WLDAP32.dll
SAMLIB.dll
apphelp.dll
msctfime.ime
UxTheme.dll
mslbui.dll
a.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS /s
HKLM\SYSTEM\WPA /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TRKSvr /s

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#125
rahanna

Posted 08 September 2012 - 01:53 PM

Member

Topic Starter
Member
96 posts

Here is the OTL.txt

OTL logfile created on: 9/8/2012 12:41:53 PM - Run 10
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dell
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.15% Memory free
5.35 Gb Paging File | 3.88 Gb Available in Paging File | 72.42% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.41 Gb Total Space | 92.77 Gb Free Space | 68.51% Space Free | Partition Type: NTFS
Drive D: | 544.49 Gb Total Space | 158.16 Gb Free Space | 29.05% Space Free | Partition Type: NTFS

Computer Name: ST-SERVER | User Name: st_admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 23:35:10 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/01 12:25:50 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dell\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/13 00:14:32 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/13 00:14:28 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/13 00:14:24 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/05/13 00:14:21 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/02/01 22:00:56 | 000,234,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
PRC - [2008/10/14 13:20:12 | 000,024,576 | R--- | M] (Client Marketing Systems, Inc.) -- C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
PRC - [2008/09/05 12:03:06 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
PRC - [2008/08/28 23:47:40 | 003,259,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer.exe
PRC - [2008/08/28 23:29:38 | 000,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe
PRC - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
PRC - [2008/08/12 09:40:20 | 000,021,784 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
PRC - [2008/08/05 19:26:00 | 000,153,560 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
PRC - [2008/08/05 19:25:54 | 000,198,616 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
PRC - [2008/05/14 12:31:04 | 000,083,248 | R--- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
PRC - [2007/11/19 14:49:16 | 002,824,208 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\bengine.exe
PRC - [2007/11/07 13:00:04 | 005,043,728 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\beserver.exe
PRC - [2007/05/23 12:06:06 | 000,712,464 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\beremote.exe
PRC - [2007/02/18 05:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 05:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/18 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007/02/17 07:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
PRC - [2006/10/30 07:50:27 | 000,175,744 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\benetns.exe
PRC - [2006/09/28 11:48:18 | 001,048,704 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
PRC - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
PRC - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/05 23:50:20 | 000,024,665 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\89f4ac43ba2b792785d9d472365e562b.dll
MOD - [2012/09/05 23:50:19 | 000,020,585 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\0a6b9f23e356336cc61530f586d0c66a.dll
MOD - [2012/09/05 23:50:17 | 000,028,767 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\b2774d247dfbf0abe8539e577ee59b4c.dll
MOD - [2012/09/05 23:50:16 | 000,028,789 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\36971e8ed4d19cc0a7051079b039c204.dll
MOD - [2012/09/05 23:50:16 | 000,028,787 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\1ff4eae997b1753d848dbbc61d1b4345.dll
MOD - [2012/09/05 23:50:15 | 000,036,981 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\31aa023220b46a62dd91739a3bf1cad4.dll
MOD - [2012/09/05 23:50:14 | 000,077,941 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\7aace6f21e4c397996b145b7fd777643.dll
MOD - [2012/09/05 23:50:12 | 000,032,873 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll
MOD - [2012/09/05 23:50:11 | 000,024,675 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\7acaa276f32e012922082aa697dfa218.dll
MOD - [2012/09/05 23:50:11 | 000,024,671 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\44abde5de65f3f034faac2c132713018.dll
MOD - [2012/09/05 23:50:09 | 000,020,571 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\42db37dadb779dbfc5da8bdd7ec61c52.dll
MOD - [2012/07/10 11:01:50 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/07/10 11:00:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/07/10 10:59:36 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/07/10 10:59:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/10 10:59:33 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/07/10 10:59:28 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/07/10 10:59:25 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/07/10 10:59:24 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/10 10:59:22 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/07/10 10:59:07 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/05/31 23:16:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/31 23:04:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/31 23:04:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/31 23:04:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/31 23:04:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2009/02/01 22:01:12 | 000,755,120 | ---- | M] () -- \\?\C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\secars.dll
MOD - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
MOD - [2008/08/12 09:39:44 | 000,136,472 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\invmib32.dll
MOD - [2008/08/12 09:39:00 | 000,042,776 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\omaep32.dll
MOD - [2008/05/01 21:15:37 | 000,010,240 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/03/30 07:45:46 | 000,800,256 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\libxml2.dll
MOD - [2007/02/18 05:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2006/06/06 12:08:08 | 000,393,216 | R--- | M] () -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\jslic.dll
MOD - [2005/11/14 16:43:58 | 000,029,152 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL
MOD - [2002/05/03 09:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (WmdmPmSp)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\wins.exe -- (WINS)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (TrkSvr)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (ºì³¾Íø°²)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Nwsapagent)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (NWCWorkstation)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Irmon)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Iprip)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Ias)
SRV - [2012/09/05 23:35:10 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/24 19:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2010/04/07 11:12:04 | 000,241,688 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2009/08/05 14:06:38 | 000,126,976 | ---- | M] () [On_Demand | Stopped] -- C:\AdventNet\ME\NetFlow\bin\wrapper.exe -- (netflowanalyzer)
SRV - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/05/13 00:14:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/05/13 00:14:24 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/05/13 00:14:21 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 22:00:56 | 000,234,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe -- (semsrv)
SRV - [2009/01/18 18:31:14 | 000,455,960 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/14 13:20:12 | 000,024,576 | R--- | M] (Client Marketing Systems, Inc.) [Auto | Running] -- C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe -- (AAService)
SRV - [2008/09/05 12:03:06 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe -- (mr2kserv)
SRV - [2008/08/28 23:29:38 | 000,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe -- (Server Administrator)
SRV - [2008/08/12 09:40:20 | 000,021,784 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe -- (omsad)
SRV - [2008/08/05 19:26:00 | 000,153,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe -- (dcevt32)
SRV - [2008/08/05 19:25:54 | 000,198,616 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe -- (dcstor32)
SRV - [2008/05/14 12:31:04 | 000,083,248 | R--- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe -- (ASANYs_sem5)
SRV - [2007/11/19 14:49:16 | 002,824,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\bengine.exe -- (BackupExecJobEngine)
SRV - [2007/11/07 13:00:04 | 005,043,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\beserver.exe -- (BackupExecRPCService)
SRV - [2007/05/23 12:06:06 | 000,712,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2007/02/18 05:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 05:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 05:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 05:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 05:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007/02/17 07:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 07:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
SRV - [2006/10/30 07:50:27 | 000,175,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\benetns.exe -- (BackupExecAgentBrowser)
SRV - [2006/09/28 11:48:18 | 001,048,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\pvlsvr.exe -- (BackupExecDeviceMediaService)
SRV - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -- (Reporting)
SRV - [2006/09/20 04:34:40 | 000,126,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AdventNet\ME\OpManager\wrapper.exe -- (OpManager)
SRV - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2003/11/26 07:52:46 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\AdventNet\ME\OpManager\apache\bin\Apache.exe -- (ManageEngineOpManagerApache)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\ADMINI~1.STO\LOCALS~1\Temp\2\cpuz133\cpuz133_x32.sys -- (cpuz133)
DRV - [2012/08/20 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120907.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/20 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120907.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/08 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/29 03:07:18 | 000,021,504 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\percsas.sys -- (percsas)
DRV - [2010/02/05 21:03:36 | 000,018,080 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QLTOx32.sys -- (QLTOx32)
DRV - [2009/06/13 17:05:23 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/06/13 17:05:23 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/13 17:05:09 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/05/13 15:26:04 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/13 00:14:35 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/05/13 00:14:34 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/05/13 00:14:34 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/05/13 00:14:32 | 000,038,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WGX.SYS -- (WGX)
DRV - [2009/05/13 00:14:07 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 13:00:18 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\SNMP\BASFND.sys -- (BASFND)
DRV - [2008/05/14 14:04:26 | 000,054,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/05/01 21:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/01/14 10:13:54 | 000,025,088 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dcdbas32.sys -- (dcdbas)
DRV - [2008/01/11 00:31:06 | 000,014,848 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QDLTx32.sys -- (QDLTx32)
DRV - [2007/02/18 05:00:00 | 000,221,696 | ---- | M] (Agilent Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afcnt.sys -- (afcnt)
DRV - [2007/02/18 05:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 05:00:00 | 000,154,624 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2200.sys -- (ql2200)
DRV - [2007/02/18 05:00:00 | 000,130,560 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2100.sys -- (ql2100)
DRV - [2007/02/18 05:00:00 | 000,113,664 | ---- | M] (Emulex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\lp6nds35.sys -- (lp6nds35)
DRV - [2007/02/18 05:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/18 05:00:00 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqfcalm.sys -- (cpqfcalm)
DRV - [2007/02/18 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/18 05:00:00 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2007/02/18 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 05:00:00 | 000,039,424 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2007/02/18 05:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/18 05:00:00 | 000,027,648 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ipsraidn.sys -- (ipsraidn)
DRV - [2007/02/18 05:00:00 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2007/02/18 05:00:00 | 000,022,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dellcerc.sys -- (dellcerc)
DRV - [2007/02/18 05:00:00 | 000,018,432 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm)
DRV - [2007/02/18 05:00:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2007/02/18 05:00:00 | 000,015,360 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarry2.sys -- (cpqarry2)
DRV - [2007/02/15 02:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 02:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/09/18 15:23:34 | 000,031,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpfilter.sys -- (tpfilter)
DRV - [2006/09/12 11:26:16 | 000,031,872 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VirtFile.sys -- (VirtFile)
DRV - [2006/09/05 18:16:14 | 000,037,760 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\halfinch.sys -- (halfinchVRTS)
DRV - [2006/05/03 16:08:20 | 000,019,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS -- (SCSIChanger)
DRV - [2006/04/20 17:31:38 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/19 11:12:22 | 000,067,072 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/03/24 18:55:32 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2004/01/06 16:57:24 | 000,887,431 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 20:09:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/04 20:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\st_admin\Application Data\Mozilla\Extensions
[2012/09/04 20:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\st_admin\Application Data\Mozilla\Firefox\Profiles\e36jque6.default\extensions
[2012/09/04 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/24 19:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/24 19:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/01 13:33:33 | 000,000,899 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShutdownEventCheck] %systemroot%\system32\dumprep 0 -s File not found
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stone-tapert.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F0DECE3-5FFC-42B5-B543-0EA70D88C1B3}: NameServer = 192.168.1.130,192.168.1.150
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/02 18:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 19:17:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\clb.dll
[2012/09/07 18:03:25 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\st_admin\Desktop\tdsskiller.exe
[2012/09/06 16:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\Logs
[2012/09/06 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\My Documents\Downloads
[2012/09/05 23:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/05 23:35:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/05 23:35:56 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/05 23:35:43 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/05 23:35:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/05 23:35:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/05 23:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Sun
[2012/09/05 23:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/05 18:50:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\56B06D10
[2012/09/04 20:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Mozilla
[2012/09/04 20:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Mozilla
[2012/09/04 20:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/04 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/04 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/03 13:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\NirSoft ShellExView
[2012/09/03 13:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/09/02 13:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\Old
[2012/09/02 13:06:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 20:52:29 | 000,121,368 | ---- | C] (DameWare Development LLC) -- C:\WINDOWS\System32\DNTUS26.EXE
[2012/09/01 13:34:55 | 000,000,000 | ---D | C] -- C:\Old
[2012/09/01 12:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\My Documents\Exchange Task Wizard Logs
[2012/08/31 19:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Administrative Tools
[2012/08/31 18:57:05 | 001,864,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/08/31 18:57:05 | 001,864,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/08/31 18:56:49 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/08/31 18:56:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/08/31 18:56:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/08/31 18:56:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/08/31 18:56:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/08/31 18:56:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/08/31 18:56:46 | 000,916,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/08/31 18:56:42 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/08/31 18:56:39 | 006,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/08/31 18:52:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\IECompatCache
[2012/08/31 18:52:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\PrivacIE
[2012/08/31 18:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Identities
[2012/08/31 17:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\WINDOWS
[2012/08/31 17:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Microsoft
[2012/08/31 17:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\st_admin\Application Data\Microsoft
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\SendTo
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\Recent
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\Application Data
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Startup
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\My Documents
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Favorites
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Accessories
[2012/08/31 17:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\IETldCache
[2012/08/31 17:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\Cookies
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\Templates
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\PrintHood
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\NetHood
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\Local Settings
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\TeamViewer
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Symantec
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\PCHealth
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Malwarebytes
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Macromedia
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Adobe
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\AATS
[2012/08/29 06:02:11 | 000,000,000 | ---D | C] -- C:\Dell
[2012/08/28 17:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 3
[2012/08/28 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer3
[2012/08/27 20:09:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\dwrcssft
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/08 10:06:04 | 000,004,100 | ---- | M] () -- C:\Documents and Settings\st_admin\Desktop\NewSens.reg
[2012/09/08 09:40:26 | 000,004,228 | ---- | M] () -- C:\Documents and Settings\st_admin\Desktop\GoodSens.reg
[2012/09/07 18:02:42 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\st_admin\Desktop\tdsskiller.exe
[2012/09/07 12:00:14 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{53dc1cf1-91e7-11db-9d5d-806e6f6e6963}.job
[2012/09/07 12:00:10 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{69f3b6d1-590e-11de-abaa-00188b42e686}.job
[2012/09/07 01:04:48 | 000,950,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/07 01:04:47 | 000,240,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/06 22:39:41 | 000,013,830 | ---- | M] () -- C:\WINDOWS\System32\besnmp.TRC
[2012/09/06 16:02:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2012/09/06 16:02:07 | 000,003,952 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/09/05 23:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/05 23:35:11 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/05 23:35:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/05 23:35:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/05 23:35:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/05 23:35:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/05 23:35:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/05 23:35:08 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/05 11:24:34 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\st_admin\My Documents\Default.rdp
[2012/09/04 20:09:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/03 19:43:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/01 13:33:33 | 000,000,899 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/31 19:38:11 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/31 19:26:51 | 000,003,423 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/31 18:47:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 17:48:59 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2012/08/27 20:09:55 | 000,000,713 | ---- | M] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2012/08/23 00:45:06 | 000,689,826 | ---- | M] () -- C:\Program Files\TCPM.zip
[2012/08/23 00:34:43 | 001,861,240 | ---- | M] () -- C:\Program Files\DNS.zip
[2012/08/17 17:33:42 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Remote Desktop Connection.lnk
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/08 10:06:04 | 000,004,100 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\NewSens.reg
[2012/09/08 09:43:44 | 000,004,228 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\GoodSens.reg
[2012/09/05 23:27:43 | 000,013,830 | ---- | C] () -- C:\WINDOWS\System32\besnmp.TRC
[2012/09/04 20:09:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/31 23:26:32 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Remote Desktop Connection.lnk
[2012/08/31 23:24:00 | 000,001,726 | -H-- | C] () -- C:\Documents and Settings\st_admin\My Documents\Default.rdp
[2012/08/31 18:55:05 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Viewer.lnk
[2012/08/31 18:47:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 18:47:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Internet Explorer.lnk
[2012/08/31 18:47:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Outlook Express.lnk
[2012/08/31 17:50:11 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\Job Monitor.lnk
[2012/08/31 17:50:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Remote Assistance.lnk
[2012/08/27 20:09:46 | 000,000,713 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2012/08/23 00:45:05 | 000,689,826 | ---- | C] () -- C:\Program Files\TCPM.zip
[2012/08/23 00:34:41 | 001,861,240 | ---- | C] () -- C:\Program Files\DNS.zip
[2012/06/04 01:48:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/06/04 01:48:00 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/05/31 17:16:20 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2012/05/30 23:15:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/03 10:29:13 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006/12/22 10:52:21 | 000,003,952 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== Custom Scans ==========

< MD5 for: ACLUI.DLL >
[2007/02/17 02:16:16 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=B16D52E6C742A2E39D9739C167CB2DFA -- C:\WINDOWS\ServicePackFiles\i386\aclui.dll
[2007/02/18 05:00:00 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=B16D52E6C742A2E39D9739C167CB2DFA -- C:\WINDOWS\system32\aclui.dll

< MD5 for: ADVAPI32.DLL >
[2009/07/18 08:58:23 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=2085B957FB56927A8F3768DE740612C4 -- C:\WINDOWS\system32\advapi32.dll
[2009/07/18 08:58:23 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=2085B957FB56927A8F3768DE740612C4 -- C:\WINDOWS\system32\dllcache\advapi32.dll
[2009/02/09 04:02:55 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=5F1120D0CA0ED6B1CEAE21555E06333D -- C:\WINDOWS\$NtUninstallKB973825$\advapi32.dll
[2009/02/09 04:07:53 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=976BAB6E43FCA6E8A5F4FD02F8B2B6FB -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\advapi32.dll
[2009/07/18 09:19:27 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=CED3B9FDC2067016C70DB72D79CC6301 -- C:\WINDOWS\$hf_mig$\KB973825\SP2QFE\advapi32.dll
[2007/02/18 05:00:00 | 000,618,496 | ---- | M] (Microsoft Corporation) MD5=FDAC8B8F5B7FFBD7E8B70EC9E1A52CDA -- C:\WINDOWS\$NtUninstallKB956572$\advapi32.dll
[2007/02/17 02:16:46 | 000,618,496 | ---- | M] (Microsoft Corporation) MD5=FDAC8B8F5B7FFBD7E8B70EC9E1A52CDA -- C:\WINDOWS\ServicePackFiles\i386\advapi32.dll

< MD5 for: APPHELP.DLL >
[2007/02/17 02:17:04 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=090E3B6C7E32EDB0390CDEEF24CCBF56 -- C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
[2007/02/18 05:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=090E3B6C7E32EDB0390CDEEF24CCBF56 -- C:\WINDOWS\system32\apphelp.dll

< MD5 for: AUTHZ.DLL >
[2007/02/17 02:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=830A9878424DD0FB82DB6AD3C3C3D11A -- C:\WINDOWS\ServicePackFiles\i386\authz.dll
[2007/02/18 05:00:00 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=830A9878424DD0FB82DB6AD3C3C3D11A -- C:\WINDOWS\system32\authz.dll

< MD5 for: CLB.DLL >
[2007/02/18 05:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0CF8C48A04404026D673302982B62FC6 -- C:\WINDOWS\clb.dll
[2007/02/18 05:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=0CF8C48A04404026D673302982B62FC6 -- C:\WINDOWS\system32\clb.dll

< MD5 for: COMCTL32.DLL >
[2007/02/18 05:00:00 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=2E9857547D15BE45E4D36C8EBE0E8908 -- C:\WINDOWS\$NtUninstallKB2296011$\comctl32.dll
[2007/02/17 02:31:40 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=2E9857547D15BE45E4D36C8EBE0E8908 -- C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[2007/02/18 01:01:02 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=374A258F1ACE884221F6D29E9407A617 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\comctl32.dll
[2010/09/07 05:08:31 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=3A90979648E2414136B40884BE824E91 -- C:\WINDOWS\WinSxS\InstallTemp\20120531220654889.0\comctl32.dll
[2010/09/07 05:08:31 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=3A90979648E2414136B40884BE824E91 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\comctl32.dll
[2010/09/07 05:08:33 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=437FA9B1EB89356394A9B46CD61546C2 -- C:\WINDOWS\system32\comctl32.dll
[2010/09/07 05:08:33 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=437FA9B1EB89356394A9B46CD61546C2 -- C:\WINDOWS\system32\dllcache\comctl32.dll
[2005/03/24 11:31:12 | 001,051,136 | ---- | M] (Microsoft Corporation) MD5=54E5A7319F8CC1C538BA80158A732B07 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.1830_x-ww_7AE38CCF\comctl32.dll
[2007/02/18 01:01:02 | 001,051,648 | ---- | M] (Microsoft Corporation) MD5=9EEF92F3F87CB9A4509BE1DCA4691AD9 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
[2005/03/24 11:31:12 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=E0DB66F3C7967703FBB25737DEBED3B3 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.1830_x-ww_1B6F474A\comctl32.dll
[2010/09/07 05:08:31 | 001,051,648 | ---- | M] (Microsoft Corporation) MD5=E0DBA3632AA154BF78BA7473EE853FC9 -- C:\WINDOWS\WinSxS\InstallTemp\20120531220655233.0\comctl32.dll
[2010/09/07 05:08:31 | 001,051,648 | ---- | M] (Microsoft Corporation) MD5=E0DBA3632AA154BF78BA7473EE853FC9 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll
[2005/03/25 06:00:00 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=E69C02E85E322C92997DC3C15A5AA6B5 -- C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
[2006/08/28 01:25:50 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=EE4C771646BFE384A8338AF70608ABA3 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.2778_x-ww_497C098C\comctl32.dll
[2006/08/28 01:25:51 | 001,051,136 | ---- | M] (Microsoft Corporation) MD5=FF9A45AA4B4BA81723EC556102CF8FEB -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\comctl32.dll

< MD5 for: COMDLG32.DLL >
[2007/02/17 02:31:40 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=0DD9DEE0121096CA239285D49C71207D -- C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
[2007/02/18 05:00:00 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=0DD9DEE0121096CA239285D49C71207D -- C:\WINDOWS\system32\comdlg32.dll

< MD5 for: GDI32.DLL >
[2007/03/01 23:41:38 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=0C277F9B5BF1652CBC7CFD3C0D33060D -- C:\WINDOWS\$hf_mig$\KB925902-v2\SP2QFE\gdi32.dll
[2008/10/23 04:43:54 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=284A13EBBFDE5F31A3C40505474C66DD -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/10/23 04:43:54 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=284A13EBBFDE5F31A3C40505474C66DD -- C:\WINDOWS\system32\gdi32.dll
[2005/03/25 06:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=57976308D1C0D163917331DF1DFFD66D -- C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll
[2007/02/18 05:00:00 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=92C9E62F6132909B0999462A4AFA5625 -- C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll
[2007/02/17 03:03:36 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=92C9E62F6132909B0999462A4AFA5625 -- C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
[2005/12/30 21:12:56 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=A8DF14D6245446962111B632F9114DAA -- C:\WINDOWS\$NtUninstallKB925902_0$\gdi32.dll
[2008/10/23 05:18:46 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=DADDD32BA129BE5FEF9F2B46BBC24B03 -- C:\WINDOWS\$hf_mig$\KB956802\SP2QFE\gdi32.dll
[2005/10/05 19:03:13 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=FB0032833DE650E99F4632D94CE1BACD -- C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll

< MD5 for: IMM32.DLL >
[2007/02/17 03:19:36 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=E6B01492682B799479456A8E45C6A7B1 -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2007/02/18 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=E6B01492682B799479456A8E45C6A7B1 -- C:\WINDOWS\system32\imm32.dll

< MD5 for: KERNEL32.DLL >
[2005/03/25 06:00:00 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=10F9019A341A4EFEE249BB0E5324B001 -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2009/03/21 10:08:27 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=1D9A52E6EC83701464959078868295D4 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:08:27 | 001,038,336 | ---- | M] (Microsoft Corporation) MD5=1D9A52E6EC83701464959078868295D4 -- C:\WINDOWS\system32\kernel32.dll
[2006/07/25 05:31:53 | 001,038,848 | ---- | M] (Microsoft Corporation) MD5=BBA2E7A350ECAAD3719FF71ABC80429D -- C:\WINDOWS\$NtUninstallKB935839_0$\kernel32.dll
[2007/02/18 05:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=BDC8872B7F13F9955218D488D92CDF7B -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2007/02/17 03:27:04 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=BDC8872B7F13F9955218D488D92CDF7B -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 10:06:19 | 001,042,432 | ---- | M] (Microsoft Corporation) MD5=E84636BA3D9EF81E1283BA11639A10D2 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll

< MD5 for: MSCTF.DLL >
[2007/02/17 03:34:28 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=449CEE6ED95B047C5E115E3594FE0C61 -- C:\WINDOWS\ServicePackFiles\i386\msctf.dll
[2007/02/18 05:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=449CEE6ED95B047C5E115E3594FE0C61 -- C:\WINDOWS\system32\MSCTF.dll

< MD5 for: MSCTFIME.IME >
[2007/02/17 03:34:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=CF9FD4D848945951A2468BD85EBFBE23 -- C:\WINDOWS\ServicePackFiles\i386\msctfime.ime
[2007/02/18 05:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=CF9FD4D848945951A2468BD85EBFBE23 -- C:\WINDOWS\system32\MSCTFIME.IME

< MD5 for: MSLBUI.DLL >
[2007/02/17 03:35:54 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=CD9B9C71AAFB02C05BA28D38FF7F845B -- C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
[2007/02/18 05:00:00 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=CD9B9C71AAFB02C05BA28D38FF7F845B -- C:\WINDOWS\system32\mslbui.dll

< MD5 for: MSVCRT.DLL >
[2006/08/30 20:20:26 | 000,254,005 | ---- | M] (Microsoft Corporation) MD5=007A2EB21D0888145D2E850378929100 -- C:\WINDOWS\system32\clients\faxclient\system32\msvcrt.dll
[2007/02/17 03:36:50 | 000,348,672 | ---- | M] (Microsoft Corporation) MD5=1511446A6A7CD453299815575C92E5C6 -- C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[2007/02/18 05:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) MD5=1511446A6A7CD453299815575C92E5C6 -- C:\WINDOWS\system32\msvcrt.dll
[2005/03/24 11:31:12 | 000,348,672 | ---- | M] (Microsoft Corporation) MD5=1AF7EF69AEFE2B29E4F468715CCB0256 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.3790.1830_x-ww_84E4CBAF\msvcrt.dll
[2007/02/18 01:01:02 | 000,348,672 | ---- | M] (Microsoft Corporation) MD5=27D5FF30777AA740728A79505192E4A3 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.3790.3959_x-ww_E2727D35\msvcrt.dll

< MD5 for: NTDLL.DLL >
[2009/02/09 04:02:57 | 000,774,144 | ---- | M] (Microsoft Corporation) MD5=127FEC4CDE2350575A558BEC8C17A7FA -- C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll
[2010/10/22 05:19:39 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=1E00A4B9A9C94476CCB6C78FB516525B -- C:\WINDOWS\$hf_mig$\KB2393802\SP2QFE\ntdll.dll
[2011/11/22 09:27:32 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3FEE992C31C02CE092FE28D57BA5387D -- C:\WINDOWS\$hf_mig$\KB2644615\SP2QFE\ntdll.dll
[2010/10/22 05:27:13 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=64526FEF93246CC1809FD8413D115149 -- C:\WINDOWS\$NtUninstallKB2644615$\ntdll.dll
[2005/03/25 06:00:00 | 000,766,464 | ---- | M] (Microsoft Corporation) MD5=7E5E12924BC55928949A192CBEFA00EE -- C:\i386\NTDLL.DLL
[2005/03/25 06:00:00 | 000,766,464 | ---- | M] (Microsoft Corporation) MD5=7E5E12924BC55928949A192CBEFA00EE -- C:\i386\SYSTEM32\NTDLL.DLL
[2007/02/18 05:00:00 | 000,765,440 | ---- | M] (Microsoft Corporation) MD5=93095B4922D5A4847EC8D2BD3CA9EACB -- C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll
[2007/02/18 00:33:06 | 000,765,440 | ---- | M] (Microsoft Corporation) MD5=93095B4922D5A4847EC8D2BD3CA9EACB -- C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
[2011/11/22 09:29:04 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=D2CC61892D88C3DD273CD8A3E3572FE8 -- C:\WINDOWS\system32\dllcache\ntdll.dll
[2011/11/22 09:29:04 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=D2CC61892D88C3DD273CD8A3E3572FE8 -- C:\WINDOWS\system32\ntdll.dll
[2009/02/09 04:07:54 | 000,774,144 | ---- | M] (Microsoft Corporation) MD5=FBF7E74E7E3708AC8C5E21BBC7D05596 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntdll.dll

< MD5 for: NTMARTA.DLL >
[2007/02/17 03:42:08 | 000,121,856 | ---- | M] (Microsoft Corporation) MD5=DD496EC3DE4C1C741391CD5367E84AC3 -- C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
[2007/02/18 05:00:00 | 000,121,856 | ---- | M] (Microsoft Corporation) MD5=DD496EC3DE4C1C741391CD5367E84AC3 -- C:\WINDOWS\system32\ntmarta.dll

< MD5 for: OLE32.DLL >
[2005/03/25 06:00:00 | 001,245,184 | ---- | M] (Microsoft Corporation) MD5=2D6DF021C93307E12F814EB99E1A2546 -- C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
[2010/07/26 03:04:33 | 001,270,272 | ---- | M] (Microsoft Corporation) MD5=4962BF403F5E84630129F4A1B5FB7FFE -- C:\WINDOWS\$hf_mig$\KB979687\SP2QFE\ole32.dll
[2007/02/18 05:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) MD5=61ED4063CBD966DC98783E6B3832BD1A -- C:\WINDOWS\$NtUninstallKB979687$\ole32.dll
[2007/02/17 03:43:12 | 001,267,200 | ---- | M] (Microsoft Corporation) MD5=61ED4063CBD966DC98783E6B3832BD1A -- C:\WINDOWS\ServicePackFiles\i386\ole32.dll
[2011/11/01 10:31:08 | 001,270,272 | ---- | M] (Microsoft Corporation) MD5=701D365C922633ED9C5E3CDA39123C31 -- C:\WINDOWS\$hf_mig$\KB2624667\SP2QFE\ole32.dll
[2011/11/01 10:32:37 | 001,267,712 | ---- | M] (Microsoft Corporation) MD5=77C6EF161D8B1868372B39A35599F3E4 -- C:\WINDOWS\system32\dllcache\ole32.dll
[2011/11/01 10:32:37 | 001,267,712 | ---- | M] (Microsoft Corporation) MD5=77C6EF161D8B1868372B39A35599F3E4 -- C:\WINDOWS\system32\ole32.dll
[2010/07/26 03:01:17 | 001,267,712 | ---- | M] (Microsoft Corporation) MD5=C18E50E1E3A22513FB807550317D52FC -- C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll

< MD5 for: OLEAUT32.DLL >
[2010/12/20 12:03:07 | 000,553,984 | ---- | M] (Microsoft Corporation) MD5=05BF13C2C924D9DC9F6C7CDA7DAA5BD6 -- C:\WINDOWS\system32\dllcache\oleaut32.dll
[2010/12/20 12:03:07 | 000,553,984 | ---- | M] (Microsoft Corporation) MD5=05BF13C2C924D9DC9F6C7CDA7DAA5BD6 -- C:\WINDOWS\system32\oleaut32.dll
[2007/02/18 05:00:00 | 000,552,960 | ---- | M] (Microsoft Corporation) MD5=7240ECB04A62F384B82BAE0D01BF5CB5 -- C:\WINDOWS\$NtUninstallKB2476490$\oleaut32.dll
[2007/02/17 03:43:14 | 000,552,960 | ---- | M] (Microsoft Corporation) MD5=7240ECB04A62F384B82BAE0D01BF5CB5 -- C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
[2010/12/20 12:04:43 | 000,555,008 | ---- | M] (Microsoft Corporation) MD5=F3F6EFFB1D2D6486CC7D9C93FEC3BF08 -- C:\WINDOWS\$hf_mig$\KB2476490\SP2QFE\oleaut32.dll

< MD5 for: RPCRT4.DLL >
[2010/08/18 02:38:36 | 000,647,680 | ---- | M] (Microsoft Corporation) MD5=26F40D5ABEE2F0AFF9A89D81D7D3D2D9 -- C:\WINDOWS\$hf_mig$\KB2360937\SP2QFE\rpcrt4.dll
[2009/04/27 03:45:27 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=2EB0CD923E0039E6FFE81927EADD2C0D -- C:\WINDOWS\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
[2010/08/18 02:27:25 | 000,647,168 | ---- | M] (Microsoft Corporation) MD5=834C667480F2B831789916B2327E2BCC -- C:\WINDOWS\system32\dllcache\rpcrt4.dll
[2010/08/18 02:27:25 | 000,647,168 | ---- | M] (Microsoft Corporation) MD5=834C667480F2B831789916B2327E2BCC -- C:\WINDOWS\system32\rpcrt4.dll
[2007/02/18 05:00:00 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=D92BCB65F8C40B7E88362F8EA8A06565 -- C:\WINDOWS\$NtUninstallKB2360937$\rpcrt4.dll
[2007/02/17 03:55:42 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=D92BCB65F8C40B7E88362F8EA8A06565 -- C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll

< MD5 for: SAMLIB.DLL >
[2007/02/17 03:58:04 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=C67F484C82858D9DFE6D9EF471706289 -- C:\WINDOWS\ServicePackFiles\i386\samlib.dll
[2007/02/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=C67F484C82858D9DFE6D9EF471706289 -- C:\WINDOWS\system32\samlib.dll

< MD5 for: SECUR32.DLL >
[2009/06/16 00:21:28 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=27428099F0049CCBD88333FB26DE90BE -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\secur32.dll
[2007/02/18 05:00:00 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=3180596268E5CEB704E2E85D9FCC4B89 -- C:\WINDOWS\$NtUninstallKB959426$\secur32.dll
[2007/02/17 03:58:56 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=3180596268E5CEB704E2E85D9FCC4B89 -- C:\WINDOWS\ServicePackFiles\i386\secur32.dll
[2009/02/04 04:45:40 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=70927B4E18719176E6E08DA450DA1B47 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\secur32.dll
[2009/02/04 04:41:02 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=72390B20877A9D78690EF5C83AB4BD3E -- C:\WINDOWS\$NtUninstallKB968389$\secur32.dll
[2009/06/15 23:58:59 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=E31C0503AF7E7E578C27A9AD36D90991 -- C:\WINDOWS\system32\dllcache\secur32.dll
[2009/06/15 23:58:59 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=E31C0503AF7E7E578C27A9AD36D90991 -- C:\WINDOWS\system32\secur32.dll

< MD5 for: SHELL32.DLL >
[2011/01/21 15:01:40 | 008,362,496 | ---- | M] (Microsoft Corporation) MD5=0EBC957C9AEF38AAC5AB4BDFBF6B2E7F -- C:\WINDOWS\$hf_mig$\KB2483185\SP2QFE\shell32.dll
[2006/07/13 05:55:30 | 008,382,976 | ---- | M] (Microsoft Corporation) MD5=3E2F38371682CF4842C765DEA6F135EA -- C:\WINDOWS\$NtUninstallKB928255$\shell32.dll
[2012/06/08 08:56:38 | 008,362,496 | ---- | M] (Microsoft Corporation) MD5=4529FA58A8D34CD40CE82413E2CF638A -- C:\WINDOWS\SoftwareDistribution\Download\0b1d2907a33b158ef6bf15d76a5dfe7e\sp2gdr\shell32.dll
[2012/06/08 08:56:38 | 008,362,496 | ---- | M] (Microsoft Corporation) MD5=4529FA58A8D34CD40CE82413E2CF638A -- C:\WINDOWS\system32\dllcache\shell32.dll
[2012/06/08 08:56:38 | 008,362,496 | ---- | M] (Microsoft Corporation) MD5=4529FA58A8D34CD40CE82413E2CF638A -- C:\WINDOWS\system32\shell32.dll
[2005/03/25 06:00:00 | 008,379,392 | ---- | M] (Microsoft Corporation) MD5=4BE31FCD4603661CF13B354D6AFD6E4B -- C:\WINDOWS\$NtUninstallKB921398$\shell32.dll
[2011/01/21 14:59:49 | 008,361,984 | ---- | M] (Microsoft Corporation) MD5=7C676195C5A2F8C666E2B6DAF425484E -- C:\WINDOWS\$NtUninstallKB2691442$\shell32.dll
[2009/07/28 09:47:48 | 008,361,984 | ---- | M] (Microsoft Corporation) MD5=8A3194A2500FABCFEAF5E0FDC3F33B73 -- C:\WINDOWS\$hf_mig$\KB971029\SP2QFE\shell32.dll
[2012/06/08 08:55:08 | 008,363,008 | ---- | M] (Microsoft Corporation) MD5=A4C2EAC58DA9DE3F924B79162E3AF436 -- C:\WINDOWS\$hf_mig$\KB2691442\SP2QFE\shell32.dll
[2012/06/08 08:55:08 | 008,363,008 | ---- | M] (Microsoft Corporation) MD5=A4C2EAC58DA9DE3F924B79162E3AF436 -- C:\WINDOWS\SoftwareDistribution\Download\0b1d2907a33b158ef6bf15d76a5dfe7e\sp2qfe\shell32.dll
[2007/02/18 05:00:00 | 008,359,936 | ---- | M] (Microsoft Corporation) MD5=BB6B5267194D85E1FB7A8B50210E6818 -- C:\WINDOWS\$NtUninstallKB2483185$\shell32.dll
[2007/02/17 03:59:24 | 008,359,936 | ---- | M] (Microsoft Corporation) MD5=BB6B5267194D85E1FB7A8B50210E6818 -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll

< MD5 for: SHLWAPI.DLL >
[2006/06/23 13:45:13 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=2CE3496A4ADF7C010A162DDEEBFB5434 -- C:\WINDOWS\$NtUninstallKB925454$\shlwapi.dll
[2007/01/06 05:09:09 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=4A8CB0D499A0ECF9172A0C532A82E097 -- C:\WINDOWS\$NtUninstallKB931768_0$\shlwapi.dll
[2005/09/02 18:44:31 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=664668D01F73B8E7C4769E9234426F51 -- C:\WINDOWS\$NtUninstallKB916281$\shlwapi.dll
[2005/03/25 06:00:00 | 000,321,024 | ---- | M] (Microsoft Corporation) MD5=9214093E58CEAEEE28BAF70205683466 -- C:\WINDOWS\$NtUninstallKB896688$\shlwapi.dll
[2009/10/15 13:20:14 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=9E70E195F551512563CF4A3406EB8081 -- C:\WINDOWS\$hf_mig$\KB975713\SP2QFE\shlwapi.dll
[2006/04/27 12:21:06 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=B2AD61570D42F0CE0719CBA55D7375A0 -- C:\i386\shlwapi.dll
[2006/04/27 12:21:06 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=B2AD61570D42F0CE0719CBA55D7375A0 -- C:\WINDOWS\$NtUninstallKB918899$\shlwapi.dll
[2007/02/20 01:46:40 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=B5BBAFE5004CA3916081078034A5569E -- C:\WINDOWS\$NtUninstallKB933566_0$\shlwapi.dll
[2009/10/15 13:19:53 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=B92B131426401E68C4D060F35A1D0961 -- C:\WINDOWS\system32\dllcache\shlwapi.dll
[2009/10/15 13:19:53 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=B92B131426401E68C4D060F35A1D0961 -- C:\WINDOWS\system32\shlwapi.dll
[2007/02/18 05:00:00 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=C018A76BC2E494A3A603F6A5DE3CE3E5 -- C:\WINDOWS\$NtUninstallKB975713$\shlwapi.dll
[2007/02/17 03:59:42 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=C018A76BC2E494A3A603F6A5DE3CE3E5 -- C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
[2006/10/23 09:41:11 | 000,321,536 | ---- | M] (Microsoft Corporation) MD5=FBC2F10B27FC35731F6C06C50530F476 -- C:\WINDOWS\$NtUninstallKB928090$\shlwapi.dll

< MD5 for: TV.DLL >
[2008/08/28 23:37:54 | 000,008,192 | ---- | M] (TeamViewer GmbH) MD5=DAFC2FE6A342CA898B13977035A18E22 -- C:\Program Files\TeamViewer3\TV.dll

< MD5 for: ULIB.DLL >
[2007/02/17 04:07:16 | 000,277,504 | ---- | M] (Microsoft Corporation) MD5=D5DDDF30A0D4B6D5BDCF3E7C4B3C28B3 -- C:\WINDOWS\ServicePackFiles\i386\ulib.dll
[2007/02/18 05:00:00 | 000,277,504 | ---- | M] (Microsoft Corporation) MD5=D5DDDF30A0D4B6D5BDCF3E7C4B3C28B3 -- C:\WINDOWS\system32\ulib.dll

< MD5 for: USER32.DLL >
[2005/03/25 06:00:00 | 000,588,288 | ---- | M] (Microsoft Corporation) MD5=0CB15B516E6B6E1E7C84BBC5CCB20C7A -- C:\WINDOWS\$NtUninstallKB925902_0$\user32.dll
[2007/03/01 23:38:46 | 000,583,680 | ---- | M] (Microsoft Corporation) MD5=1959150096B010BA953A78B0D6B0B4E4 -- C:\WINDOWS\system32\dllcache\user32.dll
[2007/03/01 23:38:46 | 000,583,680 | ---- | M] (Microsoft Corporation) MD5=1959150096B010BA953A78B0D6B0B4E4 -- C:\WINDOWS\system32\user32.dll
[2007/02/18 05:00:00 | 000,583,680 | ---- | M] (Microsoft Corporation) MD5=BEFB689615C62C11EBB085031451B00A -- C:\WINDOWS\$NtUninstallKB925902-v2$\user32.dll
[2007/02/17 04:07:42 | 000,583,680 | ---- | M] (Microsoft Corporation) MD5=BEFB689615C62C11EBB085031451B00A -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007/03/01 23:41:38 | 000,583,680 | ---- | M] (Microsoft Corporation) MD5=C1F63A63AF82E7E5B786B7EF55F08BF7 -- C:\WINDOWS\$hf_mig$\KB925902-v2\SP2QFE\user32.dll

< MD5 for: UXTHEME.DLL >
[2007/02/17 04:07:46 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=DADEEC3B6FD2F760D9BCB8654524D8D0 -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2007/02/18 05:00:00 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=DADEEC3B6FD2F760D9BCB8654524D8D0 -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WLDAP32.DLL >
[2007/02/17 04:09:28 | 000,179,712 | ---- | M] (Microsoft Corporation) MD5=384C93BEBACA1336E930EF713EDE2511 -- C:\WINDOWS\ServicePackFiles\i386\wldap32.dll
[2007/02/18 05:00:00 | 000,179,712 | ---- | M] (Microsoft Corporation) MD5=384C93BEBACA1336E930EF713EDE2511 -- C:\WINDOWS\system32\wldap32.dll

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS /s >
"DependOnService" = EventSystem [binary data]
"Description" = Monitors system events and notifies subscribers to COM+ Event System of these events. If this service is stopped, COM+ Event System subscribers will not receive system event notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
"DisplayName" = System Event Notification
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2007/02/18 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Group" = Network
"Start" = 2
"Type" = 32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Enum]
"0" = Root\LEGACY_SENS\0000
"Count" = 1
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Parameters]
"ServiceDll" = %SystemRoot%\system32\sens.dll -- [2007/02/18 05:00:00 | 000,037,376 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Security]
"Security" = [Binary data over 100 bytes]

< HKLM\SYSTEM\WPA /s >
"it" = DC 07 03 00 01 00 0C 00 03 00 20 00 3B 00 A5 02 [binary data]
"id" = 2192ABA5R2JDVPKQ
"ie" =
"sn" = Sharedaccess
"sr" = Sens -- [2007/02/18 05:00:00 | 000,037,376 | ---- | M] (Microsoft Corporation)
"lscan" = 2
"rmd" =
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\EntryHash-P89HHFXDQWKKRX]
"SigningHashData" = C3 81 4C D0 41 9F 00 31 DC A2 B4 F7 EB EE 82 BD 31 18 D1 A3 78 79 71 B2 A3 41 25 A0 02 93 C6 92 F2 5C 63 2B A3 6B BD 29 4B 0A 80 6F 72 8B 00 BB 7D 63 A2 65 A8 59 E2 FD [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-BMX6WFHXGX8MHV2J3R96D]
"ProductID" = 69712-OEM-4211904-02010
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-DRMTF9PM2DH79VB786QDJ]
"ProductID" = 69712-OEM-4411902-02111
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-H8C72HJ8XT49BP68R734W]
"ProductID" = 69712-OEM-4418173-09685
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-PQ36W7YYCY4XM886FCYMF]
"ProductID" = 69712-OEM-4418173-09685
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-R6W93VJJJFHHR4HHTVX6T]
"ProductID" = 69712-OEM-4411902-02111
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\Key-TBK2MJ277F2JFRVPHMQ4V]
"ProductID" = 69712-653-2220294-45479
"DigitalProductID" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP]
"seed" = -990134485
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\ReSigningHash-P89HHFXDQWKKRX]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\SigningHash-P89HHFXDQWKKRX]
"SigningHashData" = C3 BA EB ED 90 75 AC E3 A3 1A 11 83 B9 73 C9 A8 83 F7 C8 25 74 75 81 E5 07 7A 41 55 8F 83 D1 AF 2B 0A B2 11 92 CE D4 1C 01 6B B9 38 8D A9 7E 6E AF 5A 6C 88 C7 98 F8 41 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\SigningHash-TCCCW34VHT448J]
"SigningHashData" = 8F F4 82 AF 77 A8 C9 A8 2F 12 AD 86 65 07 88 9A 06 FB 46 D5 90 86 D5 58 D7 04 89 7F 6E AA 2D 21 F8 1C 74 56 43 54 75 0C 8E 85 22 A0 15 80 53 C0 B2 23 C7 96 79 8D 8E CC [binary data]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TRKSvr /s >
"Type" = 288
"Start" = 2
"ErrorControl" = 0
"ImagePath" = %systemRoot%\system32\svchost.exe -k netsvcs -- [2007/02/18 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
"DisplayName" = TrkSvr
"ObjectName" = LocalSystem
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TRKSvr\Parameters]
"ServiceDll" = C:\WINDOWS\Temp\ntshrui.dll.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TRKSvr\Security]
"Security" = [Binary data over 100 bytes]

< End of report >

#126
rahanna

Posted 08 September 2012 - 01:54 PM

Member

Topic Starter
Member
96 posts

Here is the Extras.txt

OTL Extras logfile created on: 9/8/2012 12:41:53 PM - Run 10
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dell
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.15% Memory free
5.35 Gb Paging File | 3.88 Gb Available in Paging File | 72.42% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.41 Gb Total Space | 92.77 Gb Free Space | 68.51% Space Free | Partition Type: NTFS
Drive D: | 544.49 Gb Total Space | 158.16 Gb Free Space | 29.05% Space Free | Partition Type: NTFS

Computer Name: ST-SERVER | User Name: st_admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F59FC7-E7CB-4E48-8923-62E7A436A5AE}" = AAStationInstallConditions
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ADA2703-45D1-4B0D-9BBB-3DF83C6E7F99}" = AdvisorsAssistantFileTransfer
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (ADVISORSASSIST)
"{21B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{25331195-4E18-11D7-9D73-0008C7223F91}" = Zoom V.92 PCI Voice Faxmodem
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BKUPEXEC)
"{314D881D-384C-4A04-993D-F0876D21EAA5}" = Symantec Backup Exec for Windows Servers (Hotfix 10)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A0E46D2-D124-48A4-A936-9729FB7715FE}" = Symantec Backup Exec for Windows Servers (Hotfix 20)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40DA090B-64E9-41C9-BC16-6D3BEA5A8E16}" = Symantec Backup Exec for Windows Servers (Hotfix 30)
"{40E27BC4-2003-41C7-B4D3-E636B8DAF969}" = AAUpdateConditions
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{44025E80-44C3-416F-98DC-AE09CCFD57FD}" = Advisors Assistant Version 2 Conversion
"{47653B97-E079-454D-8DB9-B323E388FF93}" = Symantec Endpoint Protection Manager
"{4966AE07-55D8-4D91-85A1-0F97A4DDA603}" = Symantec Backup Exec for Windows Servers (Hotfix 6)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BC2CC7-C3E0-4ADB-B5A1-C26CDAA9A99F}" = Symantec Backup Exec for Windows Servers (Hotfix 38)
"{51C3F2C4-2FD8-48C1-8301-E660A6A84992}" = Symantec Backup Exec for Windows Servers (Hotfix 9)
"{520C5E07-E4D0-407D-B94D-E9F2D9208016}" = Acronis True Image Echo Enterprise Server
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{5D42FAD4-3C0B-4CA8-B840-205B83A06125}" = Symantec Backup Exec for Windows Servers (Hotfix 2)
"{5E9E538A-308B-4342-A54E-CE3A8015DB18}" = Advisors Assistant Server Utilities
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (PRESENTS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76CF1D9F-2285-48A5-B897-6EB978B221AA}" = Symantec Backup Exec for Windows Servers (Hotfix 13)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89C7A9F7-2C31-4739-842D-F037B6C9B674}" = Dell OpenManage Server Administrator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905D1B7B-FC03-4A5E-9198-143CA02D9059}" = Advisors Assistant Server Component
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9111DFCB-DDB2-4E49-8DF7-91F623D14BF6}" = Symantec Backup Exec for Windows Servers (Hotfix 29)
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{92FCCD86-7737-41CC-A700-7FE6015CE01A}" = Symantec Backup Exec for Windows Servers (Hotfix 27)
"{9A6329B8-9383-4D6F-BC0B-9E8CB1F8B5EA}" = Advisors Assistant Station Program
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDD9119-D625-4B91-B2D1-11C08D485E44}" = Symantec Backup Exec for Windows Servers (Hotfix 15)
"{9DA4493A-480C-4554-A02C-4B542D33A1D9}" = ManageEngine NetFlow Analyzer 7.5
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (ADVISORSASSIST)
"{B3C91427-E6A6-405C-980E-1EB3AE1F041D}" = Symantec Backup Exec for Windows Servers (Hotfix 16)
"{BA62EF4E-BD43-4BF8-B10A-72B79ABE195B}" = Symantec Backup Exec for Windows Servers (Service Pack 3)
"{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA465C8-2923-42C6-9141-BE44739A6A80}" = Symantec Backup Exec for Windows Servers
"{BEE9E48B-BA8F-48DC-A63E-E0FD477A8FCB}" = Symantec Backup Exec for Windows Servers (Hotfix 11)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FAC044-FBEC-4605-9649-9BF12D977E87}" = Symantec Backup Exec for Windows Servers (Hotfix 24)
"{D147EA10-4361-41A7-A4DB-D84024D06D35}" = Symantec Backup Exec for Windows Servers (Hotfix 35)
"{D6AFA160-5CF3-4C84-A2E6-18615BE014D9}" = ManageEngine OpManager 8.0
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DFC22BCF-1371-4DF5-B8D3-E2F3B4CCB19A}" = Symantec Backup Exec for Windows Servers (Hotfix 21)
"{E0B27188-A15E-4C64-AE49-85E8EF46184B}" = Reporting Agents (Symantec Corporation)
"{E1A85893-2CF7-4155-9731-453B858A07B0}" = Symantec Backup Exec for Windows Servers (Hotfix 23)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E65928F8-937C-476E-83CB-16CC3376BA8A}" = Symantec Backup Exec for Windows Servers (Service Pack 2)
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA687A74-7AE0-4CB2-B01F-303748E7D5A9}" = Symantec Backup Exec for Windows Servers (Service Pack 1)
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F0E8F664-CAC6-4104-A4F9-4373F0633495}" = Acronis Disk Director Server
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF7CF098-176D-4C8E-A39C-E33074252ED8}" = Symantec Backup Exec for Windows Servers (Hotfix 19)
"9161A261-6ABE-4668-BBFA-AD06B3F642CF" = Microsoft Exchange
"ActiveTouchMeetingClient" = WebEx
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Mass Sender 4.3" = Advanced Mass Sender 4.3
"Advisors Assistant 2.8" = Advisors Assistant 2.8
"ATI Display Driver" = ATI Display Driver
"FileZilla Client" = FileZilla Client 3.5.3
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft ShellExView" = NirSoft ShellExView
"Symantec Backup Exec 11.0" = Symantec Backup Exec ™ 11d for Windows Servers
"TeamViewer 3" = TeamViewer 3
"Unlocker" = Unlocker 1.8.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2012 2:51:34 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/6/2012 7:26:10 AM | Computer Name = ST-SERVER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Maljava in File: d:\Shares\Home\joel\Application
Data\Sun\Java\Deployment\cache\6.0\38\db6ea26-46377893 by: Manual scan. Action:
Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 9/6/2012 2:51:46 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/6/2012 10:11:22 PM | Computer Name = ST-SERVER | Source = Application Hang | ID = 1002
Description = Hanging application procexp.exe, version 15.22.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2012 1:30:27 AM | Computer Name = ST-SERVER | Source = Backup Exec | ID = 57860
Description = An error occurred while attempting to log in to the following server:
"ST-SERVER". SQL error number: "000E". SQL error message: "[DBNETLIB][ConnectionOpen
(Invalid Instance()).]Invalid connection. ". For more information, click the following
link: http://eventlookup.v...entLookup.jhtml

Error - 9/7/2012 2:51:48 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/7/2012 2:51:51 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/8/2012 1:30:34 AM | Computer Name = ST-SERVER | Source = Backup Exec | ID = 57860
Description = An error occurred while attempting to log in to the following server:
"ST-SERVER". SQL error number: "000E". SQL error message: "[DBNETLIB][ConnectionOpen
(Invalid Instance()).]Invalid connection. ". For more information, click the following
link: http://eventlookup.v...entLookup.jhtml

Error - 9/8/2012 2:52:00 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/8/2012 2:52:01 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

[ Directory Service Events ]
Error - 8/26/2012 10:43:56 PM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 9:48:11 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:00:14 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:17:01 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:22:02 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:29:23 AM | Computer Name = ST-SERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 8/27/2012 10:29:25 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:43:53 AM | Computer Name = ST-SERVER | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 8430 The directory service encountered an internal
failure. Internal ID: 3200c89 User Action: Make sure a global catalog is available
in the forest, and is reachable from this domain controller. You may use the nltest
utility to diagnose this problem.

Error - 8/27/2012 11:00:43 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/31/2012 8:48:59 PM | Computer Name = ST-SERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

[ DNS Server Events ]
Error - 8/27/2012 11:10:57 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 8/27/2012 11:10:57 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

[ File Replication Service Events ]
Error - 7/3/2012 11:14:39 AM | Computer Name = ST-SERVER | Source = NtFrs | ID = 13571
Description = The File Replication Service has detected that one or more volumes
on this computer have the same Volume Serial Number. File Replication Service does
not support this configuration. Files may not replicate until this conflict is
resolved. Volume Serial Number : a81a-1662 List of volumes that have this Volume
Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
before
listing the contents of the folder.

[ System Events ]
Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The Nwsapagent service terminated with the following error: %%126

Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The TrkSvr service terminated with the following error: %%126

Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The WmdmPmSp service terminated with the following error: %%126

Error - 9/6/2012 2:23:32 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
crcdisk

Error - 9/6/2012 2:47:59 AM | Computer Name = ST-SERVER | Source = WLBS | ID = 458787
Description = NLB Cluster 0.0.0.0 : Cluster mode cannot be enabled due to parameter
errors. All traffic will be passed through to TCP/IP. Restart cluster operations
after fixing the problem by running 'wlbs reload' followed by 'wlbs start'.

Error - 9/6/2012 2:47:59 AM | Computer Name = ST-SERVER | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7022
Description = The System Event Notification service hung on starting.

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The TrkSvr service terminated with the following error: %%126

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The WmdmPmSp service terminated with the following error: %%126

< End of report >

#127
RKinner

Posted 08 September 2012 - 02:32 PM

Malware Expert

Expert
24,625 posts

Let's try resetting the registry permissions to the defaults.

Download SubInACL.exe

http://www.microsoft...&displaylang=en

By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\

Please allow it to do so.

Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an Enter after each line:

cd  "\Program Files\Windows Resource Kits\Tools"

reset.cmd

Then try to use Autoruns to delete the bad guys.

#128
rahanna

Posted 08 September 2012 - 02:57 PM

Member

Topic Starter
Member
96 posts

Ron,

The [ reset.cmd ] took a long time and was showing on the command prompt window with a Red bar indication the number of items it Modified or Failed ...

Finally it ended after 7 minutes and gave some results that are pasted below ...

I ran AutoRuns but didn't change/uncheck/delete anything and attached the results [Autoruns.zip] for your review ...

Let me know ...

results after [ reset.cmd ]
Elapsed Time: 00 00:01:58
Done: 93304, Modified 93304, Failed 0, Syntax errors 0
Last Done : HKEY_CLASSES_ROOT\ZOHOMEETING.ZohoMeetingCtrl.1\CLSID

C:\Program Files\Windows Resource Kits\Tools>subinacl /subdirectories C: /grant=
system=f
C:\Program Files\Windows Resource Kits\Tools : delete Perm. ACE 7 nt authority\s
ystem
C:\Program Files\Windows Resource Kits\Tools : delete Perm. ACE 6 nt authority\s
ystem
C:\Program Files\Windows Resource Kits\Tools : new ace for nt authority\system
C:\Program Files\Windows Resource Kits\Tools : new ace for nt authority\system
C:\Program Files\Windows Resource Kits\Tools : 4 change(s)

Elapsed Time: 00 00:00:00
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done : C:\Program Files\Windows Resource Kits\Tools

C:\Program Files\Windows Resource Kits\Tools>subinacl /subdirectories C:\Documen
ts and Settings\st_admin /grant=system=f
C:\Documents and Settings\All Users\Documents : delete Perm. ACE 0 nt authority\
system
C:\Documents and Settings\All Users\Documents : new ace for nt authority\system
C:\Documents and Settings\All Users\Documents : new ace for nt authority\system
C:\Documents and Settings\All Users\Documents : 3 change(s)

Elapsed Time: 00 00:00:02
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done : C:\Documents and Settings\All Users\Documents

C:\Program Files\Windows Resource Kits\Tools>

Attached Files

AutoRuns8.zip 49.97KB 142 downloads

#129
RKinner

Posted 08 September 2012 - 03:14 PM

Malware Expert

Expert
24,625 posts

OK. You don't have all of the services that point at c\windows\temp\... unchecked.

Can you delete them now?

See if Process Monitor will run on your server.

download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop. Run Process Monitor.

As soon as it starts, bring up regedit and just leave it up then go back to Process Monitor and File, then uncheck Capture Events. Once it stops,

Click on Filter, change the first box to Process Name, second box stays at IS third box changes to regedit.exe fourth box stays at Include. Hit Add then OK.

Now click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line. That should highlight a full page of events.

File, Save, check Highlighted Events then OK. It should save the file to logfile.pml which should be on your desktop. Close Process Monitor. Turn off P&P and zip up the logfile.pml and attach it to a Reply. Hopefully I will be able to read it without having a server.

#130
RKinner

Posted 08 September 2012 - 04:01 PM

Malware Expert

Expert
24,625 posts

We are going to go out on the boat for a few hours so will be away from the PC.

#131
rahanna

Posted 08 September 2012 - 09:30 PM

Member

Topic Starter
Member
96 posts

Ron,

I couldn't delete the bad items pointing to c:\Windows\Temp ... Gives me {Access Denied]

I did run Process Monitor while regedit is running and capture the attached log ...

Hope you had a nice time on the boat and caught something ...

Let me know what's next ...

Thanks,

#132
RKinner

Posted 08 September 2012 - 11:42 PM

Malware Expert

Expert
24,625 posts

Nothing obvious in the log except something odd where it says CreateFileMapping: \Device\HarddiskVolume2櫰 Not sure why it does that or why a Chinese character shows up. Going to have to run it on my XP and see what it does.

Copy the text in the code box:

/md5start
regedit.exe
sysmain.sdb
aclui.dll
ulib.dll
WindowsShell.Manifest
imm32.dll
rpcrt4.dll
secur32.dll
advapi32.dll
gdi32.dll
oleaut32.dll
apphelp.dll
ShimEng.dll
authz.dll
MSCTF.dll
ntmarta.dll
wldap32.dll
samlib.dll
version.dll
MSCTFIME.IME
uxtheme.dll
MSIMTF.dll
mslbui.dll
sens.dll
/md5stop
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs /s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options /s
HKLM\System\CurrentControlSet\Services\LDAP /s
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers /s
HKLM\Software\Microsoft\CTF\SystemShared /s

Run OTL
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

No fishing today. Yesterday we caught 5 Dungeness crabs. Today we just rode around our island to the other side and visited another island which is a state park (SuciacIsland - http://www.parks.wa....rk=Sucia Island )

#133
rahanna

Posted 09 September 2012 - 12:02 AM

Member

Topic Starter
Member
96 posts

Ron,

FYI - When I googled the user name [ siweb$ ] on the web, it came up with a number of Chinese hacking web sites ...

I ran the OTL with the script that you sent me and here are the results of the OTL.txt

OTL logfile created on: 9/8/2012 10:48:36 PM - Run 11
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dell
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.69% Memory free
5.35 Gb Paging File | 3.91 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.41 Gb Total Space | 91.96 Gb Free Space | 67.91% Space Free | Partition Type: NTFS
Drive D: | 544.49 Gb Total Space | 158.16 Gb Free Space | 29.05% Space Free | Partition Type: NTFS

Computer Name: ST-SERVER | User Name: st_admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 23:35:10 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/01 12:25:50 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Dell\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/13 00:14:32 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/13 00:14:28 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/13 00:14:24 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/05/13 00:14:21 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/02/01 22:00:56 | 000,234,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
PRC - [2008/10/14 13:20:12 | 000,024,576 | R--- | M] (Client Marketing Systems, Inc.) -- C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
PRC - [2008/09/05 12:03:06 | 000,069,632 | ---- | M] (LSI Logic Corporation) -- C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
PRC - [2008/08/28 23:47:40 | 003,259,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer.exe
PRC - [2008/08/28 23:29:38 | 000,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe
PRC - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
PRC - [2008/08/12 09:40:20 | 000,021,784 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
PRC - [2008/08/05 19:26:00 | 000,153,560 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
PRC - [2008/08/05 19:25:54 | 000,198,616 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
PRC - [2008/05/14 12:31:04 | 000,083,248 | R--- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
PRC - [2007/11/19 14:49:16 | 002,824,208 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\bengine.exe
PRC - [2007/11/07 13:00:04 | 005,043,728 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\beserver.exe
PRC - [2007/05/23 12:06:06 | 000,712,464 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\beremote.exe
PRC - [2007/02/18 05:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 05:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/18 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007/02/17 07:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
PRC - [2006/10/30 07:50:27 | 000,175,744 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\benetns.exe
PRC - [2006/09/28 11:48:18 | 001,048,704 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
PRC - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
PRC - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/05 23:50:20 | 000,024,665 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\89f4ac43ba2b792785d9d472365e562b.dll
MOD - [2012/09/05 23:50:19 | 000,020,585 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\0a6b9f23e356336cc61530f586d0c66a.dll
MOD - [2012/09/05 23:50:17 | 000,028,767 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\b2774d247dfbf0abe8539e577ee59b4c.dll
MOD - [2012/09/05 23:50:16 | 000,028,789 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\36971e8ed4d19cc0a7051079b039c204.dll
MOD - [2012/09/05 23:50:16 | 000,028,787 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\1ff4eae997b1753d848dbbc61d1b4345.dll
MOD - [2012/09/05 23:50:15 | 000,036,981 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\31aa023220b46a62dd91739a3bf1cad4.dll
MOD - [2012/09/05 23:50:14 | 000,077,941 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\7aace6f21e4c397996b145b7fd777643.dll
MOD - [2012/09/05 23:50:12 | 000,032,873 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll
MOD - [2012/09/05 23:50:11 | 000,024,675 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\7acaa276f32e012922082aa697dfa218.dll
MOD - [2012/09/05 23:50:11 | 000,024,671 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\44abde5de65f3f034faac2c132713018.dll
MOD - [2012/09/05 23:50:09 | 000,020,571 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM-3008\42db37dadb779dbfc5da8bdd7ec61c52.dll
MOD - [2012/07/10 11:01:50 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/07/10 11:00:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/07/10 10:59:36 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/07/10 10:59:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/07/10 10:59:33 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/07/10 10:59:28 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/07/10 10:59:25 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/07/10 10:59:24 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/07/10 10:59:22 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/07/10 10:59:07 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/05/31 23:16:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/31 23:04:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/31 23:04:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/31 23:04:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/31 23:04:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2009/02/01 22:01:12 | 000,755,120 | ---- | M] () -- \\?\C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\secars.dll
MOD - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
MOD - [2008/08/12 09:39:44 | 000,136,472 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\invmib32.dll
MOD - [2008/08/12 09:39:00 | 000,042,776 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\omaep32.dll
MOD - [2008/05/01 21:15:37 | 000,010,240 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/03/30 07:45:46 | 000,800,256 | ---- | M] () -- C:\Program Files\Dell\SysMgt\oma\bin\libxml2.dll
MOD - [2007/02/18 05:00:00 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2006/06/06 12:08:08 | 000,393,216 | R--- | M] () -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\jslic.dll
MOD - [2005/11/14 16:43:58 | 000,029,152 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL
MOD - [2002/05/03 09:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (WmdmPmSp)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\wins.exe -- (WINS)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (TrkSvr)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (ºì³¾Íø°²)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Nwsapagent)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (NWCWorkstation)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Irmon)
SRV - File not found [Auto | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Iprip)
SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\Temp\ntshrui.dll. -- (Ias)
SRV - [2012/09/05 23:35:10 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/24 19:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2010/04/07 11:12:04 | 000,241,688 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS)
SRV - [2009/08/05 14:06:38 | 000,126,976 | ---- | M] () [On_Demand | Stopped] -- C:\AdventNet\ME\NetFlow\bin\wrapper.exe -- (netflowanalyzer)
SRV - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/05/13 00:14:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/05/13 00:14:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/05/13 00:14:24 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/05/13 00:14:21 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 22:00:56 | 000,234,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe -- (semsrv)
SRV - [2009/01/18 18:31:14 | 000,455,960 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/10/14 13:20:12 | 000,024,576 | R--- | M] (Client Marketing Systems, Inc.) [Auto | Running] -- C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe -- (AAService)
SRV - [2008/09/05 12:03:06 | 000,069,632 | ---- | M] (LSI Logic Corporation) [Auto | Running] -- C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe -- (mr2kserv)
SRV - [2008/08/28 23:29:38 | 000,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2008/08/12 09:47:10 | 000,075,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe -- (Server Administrator)
SRV - [2008/08/12 09:40:20 | 000,021,784 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe -- (omsad)
SRV - [2008/08/05 19:26:00 | 000,153,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe -- (dcevt32)
SRV - [2008/08/05 19:25:54 | 000,198,616 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe -- (dcstor32)
SRV - [2008/05/14 12:31:04 | 000,083,248 | R--- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe -- (ASANYs_sem5)
SRV - [2007/11/19 14:49:16 | 002,824,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\bengine.exe -- (BackupExecJobEngine)
SRV - [2007/11/07 13:00:04 | 005,043,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\beserver.exe -- (BackupExecRPCService)
SRV - [2007/05/23 12:06:06 | 000,712,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2007/02/18 05:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 05:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 05:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 05:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 05:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007/02/17 07:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 07:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
SRV - [2006/10/30 07:50:27 | 000,175,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\benetns.exe -- (BackupExecAgentBrowser)
SRV - [2006/09/28 11:48:18 | 001,048,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Backup Exec\pvlsvr.exe -- (BackupExecDeviceMediaService)
SRV - [2006/09/27 14:17:54 | 001,324,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -- (Reporting)
SRV - [2006/09/20 04:34:40 | 000,126,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AdventNet\ME\OpManager\wrapper.exe -- (OpManager)
SRV - [2005/08/25 19:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT)
SRV - [2003/11/26 07:52:46 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\AdventNet\ME\OpManager\apache\bin\Apache.exe -- (ManageEngineOpManagerApache)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - [2012/08/20 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120908.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/20 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120908.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/08 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/29 03:07:18 | 000,021,504 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\percsas.sys -- (percsas)
DRV - [2010/02/05 21:03:36 | 000,018,080 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QLTOx32.sys -- (QLTOx32)
DRV - [2009/06/13 17:05:23 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/06/13 17:05:23 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/13 17:05:09 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/05/13 15:26:04 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/13 00:14:35 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/05/13 00:14:34 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/05/13 00:14:34 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/05/13 00:14:32 | 000,038,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WGX.SYS -- (WGX)
DRV - [2009/05/13 00:14:07 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 13:00:18 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\SNMP\BASFND.sys -- (BASFND)
DRV - [2008/05/14 14:04:26 | 000,054,784 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2008/05/01 21:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/01/14 10:13:54 | 000,025,088 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dcdbas32.sys -- (dcdbas)
DRV - [2008/01/11 00:31:06 | 000,014,848 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\QDLTx32.sys -- (QDLTx32)
DRV - [2007/02/18 05:00:00 | 000,221,696 | ---- | M] (Agilent Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afcnt.sys -- (afcnt)
DRV - [2007/02/18 05:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 05:00:00 | 000,154,624 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2200.sys -- (ql2200)
DRV - [2007/02/18 05:00:00 | 000,130,560 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql2100.sys -- (ql2100)
DRV - [2007/02/18 05:00:00 | 000,113,664 | ---- | M] (Emulex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\lp6nds35.sys -- (lp6nds35)
DRV - [2007/02/18 05:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/18 05:00:00 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqfcalm.sys -- (cpqfcalm)
DRV - [2007/02/18 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/18 05:00:00 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2007/02/18 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 05:00:00 | 000,039,424 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpt3xx.sys -- (hpt3xx)
DRV - [2007/02/18 05:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/18 05:00:00 | 000,027,648 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ipsraidn.sys -- (ipsraidn)
DRV - [2007/02/18 05:00:00 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2007/02/18 05:00:00 | 000,022,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dellcerc.sys -- (dellcerc)
DRV - [2007/02/18 05:00:00 | 000,018,432 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqcissm.sys -- (cpqcissm)
DRV - [2007/02/18 05:00:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2007/02/18 05:00:00 | 000,015,360 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarry2.sys -- (cpqarry2)
DRV - [2007/02/15 02:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 02:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/09/18 15:23:34 | 000,031,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpfilter.sys -- (tpfilter)
DRV - [2006/09/12 11:26:16 | 000,031,872 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VirtFile.sys -- (VirtFile)
DRV - [2006/09/05 18:16:14 | 000,037,760 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\halfinch.sys -- (halfinchVRTS)
DRV - [2006/05/03 16:08:20 | 000,019,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS -- (SCSIChanger)
DRV - [2006/04/20 17:31:38 | 001,379,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/19 11:12:22 | 000,067,072 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/03/24 18:55:32 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2004/01/06 16:57:24 | 000,887,431 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 20:09:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/04 20:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\st_admin\Application Data\Mozilla\Extensions
[2012/09/04 20:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\st_admin\Application Data\Mozilla\Firefox\Profiles\e36jque6.default\extensions
[2012/09/04 20:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/24 19:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/24 19:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/24 19:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/01 13:33:33 | 000,000,899 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShutdownEventCheck] %systemroot%\system32\dumprep 0 -s File not found
O4 - HKLM..\Run: [XXXXXX87FC2E28] C:\Documents and Settings\xiaopu$\WINDOWS\XXXXXX87FC2E28\svchsot.exe File not found
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stone-tapert.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F0DECE3-5FFC-42B5-B543-0EA70D88C1B3}: NameServer = 192.168.1.130,192.168.1.150
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:AutorunsDisabled () -
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/02 18:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 13:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\reset
[2012/09/08 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/09/07 19:17:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\clb.dll
[2012/09/07 18:03:25 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\st_admin\Desktop\tdsskiller.exe
[2012/09/06 16:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\Logs
[2012/09/06 09:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\My Documents\Downloads
[2012/09/05 23:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/05 23:35:56 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/05 23:35:56 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/05 23:35:43 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/05 23:35:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/05 23:35:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/05 23:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Sun
[2012/09/05 23:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/05 18:50:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\56B06D10
[2012/09/04 20:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Mozilla
[2012/09/04 20:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Mozilla
[2012/09/04 20:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/04 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/04 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/03 13:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\NirSoft ShellExView
[2012/09/03 13:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/09/02 13:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\Old
[2012/09/02 13:06:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 20:52:29 | 000,121,368 | ---- | C] (DameWare Development LLC) -- C:\WINDOWS\System32\DNTUS26.EXE
[2012/09/01 13:34:55 | 000,000,000 | ---D | C] -- C:\Old
[2012/09/01 12:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\My Documents\Exchange Task Wizard Logs
[2012/08/31 19:01:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Administrative Tools
[2012/08/31 18:57:05 | 001,864,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/08/31 18:57:05 | 001,864,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/08/31 18:56:49 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/08/31 18:56:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/08/31 18:56:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/08/31 18:56:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/08/31 18:56:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/08/31 18:56:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/08/31 18:56:46 | 000,916,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/08/31 18:56:42 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/08/31 18:56:39 | 006,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/08/31 18:52:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\IECompatCache
[2012/08/31 18:52:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\PrivacIE
[2012/08/31 18:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Identities
[2012/08/31 17:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\WINDOWS
[2012/08/31 17:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Microsoft
[2012/08/31 17:50:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\st_admin\Application Data\Microsoft
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\SendTo
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\Recent
[2012/08/31 17:50:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\st_admin\Application Data
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Startup
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\My Documents
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Favorites
[2012/08/31 17:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\st_admin\Start Menu\Programs\Accessories
[2012/08/31 17:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\IETldCache
[2012/08/31 17:50:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\st_admin\Cookies
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\Templates
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\PrintHood
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\NetHood
[2012/08/31 17:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\st_admin\Local Settings
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\TeamViewer
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\Symantec
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Local Settings\Application Data\PCHealth
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Malwarebytes
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Macromedia
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Application Data\Adobe
[2012/08/31 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\st_admin\Desktop\AATS
[2012/08/29 06:02:11 | 000,000,000 | ---D | C] -- C:\Dell
[2012/08/28 17:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 3
[2012/08/28 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer3
[2012/08/27 20:09:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\dwrcssft
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/08 13:37:05 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\st_admin\Desktop\reset.zip
[2012/09/08 10:06:04 | 000,004,100 | ---- | M] () -- C:\Documents and Settings\st_admin\Desktop\NewSens.reg
[2012/09/08 09:40:26 | 000,004,228 | ---- | M] () -- C:\Documents and Settings\st_admin\Desktop\GoodSens.reg
[2012/09/07 18:02:42 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\st_admin\Desktop\tdsskiller.exe
[2012/09/07 12:00:14 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{53dc1cf1-91e7-11db-9d5d-806e6f6e6963}.job
[2012/09/07 12:00:10 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{69f3b6d1-590e-11de-abaa-00188b42e686}.job
[2012/09/07 01:04:48 | 000,950,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/07 01:04:47 | 000,240,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/06 22:39:41 | 000,013,830 | ---- | M] () -- C:\WINDOWS\System32\besnmp.TRC
[2012/09/06 16:02:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG
[2012/09/06 16:02:07 | 000,003,952 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/09/05 23:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/05 23:35:11 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/05 23:35:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/09/05 23:35:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/05 23:35:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/05 23:35:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/05 23:35:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/05 23:35:08 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/05 11:24:34 | 000,001,726 | -H-- | M] () -- C:\Documents and Settings\st_admin\My Documents\Default.rdp
[2012/09/04 20:09:57 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/03 19:43:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/01 13:33:33 | 000,000,899 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/31 19:38:11 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/31 19:26:51 | 000,003,423 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/31 18:47:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 17:48:59 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2012/08/27 20:09:55 | 000,000,713 | ---- | M] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2012/08/23 00:45:06 | 000,689,826 | ---- | M] () -- C:\Program Files\TCPM.zip
[2012/08/23 00:34:43 | 001,861,240 | ---- | M] () -- C:\Program Files\DNS.zip
[2012/08/17 17:33:42 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Remote Desktop Connection.lnk
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/08 13:37:27 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\reset.zip
[2012/09/08 10:06:04 | 000,004,100 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\NewSens.reg
[2012/09/08 09:43:44 | 000,004,228 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\GoodSens.reg
[2012/09/05 23:27:43 | 000,013,830 | ---- | C] () -- C:\WINDOWS\System32\besnmp.TRC
[2012/09/04 20:09:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/04 20:09:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/31 23:26:32 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Remote Desktop Connection.lnk
[2012/08/31 23:24:00 | 000,001,726 | -H-- | C] () -- C:\Documents and Settings\st_admin\My Documents\Default.rdp
[2012/08/31 18:55:05 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Viewer.lnk
[2012/08/31 18:47:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\st_admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/31 18:47:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Internet Explorer.lnk
[2012/08/31 18:47:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Outlook Express.lnk
[2012/08/31 17:50:11 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\st_admin\Desktop\Job Monitor.lnk
[2012/08/31 17:50:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\st_admin\Start Menu\Programs\Remote Assistance.lnk
[2012/08/27 20:09:46 | 000,000,713 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2012/08/23 00:45:05 | 000,689,826 | ---- | C] () -- C:\Program Files\TCPM.zip
[2012/08/23 00:34:41 | 001,861,240 | ---- | C] () -- C:\Program Files\DNS.zip
[2012/06/04 01:48:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/06/04 01:48:00 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/05/31 17:16:20 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2012/05/30 23:15:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/03 10:29:13 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006/12/22 10:52:21 | 000,003,952 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== Custom Scans ==========

< MD5 for: ACLUI.DLL >
[2007/02/17 02:16:16 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=B16D52E6C742A2E39D9739C167CB2DFA -- C:\WINDOWS\ServicePackFiles\i386\aclui.dll
[2007/02/18 05:00:00 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=B16D52E6C742A2E39D9739C167CB2DFA -- C:\WINDOWS\system32\aclui.dll

< MD5 for: ADVAPI32.DLL >
[2009/07/18 08:58:23 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=2085B957FB56927A8F3768DE740612C4 -- C:\WINDOWS\system32\advapi32.dll
[2009/07/18 08:58:23 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=2085B957FB56927A8F3768DE740612C4 -- C:\WINDOWS\system32\dllcache\advapi32.dll
[2009/02/09 04:02:55 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=5F1120D0CA0ED6B1CEAE21555E06333D -- C:\WINDOWS\$NtUninstallKB973825$\advapi32.dll
[2009/02/09 04:07:53 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=976BAB6E43FCA6E8A5F4FD02F8B2B6FB -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\advapi32.dll
[2009/07/18 09:19:27 | 000,619,008 | ---- | M] (Microsoft Corporation) MD5=CED3B9FDC2067016C70DB72D79CC6301 -- C:\WINDOWS\$hf_mig$\KB973825\SP2QFE\advapi32.dll
[2007/02/18 05:00:00 | 000,618,496 | ---- | M] (Microsoft Corporation) MD5=FDAC8B8F5B7FFBD7E8B70EC9E1A52CDA -- C:\WINDOWS\$NtUninstallKB956572$\advapi32.dll
[2007/02/17 02:16:46 | 000,618,496 | ---- | M] (Microsoft Corporation) MD5=FDAC8B8F5B7FFBD7E8B70EC9E1A52CDA -- C:\WINDOWS\ServicePackFiles\i386\advapi32.dll

< MD5 for: APPHELP.DLL >
[2007/02/17 02:17:04 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=090E3B6C7E32EDB0390CDEEF24CCBF56 -- C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
[2007/02/18 05:00:00 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=090E3B6C7E32EDB0390CDEEF24CCBF56 -- C:\WINDOWS\system32\apphelp.dll

< MD5 for: AUTHZ.DLL >
[2007/02/17 02:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=830A9878424DD0FB82DB6AD3C3C3D11A -- C:\WINDOWS\ServicePackFiles\i386\authz.dll
[2007/02/18 05:00:00 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=830A9878424DD0FB82DB6AD3C3C3D11A -- C:\WINDOWS\system32\authz.dll

< MD5 for: GDI32.DLL >
[2007/03/01 23:41:38 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=0C277F9B5BF1652CBC7CFD3C0D33060D -- C:\WINDOWS\$hf_mig$\KB925902-v2\SP2QFE\gdi32.dll
[2008/10/23 04:43:54 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=284A13EBBFDE5F31A3C40505474C66DD -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/10/23 04:43:54 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=284A13EBBFDE5F31A3C40505474C66DD -- C:\WINDOWS\system32\gdi32.dll
[2005/03/25 06:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=57976308D1C0D163917331DF1DFFD66D -- C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll
[2007/02/18 05:00:00 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=92C9E62F6132909B0999462A4AFA5625 -- C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll
[2007/02/17 03:03:36 | 000,282,624 | ---- | M] (Microsoft Corporation) MD5=92C9E62F6132909B0999462A4AFA5625 -- C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
[2005/12/30 21:12:56 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=A8DF14D6245446962111B632F9114DAA -- C:\WINDOWS\$NtUninstallKB925902_0$\gdi32.dll
[2008/10/23 05:18:46 | 000,284,672 | ---- | M] (Microsoft Corporation) MD5=DADDD32BA129BE5FEF9F2B46BBC24B03 -- C:\WINDOWS\$hf_mig$\KB956802\SP2QFE\gdi32.dll
[2005/10/05 19:03:13 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=FB0032833DE650E99F4632D94CE1BACD -- C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll

< MD5 for: IMM32.DLL >
[2007/02/17 03:19:36 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=E6B01492682B799479456A8E45C6A7B1 -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2007/02/18 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=E6B01492682B799479456A8E45C6A7B1 -- C:\WINDOWS\system32\imm32.dll

< MD5 for: MSCTF.DLL >
[2007/02/17 03:34:28 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=449CEE6ED95B047C5E115E3594FE0C61 -- C:\WINDOWS\ServicePackFiles\i386\msctf.dll
[2007/02/18 05:00:00 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=449CEE6ED95B047C5E115E3594FE0C61 -- C:\WINDOWS\system32\MSCTF.dll

< MD5 for: MSCTFIME.IME >
[2007/02/17 03:34:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=CF9FD4D848945951A2468BD85EBFBE23 -- C:\WINDOWS\ServicePackFiles\i386\msctfime.ime
[2007/02/18 05:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=CF9FD4D848945951A2468BD85EBFBE23 -- C:\WINDOWS\system32\MSCTFIME.IME

< MD5 for: MSIMTF.DLL >
[2007/02/17 03:35:34 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=96976A57CA09DEFD08D6F3AAC4688B31 -- C:\WINDOWS\ServicePackFiles\i386\msimtf.dll
[2007/02/18 05:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=96976A57CA09DEFD08D6F3AAC4688B31 -- C:\WINDOWS\system32\MSIMTF.dll

< MD5 for: MSLBUI.DLL >
[2007/02/17 03:35:54 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=CD9B9C71AAFB02C05BA28D38FF7F845B -- C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
[2007/02/18 05:00:00 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=CD9B9C71AAFB02C05BA28D38FF7F845B -- C:\WINDOWS\system32\mslbui.dll

< MD5 for: NTMARTA.DLL >
[2007/02/17 03:42:08 | 000,121,856 | ---- | M] (Microsoft Corporation) MD5=DD496EC3DE4C1C741391CD5367E84AC3 -- C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
[2007/02/18 05:00:00 | 000,121,856 | ---- | M] (Microsoft Corporation) MD5=DD496EC3DE4C1C741391CD5367E84AC3 -- C:\WINDOWS\system32\ntmarta.dll

< MD5 for: OLEAUT32.DLL >
[2010/12/20 12:03:07 | 000,553,984 | ---- | M] (Microsoft Corporation) MD5=05BF13C2C924D9DC9F6C7CDA7DAA5BD6 -- C:\WINDOWS\system32\dllcache\oleaut32.dll
[2010/12/20 12:03:07 | 000,553,984 | ---- | M] (Microsoft Corporation) MD5=05BF13C2C924D9DC9F6C7CDA7DAA5BD6 -- C:\WINDOWS\system32\oleaut32.dll
[2007/02/18 05:00:00 | 000,552,960 | ---- | M] (Microsoft Corporation) MD5=7240ECB04A62F384B82BAE0D01BF5CB5 -- C:\WINDOWS\$NtUninstallKB2476490$\oleaut32.dll
[2007/02/17 03:43:14 | 000,552,960 | ---- | M] (Microsoft Corporation) MD5=7240ECB04A62F384B82BAE0D01BF5CB5 -- C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
[2010/12/20 12:04:43 | 000,555,008 | ---- | M] (Microsoft Corporation) MD5=F3F6EFFB1D2D6486CC7D9C93FEC3BF08 -- C:\WINDOWS\$hf_mig$\KB2476490\SP2QFE\oleaut32.dll

< MD5 for: REGEDIT.EXE >
[2007/02/18 05:00:00 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\regedit.exe
[2007/02/18 00:34:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2007/02/18 05:00:00 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\system32\dllcache\regedit.exe
[2005/03/25 06:00:00 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=6F2259A2B311E402E30E4014AA34910B -- C:\i386\REGEDIT.EXE

< MD5 for: RPCRT4.DLL >
[2010/08/18 02:38:36 | 000,647,680 | ---- | M] (Microsoft Corporation) MD5=26F40D5ABEE2F0AFF9A89D81D7D3D2D9 -- C:\WINDOWS\$hf_mig$\KB2360937\SP2QFE\rpcrt4.dll
[2009/04/27 03:45:27 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=2EB0CD923E0039E6FFE81927EADD2C0D -- C:\WINDOWS\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
[2010/08/18 02:27:25 | 000,647,168 | ---- | M] (Microsoft Corporation) MD5=834C667480F2B831789916B2327E2BCC -- C:\WINDOWS\system32\dllcache\rpcrt4.dll
[2010/08/18 02:27:25 | 000,647,168 | ---- | M] (Microsoft Corporation) MD5=834C667480F2B831789916B2327E2BCC -- C:\WINDOWS\system32\rpcrt4.dll
[2007/02/18 05:00:00 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=D92BCB65F8C40B7E88362F8EA8A06565 -- C:\WINDOWS\$NtUninstallKB2360937$\rpcrt4.dll
[2007/02/17 03:55:42 | 000,642,048 | ---- | M] (Microsoft Corporation) MD5=D92BCB65F8C40B7E88362F8EA8A06565 -- C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll

< MD5 for: SAMLIB.DLL >
[2007/02/17 03:58:04 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=C67F484C82858D9DFE6D9EF471706289 -- C:\WINDOWS\ServicePackFiles\i386\samlib.dll
[2007/02/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=C67F484C82858D9DFE6D9EF471706289 -- C:\WINDOWS\system32\samlib.dll

< MD5 for: SECUR32.DLL >
[2009/06/16 00:21:28 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=27428099F0049CCBD88333FB26DE90BE -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\secur32.dll
[2007/02/18 05:00:00 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=3180596268E5CEB704E2E85D9FCC4B89 -- C:\WINDOWS\$NtUninstallKB959426$\secur32.dll
[2007/02/17 03:58:56 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=3180596268E5CEB704E2E85D9FCC4B89 -- C:\WINDOWS\ServicePackFiles\i386\secur32.dll
[2009/02/04 04:45:40 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=70927B4E18719176E6E08DA450DA1B47 -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\secur32.dll
[2009/02/04 04:41:02 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=72390B20877A9D78690EF5C83AB4BD3E -- C:\WINDOWS\$NtUninstallKB968389$\secur32.dll
[2009/06/15 23:58:59 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=E31C0503AF7E7E578C27A9AD36D90991 -- C:\WINDOWS\system32\dllcache\secur32.dll
[2009/06/15 23:58:59 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=E31C0503AF7E7E578C27A9AD36D90991 -- C:\WINDOWS\system32\secur32.dll

< MD5 for: SENS.DLL >
[2007/02/17 03:58:56 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=97B6172283112AF7451E4ABE83DD6F24 -- C:\WINDOWS\ServicePackFiles\i386\sens.dll
[2007/02/18 05:00:00 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=97B6172283112AF7451E4ABE83DD6F24 -- C:\WINDOWS\system32\sens.dll

< MD5 for: SHIMENG.DLL >
[2007/02/17 03:59:40 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=5AF5E1BA8593E9C7A0B0A84C499BBFD7 -- C:\WINDOWS\ServicePackFiles\i386\shimeng.dll
[2007/02/18 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=5AF5E1BA8593E9C7A0B0A84C499BBFD7 -- C:\WINDOWS\system32\shimeng.dll

< MD5 for: SYSMAIN.SDB >
[2009/03/27 00:38:56 | 001,359,206 | ---- | M] () MD5=2D28AECB7255AA6E1470567C801CDA69 -- C:\WINDOWS\$hf_mig$\KB923561\SP2QFE\sysmain.sdb
[2009/03/27 00:47:15 | 001,359,394 | ---- | M] () MD5=3F8DAE0B15521E9D09FED7128AE313B7 -- C:\WINDOWS\$NtUninstallKB2492386$\sysmain.sdb
[2007/02/18 05:00:00 | 001,359,280 | ---- | M] () MD5=4583DC00C28188A510FF6C884B81043D -- C:\WINDOWS\$NtUninstallKB923561$\sysmain.sdb
[2007/02/17 06:23:52 | 001,359,280 | ---- | M] () MD5=4583DC00C28188A510FF6C884B81043D -- C:\WINDOWS\ServicePackFiles\i386\sysmain.sdb
[2009/11/21 07:14:05 | 001,364,038 | ---- | M] () MD5=4D5C04BD70B7230B26CF18A81BBA2921 -- C:\WINDOWS\$hf_mig$\KB955759\SP2QFE\sysmain.sdb
[2009/11/21 07:14:05 | 001,364,038 | ---- | M] () MD5=4D5C04BD70B7230B26CF18A81BBA2921 -- C:\WINDOWS\SoftwareDistribution\Download\ae9c91c013b96db84898f82995bc9725\SP2QFE\sysmain.sdb
[2011/03/11 22:58:45 | 001,364,226 | ---- | M] () MD5=6517F10D3B889D9BC5B941FAA87A2890 -- C:\WINDOWS\AppPatch\sysmain.sdb
[2011/03/11 22:58:45 | 001,364,226 | ---- | M] () MD5=6517F10D3B889D9BC5B941FAA87A2890 -- C:\WINDOWS\system32\dllcache\sysmain.sdb
[2011/03/11 22:55:44 | 001,364,028 | ---- | M] () MD5=74B3110108EDCDEAF1C68420A490E704 -- C:\WINDOWS\$hf_mig$\KB2492386\SP2QFE\sysmain.sdb
[2009/11/21 07:55:37 | 001,364,226 | ---- | M] () MD5=E6640FF827D1D4331265E08405C65789 -- C:\WINDOWS\SoftwareDistribution\Download\ae9c91c013b96db84898f82995bc9725\SP2GDR\sysmain.sdb

< MD5 for: ULIB.DLL >
[2007/02/17 04:07:16 | 000,277,504 | ---- | M] (Microsoft Corporation) MD5=D5DDDF30A0D4B6D5BDCF3E7C4B3C28B3 -- C:\WINDOWS\ServicePackFiles\i386\ulib.dll
[2007/02/18 05:00:00 | 000,277,504 | ---- | M] (Microsoft Corporation) MD5=D5DDDF30A0D4B6D5BDCF3E7C4B3C28B3 -- C:\WINDOWS\system32\ulib.dll

< MD5 for: UXTHEME.DLL >
[2007/02/17 04:07:46 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=DADEEC3B6FD2F760D9BCB8654524D8D0 -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2007/02/18 05:00:00 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=DADEEC3B6FD2F760D9BCB8654524D8D0 -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: VERSION.DLL >
[2007/02/17 04:07:52 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=2AAAA7E2A78E49EF17F09012DF440A6B -- C:\WINDOWS\ServicePackFiles\i386\version.dll
[2007/02/18 05:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=2AAAA7E2A78E49EF17F09012DF440A6B -- C:\WINDOWS\system32\version.dll

< MD5 for: WINDOWSSHELL.MANIFEST >
[2012/05/29 12:31:46 | 000,000,749 | RH-- | M] () MD5=5A5CFF37F1BD0F86B9BDAAD7A9445882 -- C:\WINDOWS\WindowsShell.Manifest

< MD5 for: WLDAP32.DLL >
[2007/02/17 04:09:28 | 000,179,712 | ---- | M] (Microsoft Corporation) MD5=384C93BEBACA1336E930EF713EDE2511 -- C:\WINDOWS\ServicePackFiles\i386\wldap32.dll
[2007/02/18 05:00:00 | 000,179,712 | ---- | M] (Microsoft Corporation) MD5=384C93BEBACA1336E930EF713EDE2511 -- C:\WINDOWS\system32\wldap32.dll

< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs /s >

< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll" = 1
"mscorwks.dll" = 1
"mso.dll" = 1
"msjava.dll" = 1
"msci_uno.dll" = 1
"jvm.dll" = 1
"jvm_g.dll" = 1
"javai.dll" = 1
"vb40032.dll" = 1
"vbe6.dll" = 1
"ums.dll" = 1
"main123w.dll" = 1
"Salwrap.dll" = 1
"tcore_ebook.dll" = 1
"udtapi.dll" = 1
"mscorsvr.dll" = 1
"eMigrationmmc.dll" = 1
"eProcedureMMC.dll" = 1
"eQueryMMC.dll" = 1
"EncryptPatchVer.dll" = 1
"Cleanup.dll" = 1
"divx.dll" = 1
"divxdec.ax" = 1
"fullsoft.dll" = 1
"NSWSTE.dll" = 1
"ASSTE.dll" = 1
"NPMLIC.dll" = 1
"PMSTE.dll" = 1
"AVSTE.dll" = 1
"NAVOPTRF.dll" = 1
"DRMINST.dll" = 1
"TFDTCTT8.dll" = 1
"DJSMAR00.dll" = 1
"xlmlEN.dll" = 1
"ISSTE.dll" = 1
"symlcnet.dll" = 1
"ppw32hlp.dll" = 1
"Apitrap.dll" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE]
"GlobalFlag" = 0x00200000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE]
"GlobalFlag" = 0x00200000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
"DisableHeapLookAside" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE]
"ApplicationGoo" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
"Debugger" = ntsd -d -- [2007/02/18 05:00:00 | 000,040,960 | ---- | M] (Microsoft Corporation)
"GlobalFlag" = 0x000010F0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE]
"ApplicationGoo" = [Binary data over 100 bytes]

< HKLM\System\CurrentControlSet\Services\LDAP /s >
"ldapclientintegrity" = 1

< HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers /s >
"C:\WINDOWS\system32\rundll32.exe" = EnableNXShowUI
"C:\WINDOWS\explorer.exe" = EnableNXShowUI

< HKLM\Software\Microsoft\CTF\SystemShared /s >
"CUAS" = 0

< End of report >

#134
rahanna

Posted 09 September 2012 - 12:02 AM

Member

Topic Starter
Member
96 posts

Here is the Extras.txt

OTL Extras logfile created on: 9/8/2012 10:48:36 PM - Run 11
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Dell
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.69% Memory free
5.35 Gb Paging File | 3.91 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 135.41 Gb Total Space | 91.96 Gb Free Space | 67.91% Space Free | Partition Type: NTFS
Drive D: | 544.49 Gb Total Space | 158.16 Gb Free Space | 29.05% Space Free | Partition Type: NTFS

Computer Name: ST-SERVER | User Name: st_admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F59FC7-E7CB-4E48-8923-62E7A436A5AE}" = AAStationInstallConditions
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ADA2703-45D1-4B0D-9BBB-3DF83C6E7F99}" = AdvisorsAssistantFileTransfer
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{0DAA9912-3FE2-4B84-B926-8D7F71A8A99A}" = Microsoft SQL Server 2005 Reporting Services (ADVISORSASSIST)
"{21B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{25331195-4E18-11D7-9D73-0008C7223F91}" = Zoom V.92 PCI Voice Faxmodem
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BKUPEXEC)
"{314D881D-384C-4A04-993D-F0876D21EAA5}" = Symantec Backup Exec for Windows Servers (Hotfix 10)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A0E46D2-D124-48A4-A936-9729FB7715FE}" = Symantec Backup Exec for Windows Servers (Hotfix 20)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40DA090B-64E9-41C9-BC16-6D3BEA5A8E16}" = Symantec Backup Exec for Windows Servers (Hotfix 30)
"{40E27BC4-2003-41C7-B4D3-E636B8DAF969}" = AAUpdateConditions
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{44025E80-44C3-416F-98DC-AE09CCFD57FD}" = Advisors Assistant Version 2 Conversion
"{47653B97-E079-454D-8DB9-B323E388FF93}" = Symantec Endpoint Protection Manager
"{4966AE07-55D8-4D91-85A1-0F97A4DDA603}" = Symantec Backup Exec for Windows Servers (Hotfix 6)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BC2CC7-C3E0-4ADB-B5A1-C26CDAA9A99F}" = Symantec Backup Exec for Windows Servers (Hotfix 38)
"{51C3F2C4-2FD8-48C1-8301-E660A6A84992}" = Symantec Backup Exec for Windows Servers (Hotfix 9)
"{520C5E07-E4D0-407D-B94D-E9F2D9208016}" = Acronis True Image Echo Enterprise Server
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{5D42FAD4-3C0B-4CA8-B840-205B83A06125}" = Symantec Backup Exec for Windows Servers (Hotfix 2)
"{5E9E538A-308B-4342-A54E-CE3A8015DB18}" = Advisors Assistant Server Utilities
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (PRESENTS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76CF1D9F-2285-48A5-B897-6EB978B221AA}" = Symantec Backup Exec for Windows Servers (Hotfix 13)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89C7A9F7-2C31-4739-842D-F037B6C9B674}" = Dell OpenManage Server Administrator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905D1B7B-FC03-4A5E-9198-143CA02D9059}" = Advisors Assistant Server Component
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9111DFCB-DDB2-4E49-8DF7-91F623D14BF6}" = Symantec Backup Exec for Windows Servers (Hotfix 29)
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{92FCCD86-7737-41CC-A700-7FE6015CE01A}" = Symantec Backup Exec for Windows Servers (Hotfix 27)
"{9A6329B8-9383-4D6F-BC0B-9E8CB1F8B5EA}" = Advisors Assistant Station Program
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDD9119-D625-4B91-B2D1-11C08D485E44}" = Symantec Backup Exec for Windows Servers (Hotfix 15)
"{9DA4493A-480C-4554-A02C-4B542D33A1D9}" = ManageEngine NetFlow Analyzer 7.5
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (ADVISORSASSIST)
"{B3C91427-E6A6-405C-980E-1EB3AE1F041D}" = Symantec Backup Exec for Windows Servers (Hotfix 16)
"{BA62EF4E-BD43-4BF8-B10A-72B79ABE195B}" = Symantec Backup Exec for Windows Servers (Service Pack 3)
"{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA465C8-2923-42C6-9141-BE44739A6A80}" = Symantec Backup Exec for Windows Servers
"{BEE9E48B-BA8F-48DC-A63E-E0FD477A8FCB}" = Symantec Backup Exec for Windows Servers (Hotfix 11)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C3F5DBA5-ABFC-443E-AA60-928223AADF53}" = Microsoft SQL Server 2005
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FAC044-FBEC-4605-9649-9BF12D977E87}" = Symantec Backup Exec for Windows Servers (Hotfix 24)
"{D147EA10-4361-41A7-A4DB-D84024D06D35}" = Symantec Backup Exec for Windows Servers (Hotfix 35)
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6AFA160-5CF3-4C84-A2E6-18615BE014D9}" = ManageEngine OpManager 8.0
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DFC22BCF-1371-4DF5-B8D3-E2F3B4CCB19A}" = Symantec Backup Exec for Windows Servers (Hotfix 21)
"{E0B27188-A15E-4C64-AE49-85E8EF46184B}" = Reporting Agents (Symantec Corporation)
"{E1A85893-2CF7-4155-9731-453B858A07B0}" = Symantec Backup Exec for Windows Servers (Hotfix 23)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E65928F8-937C-476E-83CB-16CC3376BA8A}" = Symantec Backup Exec for Windows Servers (Service Pack 2)
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA687A74-7AE0-4CB2-B01F-303748E7D5A9}" = Symantec Backup Exec for Windows Servers (Service Pack 1)
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F0E8F664-CAC6-4104-A4F9-4373F0633495}" = Acronis Disk Director Server
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF7CF098-176D-4C8E-A39C-E33074252ED8}" = Symantec Backup Exec for Windows Servers (Hotfix 19)
"9161A261-6ABE-4668-BBFA-AD06B3F642CF" = Microsoft Exchange
"ActiveTouchMeetingClient" = WebEx
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Mass Sender 4.3" = Advanced Mass Sender 4.3
"Advisors Assistant 2.8" = Advisors Assistant 2.8
"ATI Display Driver" = ATI Display Driver
"FileZilla Client" = FileZilla Client 3.5.3
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft ShellExView" = NirSoft ShellExView
"Symantec Backup Exec 11.0" = Symantec Backup Exec ™ 11d for Windows Servers
"TeamViewer 3" = TeamViewer 3
"Unlocker" = Unlocker 1.8.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2012 2:51:34 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/6/2012 7:26:10 AM | Computer Name = ST-SERVER | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Maljava in File: d:\Shares\Home\joel\Application
Data\Sun\Java\Deployment\cache\6.0\38\db6ea26-46377893 by: Manual scan. Action:
Cleaned by Deletion. Action Description: The file was deleted successfully.

Error - 9/6/2012 2:51:46 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/6/2012 10:11:22 PM | Computer Name = ST-SERVER | Source = Application Hang | ID = 1002
Description = Hanging application procexp.exe, version 15.22.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2012 1:30:27 AM | Computer Name = ST-SERVER | Source = Backup Exec | ID = 57860
Description = An error occurred while attempting to log in to the following server:
"ST-SERVER". SQL error number: "000E". SQL error message: "[DBNETLIB][ConnectionOpen
(Invalid Instance()).]Invalid connection. ". For more information, click the following
link: http://eventlookup.v...entLookup.jhtml

Error - 9/7/2012 2:51:48 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/7/2012 2:51:51 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/8/2012 1:30:34 AM | Computer Name = ST-SERVER | Source = Backup Exec | ID = 57860
Description = An error occurred while attempting to log in to the following server:
"ST-SERVER". SQL error number: "000E". SQL error message: "[DBNETLIB][ConnectionOpen
(Invalid Instance()).]Invalid connection. ". For more information, click the following
link: http://eventlookup.v...entLookup.jhtml

Error - 9/8/2012 2:52:00 AM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

Error - 9/8/2012 2:52:01 PM | Computer Name = ST-SERVER | Source = Report Server Windows Service (ADVISORSASSIST) | ID = 107
Description = Report Server Windows Service (ADVISORSASSIST) cannot connect to the
report server database.

[ Directory Service Events ]
Error - 8/26/2012 10:43:56 PM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 9:48:11 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:00:14 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:17:01 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:22:02 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:29:23 AM | Computer Name = ST-SERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 8/27/2012 10:29:25 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/27/2012 10:43:53 AM | Computer Name = ST-SERVER | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 8430 The directory service encountered an internal
failure. Internal ID: 3200c89 User Action: Make sure a global catalog is available
in the forest, and is reachable from this domain controller. You may use the nltest
utility to diagnose this problem.

Error - 8/27/2012 11:00:43 AM | Computer Name = ST-SERVER | Source = NTDS Replication | ID = 2426919
Description =

Error - 8/31/2012 8:48:59 PM | Computer Name = ST-SERVER | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

[ DNS Server Events ]
Error - 8/27/2012 11:10:57 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 8/27/2012 11:10:57 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/1/2012 3:17:38 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 9/2/2012 8:51:34 PM | Computer Name = ST-SERVER | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone stone-tapert.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

[ File Replication Service Events ]
Error - 7/3/2012 11:14:39 AM | Computer Name = ST-SERVER | Source = NtFrs | ID = 13571
Description = The File Replication Service has detected that one or more volumes
on this computer have the same Volume Serial Number. File Replication Service does
not support this configuration. Files may not replicate until this conflict is
resolved. Volume Serial Number : a81a-1662 List of volumes that have this Volume
Serial Number: c:, c: The output of "dir" command displays the Volume Serial Number
before
listing the contents of the folder.

[ System Events ]
Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The Nwsapagent service terminated with the following error: %%126

Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The TrkSvr service terminated with the following error: %%126

Error - 9/6/2012 2:23:03 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The WmdmPmSp service terminated with the following error: %%126

Error - 9/6/2012 2:23:32 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
crcdisk

Error - 9/6/2012 2:47:59 AM | Computer Name = ST-SERVER | Source = WLBS | ID = 458787
Description = NLB Cluster 0.0.0.0 : Cluster mode cannot be enabled due to parameter
errors. All traffic will be passed through to TCP/IP. Restart cluster operations
after fixing the problem by running 'wlbs reload' followed by 'wlbs start'.

Error - 9/6/2012 2:47:59 AM | Computer Name = ST-SERVER | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7022
Description = The System Event Notification service hung on starting.

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The TrkSvr service terminated with the following error: %%126

Error - 9/6/2012 2:50:33 AM | Computer Name = ST-SERVER | Source = Service Control Manager | ID = 7023
Description = The WmdmPmSp service terminated with the following error: %%126

< End of report >

#135
RKinner

Posted 09 September 2012 - 12:39 AM

Malware Expert

Expert
24,625 posts

Do you use TeamViewer 3 to log in to this server?

Since you are concerned with siweb$ can you go in and change his password? Reduce him to a common user?

From http://www.f-secure....2_morto_a.shtml

The malware also does the following modifications:

Adds files

C:\WINDOWS\Offline Web Pages\cache.txt
C:\WINDOWS\system32\Sens32.dll

Doesn't your good server have this file too?

C:\WINDOWS\system32\Sens32.dll

Do you have C:\WINDOWS\Offline Web Pages and will it let you look at it with Explorer?

Go into regedit and navigate to one of the services that wouldn't let you delete it.

right click on it and select Permissions.

If you click on Administrators (YourComputerName\Administrators) You should see that Full Control is checked under Allow but greyed out. If not then

YourComputerName just stands for your computer name so it will be different on your server.

Click on Advanced then Owner.

What does it say under Current Owner of this Item?

It should say Administrators (YourComputerName\Administrators)

If it says anything else go to the next box and click on Administrators (YourComputerName\Administrators) check the box then OK.

Then it should give you the opportunity to check the Full Control box under Allow. OK.

Now try and delete the service by just rightclicking on its key and Delete.

Time to go to bed.