1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Can not get rid of System Tools Virus!

Discussion in 'Malware and Virus Removal Archive' started by wksda623, 2010/12/26.

Page 3 of 4
  1. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    Combofix said again that file C:\winnt\regedit.exe is infected and will try to fix it like it did the first time.........weird!

    David
     
    wksda623,
    #41
  2. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    ComboFix 10-12-31.01 - Weelsl623 12/31/2010 19:00:53.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2586 [GMT -5:00]
    Running from: c:\documents and settings\Weelsl623\My Documents\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\winnt\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

    Infected copy of c:\winnt\regedit.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{3DDA5D93-4BFF-46C5-9FBD-EF576F933962}\RP424\A0047414.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2010-12-31 01:54 . 2010-12-31 01:54 -------- d-----w- c:\documents and settings\Weelsl623\Application Data\FCTB000062133
    2010-12-17 21:14 . 2010-12-17 22:12 -------- d-----w- c:\program files\Common Files\FreeCause
    2010-12-15 01:47 . 2010-11-02 15:17 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
    2010-12-06 00:40 . 2006-05-16 09:50 53355 ----a-w- c:\program files\Mozilla Firefox\plugins\NPJinit13126.dll
    2010-12-06 00:40 . 2006-05-16 09:50 45164 ------w- c:\winnt\system32\plugincpl13126.cpl
    2010-12-06 00:40 . 2010-12-06 00:40 -------- d-----w- c:\program files\Oracle
    2010-12-06 00:40 . 2006-05-16 09:49 36962 ------w- c:\winnt\system32\ActPanel.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-27 23:59 . 2009-07-06 21:53 249856 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\NTUSER.DAT.tmp
    2010-12-27 23:59 . 2009-01-19 22:54 249856 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\NTUSER.DAT.tmp
    2010-12-20 23:09 . 2010-08-22 22:31 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-08-22 22:31 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2010-11-18 18:12 . 2007-02-11 03:35 81920 ----a-w- c:\winnt\system32\isign32.dll
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
    2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
    2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
    2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\winnt\system32\html.iec
    2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\winnt\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\winnt\system32\atmfd.dll
    2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
    2010-10-19 20:51 . 2009-10-02 19:59 222080 ------w- c:\winnt\system32\MpSigStub.exe
    2010-10-14 02:28 . 2010-08-23 21:49 9344 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
    2010-10-14 02:28 . 2010-08-23 21:49 84072 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
    2010-10-14 02:28 . 2010-08-23 21:48 88544 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 84264 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
    2010-10-14 02:28 . 2010-08-23 21:48 386840 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 313288 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
    2010-10-14 02:28 . 2010-08-23 21:48 52104 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 95600 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 152960 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 55840 ----a-w- c:\winnt\system32\drivers\cfwids.sys
    2010-10-14 02:28 . 2010-08-23 21:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
    [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
    [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys

    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys

    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
    [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
    [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
    [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
    [-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\winnt\$NtUninstallKB951748_0$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\winnt\$NtUninstallKB941644$\tcpip.sys
    [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917953$\tcpip.sys
    [-] 2003-06-19 19:05 . 5F1BE742B1F2196663255991AE7ACC83 . 332144 . . [5.00.2195.6706] . . c:\winnt\$NtUpdateRollupPackUninstall$\tcpip.sys

    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
    [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
    [-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll

    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
    [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
    [-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe

    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
    [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll

    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
    [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
    [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
    [-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll

    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
    [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
    [-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
    [-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
    [-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe

    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
    [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
    [-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll

    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\$NtUninstallKB950974$\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
    [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
    [-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll

    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
    [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB959426$\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\winnt\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
    [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
    [-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll

    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
    [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
    [-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll

    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
    [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll

    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
    [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
    [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\mswsock.dll
    [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB951748_0$\mswsock.dll

    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
    [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
    [-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll

    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
    [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
    [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
    [-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll

    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
    [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
    [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
    [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll

    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
    [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
    [-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll

    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
    [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe

    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
    [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
    [-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
    [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
    [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe

    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
    [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll

    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
    [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
    [-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
    [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
    [-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
    [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\system32\shsvcs.dll
    [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\winnt\$NtServicePackUninstall$\shsvcs.dll
    [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\winnt\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB928255$\shsvcs.dll

    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
    [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
    [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
    [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
    [-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll

    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
    [-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll

    [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
    [-] 2006-02-28 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
    [-] 2006-02-28 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
    [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys

    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\iprip.dll
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\system32\iprip.dll
    [-] 2006-02-28 . 14522C1499B146E016359EF216BDDB78 . 35328 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\iprip.dll

    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
    [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
    [-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll

    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\dllcache\mspmsnsv.dll
    [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtUninstallWMFDist11$\mspmsnsv.dll

    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
    [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
    [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll

    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
    [-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll

    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
    [-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll

    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
    [-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll

    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
    [-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll

    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
    [-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll

    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
    [-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
    [-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
    [-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll

    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
    [-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
    [-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
    [-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.46.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-01 00:07 . 2011-01-01 00:07 16384 c:\winnt\Temp\Perflib_Perfdata_43c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    "{4219427b-0228-4356-a78b-eb7668d37d07} "= "c:\program files\InboxDollars\Helper.dll" [2010-12-17 356864]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
    2010-12-17 22:12 1536000 ----a-w- c:\program files\InboxDollars\Toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

    [HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-17 98304]
    "MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
    "tscuninstall "= "c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=c:\winnt\pss\HotSync Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
    2005-03-10 06:56 405504 ----a-w- c:\program files\ULI5289\ALi5289.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2004-06-26 00:32 172032 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb12.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-02-17 19:34 98304 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
    2010-02-08 17:43 184320 ----a-w- c:\documents and settings\Weelsl623\Application Data\Transcend\SJelite3\SJelite3Launch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-12-22 09:09 77824 ----a-w- c:\winnt\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon "=2 (0x2)
    "Symantec Core LC "=2 (0x2)
    "idsvc "=3 (0x3)
    "gusvc "=3 (0x3)
    "gupdate "=2 (0x2)
    "CLTNetCnService "=2 (0x2)
    "clr_optimization_v2.0.50727_32 "=2 (0x2)
    "aspnet_state "=3 (0x3)
    "afcdpsrv "=2 (0x2)
    "AcrSch2Svc "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\G-Lock Software\\G-Lock SpamCombat\\gsc.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\InboxDollars\\TroubleShooter.exe "=
    "c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe "=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=

    R0 m5289;m5289;c:\winnt\system32\drivers\m5289.sys [2/10/2007 10:22 PM 51840]
    R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\winnt\system32\drivers\tdrpm258.sys [3/13/2010 8:46 PM 911680]
    R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\winnt\system32\drivers\ULiAGP.SYS [2/10/2007 10:22 PM 33408]
    R1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2/10/2007 10:22 PM 11776]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [8/23/2010 4:49 PM 84072]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/23/2010 4:49 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/23/2010 4:49 PM 141792]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [8/23/2010 4:48 PM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [8/23/2010 4:48 PM 313288]
    R3 mfendiskmp;mfendiskmp;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 8:42 PM 135664]
    S2 MSSQL$UPWARDSQL;SQL Server (UPWARDSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
    S3 afcdp;afcdp;c:\winnt\system32\drivers\afcdp.sys [3/13/2010 8:46 PM 160288]
    S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [8/23/2010 4:48 PM 84264]
    S3 SASENUM;SASENUM;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/13/2010 8:46 PM 2480048]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-01 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

    2010-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

    2011-01-01 c:\winnt\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

    2010-12-31 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.msn.com
    IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
    Trusted Zone: microsoft.com\www
    Trusted Zone: msn.com\www
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\MSN Toolbar\Platform\4.0.0417.0\Firefox
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Weelsl623\Application Data\Move Networks
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 19:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
     
    wksda623,
    #42


  3. to hide this advert.

  4. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(4024)
    c:\winnt\system32\WININET.dll
    c:\winnt\system32\ieframe.dll
    c:\winnt\system32\webcheck.dll
    c:\winnt\system32\WPDShServiceObj.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AMD\PowerNow!\GemServ.exe
    c:\program files\AMD\PowerNow!\gemback.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-31 19:13:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-01 00:13
    ComboFix2.txt 2010-12-31 01:52
    ComboFix3.txt 2010-12-31 00:51

    Pre-Run: 71,742,488,576 bytes free
    Post-Run: 71,728,861,184 bytes free

    - - End Of File - - 97BEEEE0C3DE311F9411E0BB65F11C44
     
    wksda623,
    #43
  5. 2010/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Combofix one more time.
     
    broni,
    #44
  6. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    from my previous download or do another download??

    David
     
    wksda623,
    #45
  7. 2010/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Same one will be fine.
     
    broni,
    #46
  8. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    ComboFix 10-12-31.01 - Weelsl623 12/31/2010 19:55:28.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2550 [GMT -5:00]
    Running from: c:\documents and settings\Weelsl623\My Documents\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\winnt\regedit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

    Infected copy of c:\winnt\regedit.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{3DDA5D93-4BFF-46C5-9FBD-EF576F933962}\RP424\A0047467.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2010-12-31 01:54 . 2010-12-31 01:54 -------- d-----w- c:\documents and settings\Weelsl623\Application Data\FCTB000062133
    2010-12-17 21:14 . 2010-12-17 22:12 -------- d-----w- c:\program files\Common Files\FreeCause
    2010-12-15 01:47 . 2010-11-02 15:17 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
    2010-12-06 00:40 . 2006-05-16 09:50 53355 ----a-w- c:\program files\Mozilla Firefox\plugins\NPJinit13126.dll
    2010-12-06 00:40 . 2006-05-16 09:50 45164 ------w- c:\winnt\system32\plugincpl13126.cpl
    2010-12-06 00:40 . 2010-12-06 00:40 -------- d-----w- c:\program files\Oracle
    2010-12-06 00:40 . 2006-05-16 09:49 36962 ------w- c:\winnt\system32\ActPanel.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-27 23:59 . 2009-07-06 21:53 249856 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\NTUSER.DAT.tmp
    2010-12-27 23:59 . 2009-01-19 22:54 249856 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\NTUSER.DAT.tmp
    2010-12-20 23:09 . 2010-08-22 22:31 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-08-22 22:31 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2010-11-18 18:12 . 2007-02-11 03:35 81920 ----a-w- c:\winnt\system32\isign32.dll
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
    2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
    2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
    2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\winnt\system32\html.iec
    2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\winnt\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\winnt\system32\atmfd.dll
    2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
    2010-10-19 20:51 . 2009-10-02 19:59 222080 ------w- c:\winnt\system32\MpSigStub.exe
    2010-10-14 02:28 . 2010-08-23 21:49 9344 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
    2010-10-14 02:28 . 2010-08-23 21:49 84072 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
    2010-10-14 02:28 . 2010-08-23 21:48 88544 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 84264 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
    2010-10-14 02:28 . 2010-08-23 21:48 386840 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 313288 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
    2010-10-14 02:28 . 2010-08-23 21:48 52104 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 95600 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 152960 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
    2010-10-14 02:28 . 2010-08-23 21:48 55840 ----a-w- c:\winnt\system32\drivers\cfwids.sys
    2010-10-14 02:28 . 2010-08-23 21:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
    [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
    [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys

    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
    [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys

    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
    [-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
    [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
    [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
    [-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
    [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\winnt\$NtUninstallKB951748_0$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\winnt\$NtUninstallKB941644$\tcpip.sys
    [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917953$\tcpip.sys
    [-] 2003-06-19 19:05 . 5F1BE742B1F2196663255991AE7ACC83 . 332144 . . [5.00.2195.6706] . . c:\winnt\$NtUpdateRollupPackUninstall$\tcpip.sys

    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
    [-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
    [-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll

    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
    [-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
    [-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe

    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
    [-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll

    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
    [-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
    [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
    [-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll

    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
    [-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
    [-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
    [-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
    [-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe

    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
    [-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
    [-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll

    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\$NtUninstallKB950974$\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
    [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
    [-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll

    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
    [-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB959426$\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\winnt\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
    [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
    [-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll

    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
    [-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
    [-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll

    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
    [-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll

    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
    [-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
    [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\mswsock.dll
    [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB951748_0$\mswsock.dll

    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
    [-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
    [-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll

    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
    [-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
    [-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
    [-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll

    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
    [-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
    [-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
    [-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll

    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
    [-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
    [-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll

    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
    [-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe

    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
    [-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
    [-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
    [-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
    [-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe

    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
    [-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll

    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
    [-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
    [-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
    [-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
    [-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
    [-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\system32\shsvcs.dll
    [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\winnt\$NtServicePackUninstall$\shsvcs.dll
    [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\winnt\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB928255$\shsvcs.dll

    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
    [-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
    [-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
    [-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
    [-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll

    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
    [-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll

    [-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
    [-] 2006-02-28 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
    [-] 2006-02-28 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
    [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys

    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\iprip.dll
    [-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\system32\iprip.dll
    [-] 2006-02-28 . 14522C1499B146E016359EF216BDDB78 . 35328 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\iprip.dll

    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
    [-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
    [-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll

    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\mspmsnsv.dll
    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\dllcache\mspmsnsv.dll
    [-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtUninstallWMFDist11$\mspmsnsv.dll

    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
    [-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
    [-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll

    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
    [-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll

    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
    [-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll

    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
    [-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll

    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
    [-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll

    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
    [-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll

    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
    [-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
    [-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
    [-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
    [-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll

    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
    [-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
    [-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
    [-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.46.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-01 01:02 . 2011-01-01 01:02 16384 c:\winnt\Temp\Perflib_Perfdata_46c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    "{4219427b-0228-4356-a78b-eb7668d37d07} "= "c:\program files\InboxDollars\Helper.dll" [2010-12-17 356864]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
    2010-12-17 22:12 1536000 ----a-w- c:\program files\InboxDollars\Toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

    [HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
    [HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-17 98304]
    "MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
    "tscuninstall "= "c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=c:\winnt\pss\HotSync Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
    2005-03-10 06:56 405504 ----a-w- c:\program files\ULI5289\ALi5289.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2004-06-26 00:32 172032 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb12.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-02-17 19:34 98304 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
    2010-02-08 17:43 184320 ----a-w- c:\documents and settings\Weelsl623\Application Data\Transcend\SJelite3\SJelite3Launch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-12-22 09:09 77824 ----a-w- c:\winnt\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon "=2 (0x2)
    "Symantec Core LC "=2 (0x2)
    "idsvc "=3 (0x3)
    "gusvc "=3 (0x3)
    "gupdate "=2 (0x2)
    "CLTNetCnService "=2 (0x2)
    "clr_optimization_v2.0.50727_32 "=2 (0x2)
    "aspnet_state "=3 (0x3)
    "afcdpsrv "=2 (0x2)
    "AcrSch2Svc "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\G-Lock Software\\G-Lock SpamCombat\\gsc.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\InboxDollars\\TroubleShooter.exe "=
    "c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe "=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=

    R0 m5289;m5289;c:\winnt\system32\drivers\m5289.sys [2/10/2007 10:22 PM 51840]
    R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\winnt\system32\drivers\tdrpm258.sys [3/13/2010 8:46 PM 911680]
    R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\winnt\system32\drivers\ULiAGP.SYS [2/10/2007 10:22 PM 33408]
    R1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2/10/2007 10:22 PM 11776]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [8/23/2010 4:49 PM 84072]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/23/2010 4:49 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/23/2010 4:49 PM 141792]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [8/23/2010 4:48 PM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [8/23/2010 4:48 PM 313288]
    R3 mfendiskmp;mfendiskmp;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 8:42 PM 135664]
    S2 MSSQL$UPWARDSQL;SQL Server (UPWARDSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
    S3 afcdp;afcdp;c:\winnt\system32\drivers\afcdp.sys [3/13/2010 8:46 PM 160288]
    S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [8/23/2010 4:48 PM 84264]
    S3 SASENUM;SASENUM;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/13/2010 8:46 PM 2480048]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-01 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

    2010-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

    2011-01-01 c:\winnt\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

    2010-12-31 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.msn.com
    IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
    Trusted Zone: microsoft.com\www
    Trusted Zone: msn.com\www
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\MSN Toolbar\Platform\4.0.0417.0\Firefox
    FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Weelsl623\Application Data\Move Networks
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 20:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
     
    wksda623,
    #47
  9. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3340)
    c:\winnt\system32\WININET.dll
    c:\winnt\system32\ieframe.dll
    c:\winnt\system32\webcheck.dll
    c:\winnt\system32\WPDShServiceObj.dll
    c:\winnt\system32\PortableDeviceTypes.dll
    c:\winnt\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AMD\PowerNow!\GemServ.exe
    c:\program files\AMD\PowerNow!\gemback.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\progra~1\mcafee.com\agent\mcupdate.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-31 20:08:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-01 01:08
    ComboFix2.txt 2011-01-01 00:13
    ComboFix3.txt 2010-12-31 01:52
    ComboFix4.txt 2010-12-31 00:51

    Pre-Run: 71,736,676,352 bytes free
    Post-Run: 71,723,102,208 bytes free

    - - End Of File - - E6A1DB4A8D8757E386631A22F38F3A3C
     
    wksda623,
    #48
  10. 2010/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do you have Windows XP CD?
     
    broni,
    #49
  11. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    I think so, might have to find it.
     
    wksda623,
    #50
  12. 2010/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We need to use the Recovery Console to fix your issue.

    • You'll need to find your Windows XP installation disk.
    • Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
    • If prompted, click any options that are required to start the computer from the CD-ROM drive.
    • When the Welcome to Setup screen appears, press R to start the Recovery Console.
    • The Recovery Console will start and ask you which Windows installation you would like to log on to.
      • If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
    • It will then prompt you for the Administrator's password. If there is no password, simply press enter.
    • You will now be presented with a C:\Windows> prompt
    • At the comand prompt window, type exactly the bolded text below (watch for "spaces "). (The d after the word expand is the drive letter to your CDROM. If it's different on your computer, please make the necessary adjustment).

      expand d:\i386\regedit.ex_ c:\winnt\regedit.exe /y

    • type exit to exit the command prompt and restart your computer.

    Post fresh Combofix log.

    I'll be leaving for New Year's Eve party pretty soon, so if I'm not here, I'll check on you tomorrow....
     
    broni,
    #51
  13. 2010/12/31
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    ok, will do
     
    wksda623,
    #52
  14. 2011/01/01
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0

    I did what you said exactly like it is above but with NO luck. Computer said could not find the file and specified directory!!! Please tell me what I am doing wrong. My CD drive is D, I checked twice to make sure!!

    David
     
    wksda623,
    #53
  15. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll get there...
    Let's check something first...

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\winnt\regedit.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
    broni,
    #54
  16. 2011/01/01
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    2 VT Community user(s) with a total of 7 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
    File name: regedit.exe
    Submission date: 2011-01-01 23:33:28 (UTC)
    Current status: queued (#9) queued (#3) analysing finished


    Result: 0/ 43 (0.0%)
    VT Community

    goodware
    Safety score: 77.8%
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.01.02.00 2011.01.01 -
    AntiVir 7.11.0.248 2011.01.01 -
    Antiy-AVL 2.0.3.7 2011.01.01 -
    Avast 4.8.1351.0 2011.01.01 -
    Avast5 5.0.677.0 2011.01.01 -
    AVG 9.0.0.851 2011.01.01 -
    BitDefender 7.2 2011.01.01 -
    CAT-QuickHeal 11.00 2011.01.01 -
    ClamAV 0.96.4.0 2011.01.01 -
    Command 5.2.11.5 2011.01.01 -
    Comodo 7265 2011.01.01 -
    DrWeb 5.0.2.03300 2011.01.01 -
    Emsisoft 5.1.0.1 2011.01.01 -
    eSafe 7.0.17.0 2010.12.30 -
    eTrust-Vet 36.1.8074 2010.12.31 -
    F-Prot 4.6.2.117 2011.01.01 -
    F-Secure 9.0.16160.0 2011.01.01 -
    Fortinet 4.2.254.0 2011.01.01 -
    GData 21 2011.01.01 -
    Ikarus T3.1.1.90.0 2011.01.01 -
    Jiangmin 13.0.900 2011.01.01 -
    K7AntiVirus 9.75.3406 2010.12.31 -
    Kaspersky 7.0.0.125 2011.01.01 -
    McAfee 5.400.0.1158 2011.01.01 -
    McAfee-GW-Edition 2010.1C 2011.01.01 -
    Microsoft 1.6402 2011.01.01 -
    NOD32 5752 2011.01.01 -
    Norman 6.06.12 2011.01.01 -
    nProtect 2011-01-01.01 2011.01.01 -
    Panda 10.0.2.7 2011.01.01 -
    PCTools 7.0.3.5 2011.01.01 -
    Prevx 3.0 2011.01.02 -
    Rising 22.80.04.04 2010.12.31 -
    Sophos 4.60.0 2011.01.01 -
    SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
    Symantec 20101.3.0.103 2011.01.01 -
    TheHacker 6.7.0.1.109 2010.12.30 -
    TrendMicro 9.120.0.1004 2011.01.01 -
    TrendMicro-HouseCall 9.120.0.1004 2011.01.01 -
    VBA32 3.12.14.2 2010.12.30 -
    VIPRE 7915 2011.01.01 -
    ViRobot 2010.12.31.4232 2011.01.01 -
    VirusBuster 13.6.122.0 2011.01.01 -
    Additional informationShow all
    MD5 : 058710b720282ca82b909912d3ef28db
    SHA1 : 48f4612efeb713a5860726fdb999ceceff07557d
    SHA256: 97535e75ca6a77e6bcb81216b0fb383024709539727fd656df6afd33a50cad04
    ssdeep: 3072:NtkaZgxktEdSja2qLckP+4AnrIKvOBI+huG0TG0uvJb9w:NtkqxrqLckP+xn0YOBI+AG0T
    G0
    File size : 146432 bytes
    First seen: 2009-02-12 04:39:45
    Last seen : 2011-01-01 23:33:28
    TrID:
    Win32 Executable MS Visual C++ (generic) (53.1%)
    Windows Screen Saver (18.4%)
    Win32 Executable Generic (12.0%)
    Win32 Dynamic Link Library (generic) (10.6%)
    Generic Win/DOS Executable (2.8%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Registry Editor
    original name: REGEDIT.EXE
    internal name: REGEDIT
    file version.: 5.1.2600.5512 (xpsp.080413-2111)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1691E
    timedatestamp....: 0x48025214 (Sun Apr 13 18:33:56 2008)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x17902, 0x17A00, 6.37, 8d566c1e457741cced3b34f6d18c225d
    .data, 0x19000, 0x40DA0, 0x400, 1.20, def7edb164ce2210badeb06959cdaa48
    .rsrc, 0x5A000, 0xB8B0, 0xBA00, 3.68, 55c800dc56999ec2683a54271953b1b7

    [[ 14 import(s) ]]
    msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
    ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
    KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
    GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
    USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
    COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
    comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
    SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
    AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
    ACLUI.dll: -
    ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
    ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
    clb.dll: ClbAddData, ClbSetColumnWidths
    ntdll.dll: RtlFreeHeap, RtlAllocateHeap

    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 96768
    CompanyName: Microsoft Corporation
    EntryPoint: 0x1691e
    FileDescription: Registry Editor
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 143 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 5.1
    InitializedDataSize: 313344
    InternalName: REGEDIT
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: REGEDIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:13 20:33:56+02:00
    UninitializedDataSize: 0
     
    wksda623,
    #55
  17. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, it looks like we've been banging our heads over Combofix false alarm....grrrrrrrrrrr

    How is computer doing at the moment?

    Uninstall Ask Toolbar, known adware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #56
  18. 2011/01/01
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    The computer is running better than it was. Will do your list now.
     
    wksda623,
    #57
  19. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool :)
     
    broni,
    #58
  20. 2011/01/01
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    OTL logfile created on: 1/1/2011 6:57:11 PM - Run 1
    OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Weelsl623\My Documents
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 66.82 Gb Free Space | 44.83% Space Free | Partition Type: NTFS
    Drive E: | 74.52 Gb Total Space | 19.70 Gb Free Space | 26.44% Space Free | Partition Type: NTFS
    Drive G: | 1.87 Gb Total Space | 1.72 Gb Free Space | 91.79% Space Free | Partition Type: FAT
    Drive Y: | 915.91 Gb Total Space | 822.86 Gb Free Space | 89.84% Space Free | Partition Type: NTFS

    Computer Name: WEEKSL623 | User Name: Weelsl623 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/01 18:53:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Weelsl623\My Documents\OTL.exe
    PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2003/09/10 09:46:44 | 000,042,496 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\AMD\PowerNow!\GemServ.exe
    PRC - [2003/09/10 09:46:40 | 000,142,848 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\AMD\PowerNow!\gemback.exe
    PRC - [1998/12/16 16:09:20 | 000,057,393 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/01/01 18:53:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Weelsl623\My Documents\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - File not found [On_Demand | Stopped] -- C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - File not found [Disabled | Stopped] -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - File not found [Unknown | Stopped] -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
    SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - File not found [Disabled | Stopped] -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/03/13 20:46:34 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/12 03:49:10 | 000,660,664 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/04/13 19:12:38 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2004/03/01 10:40:52 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINNT\system32\hpbpro.exe -- (HP Port Resolver)
    SRV - [2004/03/01 10:40:52 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINNT\system32\hpboid.exe -- (HP Status Server)
    SRV - [2003/09/10 09:46:44 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\AMD\PowerNow!\GemServ.exe -- (GemServ) AMD PowerNow! (tm)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINIO.sys -- (WINIO)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINNT\System32\vsdatant.sys -- (vsdatant)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINNT\System32\ZoneLabs\srescan.sys -- (srescan)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\RTL8139.SYS -- (rtl8139)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\WEELSL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys -- (AMDMSRIO)
    DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 21:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 21:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/03/13 20:46:36 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINNT\system32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/03/13 20:46:30 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
    DRV - [2010/03/13 20:46:27 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/03/13 20:46:10 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/02/03 19:22:07 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2007/02/15 16:43:48 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
    DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/02/28 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2005/03/28 04:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ULiAGP.sys -- (ULiAGP)
    DRV - [2004/12/22 04:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/12/02 03:36:26 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Rtlnic.sys -- (RTL8023)
    DRV - [2004/12/02 03:36:08 | 000,070,912 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2004/11/30 21:49:18 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\m5289.sys -- (m5289)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/05/05 02:25:02 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
    DRV - [2003/07/21 10:28:44 | 000,011,776 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINNT\system32\drivers\gemwdm.sys -- (gemwdm) AMD PowerNow! (tm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
    IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files\InboxDollars\Helper.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Bing "
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
    FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= "

    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/05 19:41:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/05 17:01:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/10 20:30:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/05 19:40:19 | 000,000,000 | ---D | M]

    [2008/12/15 11:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Extensions
    [2010/08/22 17:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\extensions
    [2010/08/21 14:49:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/24 13:23:34 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\searchplugins\askcom.xml
    [2010/08/04 19:04:14 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\searchplugins\bing.xml
    [2008/03/28 18:27:18 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\searchplugins\siteadvisor.xml
    [2010/08/22 17:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/23 15:09:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2009/12/14 08:51:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\WEELSL623\APPLICATION DATA\MOVE NETWORKS
    [2009/02/01 15:39:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/08/05 17:01:26 | 000,000,000 | ---D | M] ( "Search Helper Extension ") -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
    [2010/12/05 19:41:20 | 000,000,000 | ---D | M] (MSN Toolbar) -- C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\4.0.0417.0\FIREFOX
    [2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/05/16 04:50:00 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13126.dll

    O1 HOSTS File: ([2010/12/31 20:03:18 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files\InboxDollars\Toolbar.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105114550.dll (McAfee, Inc.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
    O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171164800093 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.26)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Weelsl623\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Weelsl623\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/02/10 22:15:19 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/02/10 22:15:19 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINNT\System32\iprip.dll (Microsoft Corporation)
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

    Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
    Drivers32: aux1 - File not found
    Drivers32: aux2 - File not found
    Drivers32: aux3 - File not found
    Drivers32: aux4 - File not found
    Drivers32: aux5 - File not found
    Drivers32: aux6 - File not found
    Drivers32: aux7 - File not found
    Drivers32: aux8 - File not found
    Drivers32: aux9 - File not found
    Drivers32: midi1 - File not found
    Drivers32: midi2 - File not found
    Drivers32: midi3 - File not found
    Drivers32: midi4 - File not found
    Drivers32: midi5 - File not found
    Drivers32: midi6 - File not found
    Drivers32: midi7 - File not found
    Drivers32: midi8 - File not found
    Drivers32: midi9 - File not found
    Drivers32: mixer1 - File not found
    Drivers32: mixer2 - File not found
    Drivers32: mixer3 - File not found
    Drivers32: mixer4 - File not found
    Drivers32: mixer5 - File not found
    Drivers32: mixer6 - File not found
    Drivers32: mixer7 - File not found
    Drivers32: mixer8 - File not found
    Drivers32: mixer9 - File not found
    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.wmv3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: wave1 - File not found
    Drivers32: wave2 - File not found
    Drivers32: wave3 - File not found
    Drivers32: wave4 - File not found
    Drivers32: wave5 - File not found
    Drivers32: wave6 - File not found
    Drivers32: wave7 - File not found
    Drivers32: wave8 - File not found
    Drivers32: wave9 - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/01 18:54:09 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Weelsl623\My Documents\OTL.exe
    [2011/01/01 18:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2010/12/31 18:15:26 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Weelsl623\My Documents\BlitzBlank.exe
    [2010/12/30 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weelsl623\Application Data\FCTB000062133
    [2010/12/30 19:37:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/30 19:35:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2010/12/30 19:35:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2010/12/30 19:35:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2010/12/30 19:35:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2010/12/30 19:34:46 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
    [2010/12/30 19:34:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/17 17:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weelsl623\Start Menu\Programs\InboxDollars
    [2010/12/17 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
    [2010/12/05 19:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

    ========== Files - Modified Within 30 Days ==========

    [2011/01/01 19:01:01 | 000,000,242 | ---- | M] () -- C:\WINNT\tasks\Scheduled Update for Ask Toolbar.job
    [2011/01/01 18:59:00 | 000,000,892 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/01 18:53:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Weelsl623\My Documents\OTL.exe
    [2011/01/01 18:17:41 | 000,000,330 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
    [2011/01/01 18:15:10 | 000,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2011/01/01 18:15:08 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    [2011/01/01 18:15:08 | 000,000,888 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/01 18:14:36 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2011/01/01 18:09:57 | 000,000,012 | ---- | M] () -- C:\WINNT\bthservsdp.dat
    [2010/12/31 20:03:18 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2010/12/31 18:56:16 | 004,012,194 | R--- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\ComboFix.exe
    [2010/12/31 18:15:28 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Weelsl623\My Documents\BlitzBlank.exe
    [2010/12/30 20:24:19 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\SystemLook.exe
    [2010/12/30 20:07:32 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\rkill.com
    [2010/12/30 19:37:33 | 000,000,331 | RHS- | M] () -- C:\boot.ini
    [2010/12/30 17:16:23 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\Norton_Removal_Tool.exe
    [2010/12/29 20:42:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\MBRCheck.exe
    [2010/12/28 18:54:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\Dear Nathaniel.doc
    [2010/12/27 18:09:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/26 17:50:42 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
    [2010/12/15 18:29:14 | 000,257,456 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
    [2010/12/15 18:06:53 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2010/12/15 18:00:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/12/06 20:44:02 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\top mutual funds.doc
    [2010/12/04 20:29:38 | 3220,684,800 | ---- | M] () -- C:\WINNT\MEMORY.DMP

    ========== Files Created - No Company Name ==========

    [2010/12/31 18:56:12 | 004,012,194 | R--- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\ComboFix.exe
    [2010/12/31 16:19:55 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    [2010/12/30 20:24:19 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\SystemLook.exe
    [2010/12/30 20:07:32 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\rkill.com
    [2010/12/30 19:37:33 | 000,000,215 | ---- | C] () -- C:\Boot.bak
    [2010/12/30 19:37:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/30 19:35:06 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
    [2010/12/30 19:35:06 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2010/12/30 19:35:06 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
    [2010/12/30 19:35:06 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2010/12/30 19:35:06 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2010/12/30 19:34:44 | 000,000,330 | -H-- | C] () -- C:\WINNT\tasks\MP Scheduled Scan.job
    [2010/12/30 17:16:22 | 000,924,816 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\Norton_Removal_Tool.exe
    [2010/12/29 21:04:36 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\MBRCheck.exe
    [2010/12/28 18:54:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\Dear Nathaniel.doc
    [2010/12/15 18:02:39 | 000,001,393 | ---- | C] () -- C:\WINNT\imsins.BAK
    [2010/12/06 20:44:02 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Weelsl623\My Documents\top mutual funds.doc
    [2010/12/05 19:40:08 | 000,036,962 | ---- | C] () -- C:\WINNT\System32\ActPanel.dll
    [2010/08/21 17:58:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Weelsl623\Local Settings\Application Data\housecall.guid.cache
    [2010/03/06 09:52:48 | 004,239,360 | ---- | C] () -- C:\WINNT\System32\qtp-mt334.dll
    [2010/03/06 09:52:48 | 000,241,664 | ---- | C] () -- C:\WINNT\System32\prgiso.dll
    [2010/03/06 09:52:48 | 000,008,192 | ---- | C] () -- C:\WINNT\System32\wnaspi32.dll
    [2008/02/29 20:06:25 | 000,000,126 | ---- | C] () -- C:\WINNT\mdm.ini
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
    [2008/02/03 19:35:18 | 000,000,000 | ---- | C] () -- C:\WINNT\QuickInstall.INI
    [2007/11/05 20:31:47 | 000,012,560 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SNDUpgrade.log
    [2007/09/06 18:26:54 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Weelsl623\Application Data\wklnhst.dat
    [2007/07/01 18:07:56 | 000,000,881 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2007/06/03 20:15:48 | 000,215,144 | R--- | C] () -- C:\WINNT\patchw32.dll
    [2007/06/03 20:15:11 | 000,215,144 | R--- | C] () -- C:\WINNT\pw32a.dll
    [2007/05/12 14:33:33 | 000,000,037 | ---- | C] () -- C:\WINNT\ipixActivex.ini
    [2007/03/25 19:36:02 | 000,000,208 | RHS- | C] () -- C:\WINNT\System32\sysbkchx.sys
    [2007/03/16 19:09:35 | 000,007,221 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
    [2007/03/08 18:42:42 | 000,000,041 | ---- | C] () -- C:\WINNT\System32\daafd0_s.dll
    [2007/02/25 14:16:11 | 000,000,142 | ---- | C] () -- C:\WINNT\wpd99.drv
    [2007/02/25 14:15:57 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
    [2007/02/23 19:34:43 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Weelsl623\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/17 14:23:15 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
    [2007/02/11 17:04:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Weelsl623\Local Settings\Application Data\fusioncache.dat
    [2007/02/11 16:55:39 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/02/11 16:54:48 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
    [2007/02/11 16:54:48 | 000,000,139 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
    [2007/02/11 16:53:12 | 000,013,699 | ---- | C] () -- C:\WINNT\hpdj6800.ini
    [2007/02/10 22:57:12 | 000,005,447 | ---- | C] () -- C:\WINNT\hpf6800m.ini
    [2007/02/10 22:23:28 | 000,000,164 | ---- | C] () -- C:\WINNT\avrack.ini
    [2007/02/10 22:23:26 | 000,156,672 | ---- | C] () -- C:\WINNT\System32\RTLCPAPI.dll
    [2007/02/10 22:20:04 | 000,002,281 | ---- | C] () -- C:\WINNT\Ascd_tmp.ini
    [2007/02/10 22:20:02 | 000,005,824 | ---- | C] () -- C:\WINNT\System32\drivers\ASUSHWIO.SYS
    [2007/02/10 22:14:48 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
    [2007/02/10 17:05:43 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
    [2007/02/07 00:58:00 | 000,000,834 | ---- | C] () -- C:\WINNT\xxclone.ini
    [2005/12/29 13:11:12 | 000,185,856 | ---- | C] () -- C:\WINNT\System32\Bmp2Jpeg.dll
    [2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
    [1999/12/07 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
    [1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
    [1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2008/02/03 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2009/03/10 16:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nirvana Systems
    [2010/05/29 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
    [2010/08/03 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/02/25 14:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2010/09/12 11:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2008/02/08 18:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/05/31 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2010/06/01 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/08/21 17:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/08/03 19:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2007/12/26 20:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\BitTorrent
    [2008/08/31 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\DNA
    [2010/12/30 20:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\FCTB000062133
    [2008/02/29 20:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\FileZilla
    [2007/08/01 16:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\G-Lock Software
    [2010/06/13 13:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\Genie-Soft
    [2008/02/03 19:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\HotSync
    [2007/07/29 14:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\MailWasherPro
    [2007/12/06 17:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\mypoints
    [2008/02/28 19:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\Serif
    [2008/09/20 12:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\Template
    [2010/07/08 16:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\Transcend
    [2010/03/15 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weelsl623\Application Data\WeatherBug
    [2011/01/01 18:17:41 | 000,000,330 | -H-- | M] () -- C:\WINNT\Tasks\MP Scheduled Scan.job
    [2011/01/01 19:01:01 | 000,000,242 | ---- | M] () -- C:\WINNT\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/02/10 22:15:19 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2008/06/30 18:55:58 | 000,000,190 | ---- | M] () -- C:\BcBtRmv.log
    [2010/12/31 18:18:47 | 000,000,410 | ---- | M] () -- C:\blitzblank.log
    [2010/08/21 17:55:09 | 000,000,215 | ---- | M] () -- C:\Boot.bak
    [2010/12/30 19:37:33 | 000,000,331 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/31 20:08:22 | 000,055,548 | ---- | M] () -- C:\ComboFix.txt
    [2007/02/10 22:15:19 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2007/03/06 19:52:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\downloadexe.exe
    [2010/11/21 17:19:27 | 000,005,816 | ---- | M] () -- C:\HCT.Log
    [2008/08/29 16:12:10 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2010/11/21 17:22:52 | 000,000,231 | ---- | M] () -- C:\INSTALL.LOG
    [2007/02/10 22:15:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/07/30 15:45:08 | 000,000,000 | RHS- | M] () -- C:\LiveStateRecovery.net
    [2009/09/10 19:38:04 | 000,000,482 | ---- | M] () -- C:\LOG1B2.log
    [2009/08/18 19:16:44 | 000,000,508 | ---- | M] () -- C:\LOG9D.log
    [2007/02/10 22:15:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/18 17:22:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/01 18:14:34 | 3220,684,800 | -HS- | M] () -- C:\pagefile.sys
    [2008/09/28 14:49:25 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
    [2010/12/30 20:08:56 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2010/05/31 17:00:16 | 006,483,968 | -H-- | M] () -- C:\SZKGFS.dat
    [2008/03/29 20:35:59 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/02/23 18:42:53 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/02/10 22:14:48 | 000,000,271 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2007/02/10 22:14:48 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/02/23 13:04:19 | 000,262,144 | ---- | M] () -- C:\WINNT\system32\config\default.sav
    [2007/02/23 15:58:31 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
    [2007/02/23 13:04:19 | 016,252,928 | ---- | M] () -- C:\WINNT\system32\config\software.sav
    [2007/02/23 13:04:20 | 003,407,872 | ---- | M] () -- C:\WINNT\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/18 17:38:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/02/23 18:50:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/02/10 22:42:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/12/31 18:15:28 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Weelsl623\My Documents\BlitzBlank.exe
    [2010/12/31 18:56:16 | 004,012,194 | R--- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\ComboFix.exe
    [2010/06/06 18:10:48 | 000,494,024 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\InboxDollars_Toolbar.exe
    [2010/12/29 20:42:09 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\MBRCheck.exe
    [2010/12/30 17:16:23 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\Norton_Removal_Tool.exe
    [2011/01/01 18:53:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Weelsl623\My Documents\OTL.exe
    [1995/10/10 23:00:00 | 000,017,856 | R--- | M] (Chapter One Developments Ltd.) -- C:\Documents and Settings\Weelsl623\My Documents\SETUP.EXE
    [2010/12/30 20:24:19 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Weelsl623\My Documents\SystemLook.exe

    < %USERPROFILE%\*.exe >
    [1999/03/23 08:12:24 | 000,045,312 | ---- | M] (InstallShield Corporation, Inc.) -- C:\Documents and Settings\Weelsl623\SETUP.EXE
    [1999/03/23 08:12:22 | 000,008,192 | ---- | M] (Stirling Technologies, Inc.) -- C:\Documents and Settings\Weelsl623\_ISDEL.EXE

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >
    [1999/12/07 07:00:00 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf
    [1999/12/07 07:00:00 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf
    [1999/12/07 07:00:00 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/02/23 18:50:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Weelsl623\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2007/03/06 20:28:13 | 000,002,354 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/09 13:15:39 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Weelsl623\Cookies\desktop.ini
    [2011/01/01 18:58:10 | 000,573,440 | -HS- | M] () -- C:\Documents and Settings\Weelsl623\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINNT\inf\unregmp2.exe
    [1 C:\WINNT\inf\*.tmp files -> C:\WINNT\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========
     
    wksda623,
    #59
  21. 2011/01/01
    wksda623

    wksda623 Inactive Thread Starter

    Joined:
    2009/01/21
    Messages:
    88
    Likes Received:
    0
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Weelsl623\My Documents\Microsoft Word - RandAEmbroidery flyer with tabs word.pdfz:SummaryInformation
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6724CB45
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425D0709

    < End of report >
     
    wksda623,
    #60
Page 3 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...