Solved Can not get rid of System Tools Virus!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x038001fd

Kernel Drivers (total 130):
0x804D7000 \WINNT\system32\ntkrnlpa.exe
0x806D0000 \WINNT\system32\hal.dll
0xBA5A8000 \WINNT\system32\KDCOM.DLL
0xBA4B8000 \WINNT\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINNT\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 m5289.sys
0xB9EF3000 \WINNT\System32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xB9E64000 mfehidk.sys
0xBA108000 PxHelp20.sys
0xB9E4D000 KSecDD.sys
0xB9DC0000 Ntfs.sys
0xB9D93000 NDIS.sys
0xB9D06000 timntr.sys
0xBA118000 ULiAGP.sys
0xB9C29000 tdrpm258.sys
0xB9C04000 snapman.sys
0xB9BEA000 Mup.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\processr.sys
0xB9736000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB9722000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB9710000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xB94DD000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB94B9000 \SystemRoot\system32\drivers\portcls.sys
0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys
0xB9496000 \SystemRoot\system32\drivers\ks.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xBA2D8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA2E8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9472000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9B72000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB945E000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA3B0000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA3B8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB9B6E000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xBA7A9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB944A000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA318000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB9B66000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9433000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA158000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA3C0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9422000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA168000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB935E000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB91C4000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA3D0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9194000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C2000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB910E000 \SystemRoot\System32\DRIVERS\update.sys
0xB9916000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA408000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB7FC3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA418000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xBA77E000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA77F000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9926000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB7F90000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB7F37000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB7F24000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB7EFE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7ED0000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB7EAB000 \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS
0xB7E83000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB9190000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB7E61000 \SystemRoot\System32\drivers\afd.sys
0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB7E36000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7D9E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB917C000 \SystemRoot\System32\DRIVERS\gemwdm.sys
0xBA228000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA248000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB7C3A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7BFA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA648000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7C86000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA490000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA76A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB68E2000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB5E25000 \SystemRoot\system32\drivers\wdmaud.sys
0xB695A000 \SystemRoot\system32\drivers\sysaudio.sys
0xB5BF0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5E8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5B48000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA458000 \??\C:\WINNT\system32\drivers\symlcbrd.sys
0xB5494000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB51C6000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5188000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB5660000 \SystemRoot\system32\drivers\mfebopk.sys
0xB5053000 \SystemRoot\system32\drivers\cfwids.sys
0xAEF60000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINNT\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
904 C:\WINNT\system32\smss.exe
1236 csrss.exe
1260 C:\WINNT\system32\winlogon.exe
1304 C:\WINNT\system32\services.exe
1316 C:\WINNT\system32\lsass.exe
1472 C:\WINNT\system32\svchost.exe
1536 svchost.exe
1628 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1712 C:\WINNT\system32\svchost.exe
1772 svchost.exe
1936 svchost.exe
476 C:\WINNT\system32\spoolsv.exe
868 svchost.exe
920 svchost.exe
1128 C:\Program Files\AMD\PowerNow!\GemServ.exe
1172 C:\Program Files\AMD\PowerNow!\gemback.exe
1200 C:\Program Files\Java\jre6\bin\jqs.exe
1456 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1996 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
684 C:\WINNT\explorer.exe
1380 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2168 sqlbrowser.exe
2196 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2272 C:\WINNT\system32\svchost.exe
2384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2468 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2596 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2808 C:\Program Files\Microsoft Security Essentials\msseces.exe
2884 C:\Program Files\McAfee.com\Agent\mcagent.exe
3072 C:\Program Files\QuickTime\qttask.exe
3332 C:\WINNT\system32\ctfmon.exe
3352 C:\Program Files\AWS\WeatherBug\Weather.exe
4000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1768 alg.exe
500 C:\WINNT\system32\wuauclt.exe
1652 C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
3388 C:\Program Files\Internet Explorer\iexplore.exe
1612 C:\Program Files\Internet Explorer\iexplore.exe
2364 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
4052 C:\Program Files\Internet Explorer\iexplore.exe
2632 C:\Program Files\Internet Explorer\iexplore.exe
3632 C:\Documents and Settings\Weelsl623\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00GVA0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD800JB-00JJA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/23/2007 6:46:30 PM
System Uptime: 12/30/2010 3:29:45 PM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M1689D
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 7 | 2210/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 66.775 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 75 GiB total, 16.703 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
X: is NetworkDisk (NTFS) - 110 GiB total, 61.732 GiB free.
Y: is NetworkDisk (NTFS) - 916 GiB total, 822.855 GiB free.
Z: is NetworkDisk (NTFS) - 110 GiB total, 61.732 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP257: 10/1/2010 6:00:17 PM - Software Distribution Service 3.0
RP258: 10/1/2010 6:04:03 PM - Software Distribution Service 3.0
RP259: 10/2/2010 10:16:37 AM - Software Distribution Service 3.0
RP260: 10/2/2010 6:00:20 PM - Software Distribution Service 3.0
RP261: 10/3/2010 2:27:27 PM - Software Distribution Service 3.0
RP262: 10/3/2010 6:00:20 PM - Software Distribution Service 3.0
RP263: 10/4/2010 5:58:41 PM - Software Distribution Service 3.0
RP264: 10/4/2010 6:00:13 PM - Software Distribution Service 3.0
RP265: 10/5/2010 6:00:19 PM - Software Distribution Service 3.0
RP266: 10/6/2010 5:27:07 PM - Software Distribution Service 3.0
RP267: 10/6/2010 6:00:17 PM - Software Distribution Service 3.0
RP268: 10/7/2010 5:44:40 PM - Software Distribution Service 3.0
RP269: 10/7/2010 6:00:16 PM - Software Distribution Service 3.0
RP270: 10/8/2010 6:00:18 PM - Software Distribution Service 3.0
RP271: 10/9/2010 1:36:42 PM - Software Distribution Service 3.0
RP272: 10/9/2010 1:41:31 PM - Software Distribution Service 3.0
RP273: 10/9/2010 6:00:18 PM - Software Distribution Service 3.0
RP274: 10/10/2010 1:54:14 PM - Software Distribution Service 3.0
RP275: 10/10/2010 6:00:19 PM - Software Distribution Service 3.0
RP276: 10/10/2010 7:41:07 PM - Software Distribution Service 3.0
RP277: 10/11/2010 10:56:29 PM - Software Distribution Service 3.0
RP278: 10/12/2010 6:08:22 PM - Software Distribution Service 3.0
RP279: 10/12/2010 6:17:38 PM - Software Distribution Service 3.0
RP280: 10/12/2010 6:23:19 PM - Software Distribution Service 3.0
RP281: 10/13/2010 6:32:35 PM - Software Distribution Service 3.0
RP282: 10/13/2010 6:40:19 PM - Software Distribution Service 3.0
RP283: 10/14/2010 6:00:15 PM - Software Distribution Service 3.0
RP284: 10/14/2010 7:21:34 PM - Software Distribution Service 3.0
RP285: 10/14/2010 8:32:40 PM - Software Distribution Service 3.0
RP286: 10/14/2010 8:41:54 PM - Software Distribution Service 3.0
RP287: 10/14/2010 8:57:27 PM - Software Distribution Service 3.0
RP288: 10/14/2010 9:08:31 PM - Revo Uninstaller's restore point - Microsoft Silverlight
RP289: 10/15/2010 6:00:17 PM - Software Distribution Service 3.0
RP290: 10/16/2010 2:42:07 PM - Software Distribution Service 3.0
RP291: 10/16/2010 6:00:19 PM - Software Distribution Service 3.0
RP292: 10/17/2010 6:05:27 PM - Software Distribution Service 3.0
RP293: 10/17/2010 6:15:05 PM - Software Distribution Service 3.0
RP294: 10/18/2010 6:00:15 PM - Software Distribution Service 3.0
RP295: 10/19/2010 5:46:20 PM - Software Distribution Service 3.0
RP296: 10/19/2010 6:00:15 PM - Software Distribution Service 3.0
RP297: 10/20/2010 6:00:16 PM - Software Distribution Service 3.0
RP298: 10/21/2010 6:00:17 PM - Software Distribution Service 3.0
RP299: 10/21/2010 6:01:36 PM - Software Distribution Service 3.0
RP300: 10/22/2010 6:00:18 PM - Software Distribution Service 3.0
RP301: 10/23/2010 10:44:23 AM - Software Distribution Service 3.0
RP302: 10/23/2010 6:00:19 PM - Software Distribution Service 3.0
RP303: 10/23/2010 6:02:25 PM - Software Distribution Service 3.0
RP304: 10/24/2010 2:22:17 PM - Software Distribution Service 3.0
RP305: 10/24/2010 6:00:17 PM - Software Distribution Service 3.0
RP306: 10/25/2010 6:10:27 PM - Software Distribution Service 3.0
RP307: 10/25/2010 6:18:34 PM - Software Distribution Service 3.0
RP308: 10/26/2010 6:00:17 PM - Software Distribution Service 3.0
RP309: 10/27/2010 5:28:14 PM - Software Distribution Service 3.0
RP310: 10/27/2010 6:00:23 PM - Software Distribution Service 3.0
RP311: 10/28/2010 5:39:15 PM - Software Distribution Service 3.0
RP312: 10/28/2010 6:00:16 PM - Software Distribution Service 3.0
RP313: 10/29/2010 6:00:17 PM - Software Distribution Service 3.0
RP314: 10/30/2010 10:27:33 AM - Software Distribution Service 3.0
RP315: 10/30/2010 6:01:04 PM - Software Distribution Service 3.0
RP316: 10/31/2010 6:35:50 PM - Software Distribution Service 3.0
RP317: 10/31/2010 6:44:17 PM - Software Distribution Service 3.0
RP318: 11/1/2010 7:26:51 PM - Software Distribution Service 3.0
RP319: 11/1/2010 7:34:55 PM - Software Distribution Service 3.0
RP320: 11/2/2010 6:00:16 PM - Software Distribution Service 3.0
RP321: 11/3/2010 12:17:26 PM - Software Distribution Service 3.0
RP322: 11/3/2010 6:00:16 PM - Software Distribution Service 3.0
RP323: 11/4/2010 6:00:17 PM - Software Distribution Service 3.0
RP324: 11/5/2010 9:45:14 AM - Software Distribution Service 3.0
RP325: 11/5/2010 6:00:19 PM - Software Distribution Service 3.0
RP326: 11/6/2010 6:00:20 PM - Software Distribution Service 3.0
RP327: 11/7/2010 2:47:28 PM - Software Distribution Service 3.0
RP328: 11/7/2010 6:00:16 PM - Software Distribution Service 3.0
RP329: 11/8/2010 5:47:10 PM - Software Distribution Service 3.0
RP330: 11/8/2010 6:00:15 PM - Software Distribution Service 3.0
RP331: 11/9/2010 5:50:48 PM - Software Distribution Service 3.0
RP332: 11/9/2010 6:00:15 PM - Software Distribution Service 3.0
RP333: 11/10/2010 6:52:22 PM - Software Distribution Service 3.0
RP334: 11/10/2010 8:41:31 PM - Software Distribution Service 3.0
RP335: 11/11/2010 6:00:16 PM - Software Distribution Service 3.0
RP336: 11/12/2010 5:29:06 PM - Software Distribution Service 3.0
RP337: 11/12/2010 6:00:17 PM - Software Distribution Service 3.0
RP338: 11/13/2010 6:00:19 PM - Software Distribution Service 3.0
RP339: 11/14/2010 3:39:14 PM - Software Distribution Service 3.0
RP340: 11/14/2010 6:00:17 PM - Software Distribution Service 3.0
RP341: 11/15/2010 5:41:59 PM - Software Distribution Service 3.0
RP342: 11/15/2010 6:00:16 PM - Software Distribution Service 3.0
RP343: 11/16/2010 5:52:22 PM - Software Distribution Service 3.0
RP344: 11/16/2010 6:00:15 PM - Software Distribution Service 3.0
RP345: 11/17/2010 6:00:16 PM - Software Distribution Service 3.0
RP346: 11/17/2010 7:16:37 PM - Software Distribution Service 3.0
RP347: 11/18/2010 8:23:28 PM - Software Distribution Service 3.0
RP348: 11/18/2010 8:32:08 PM - Software Distribution Service 3.0
RP349: 11/19/2010 6:00:17 PM - Software Distribution Service 3.0
RP350: 11/20/2010 8:06:14 AM - Software Distribution Service 3.0
RP351: 11/20/2010 6:00:19 PM - Software Distribution Service 3.0
RP352: 11/21/2010 2:29:02 PM - Software Distribution Service 3.0
RP353: 11/21/2010 5:23:00 PM - The Ultimate Troubleshooter Installation
RP354: 11/21/2010 5:25:44 PM - The Ultimate Troubleshooter Installation
RP355: 11/21/2010 6:00:15 PM - Software Distribution Service 3.0
RP356: 11/22/2010 6:00:26 PM - Software Distribution Service 3.0
RP357: 11/22/2010 6:08:48 PM - Software Distribution Service 3.0
RP358: 11/23/2010 6:00:16 PM - Software Distribution Service 3.0
RP359: 11/24/2010 7:45:47 PM - Software Distribution Service 3.0
RP360: 11/24/2010 7:54:17 PM - Software Distribution Service 3.0
RP361: 11/25/2010 6:00:16 PM - Software Distribution Service 3.0
RP362: 11/26/2010 8:41:02 AM - Software Distribution Service 3.0
RP363: 11/26/2010 6:00:17 PM - Software Distribution Service 3.0
RP364: 11/27/2010 9:09:38 AM - Software Distribution Service 3.0
RP365: 11/27/2010 6:00:20 PM - Software Distribution Service 3.0
RP366: 11/28/2010 12:00:18 PM - Software Distribution Service 3.0
RP367: 11/28/2010 6:00:18 PM - Software Distribution Service 3.0
RP368: 11/29/2010 4:58:04 PM - Software Distribution Service 3.0
RP369: 11/29/2010 6:00:17 PM - Software Distribution Service 3.0
RP370: 11/30/2010 5:58:03 PM - Software Distribution Service 3.0
RP371: 11/30/2010 6:00:14 PM - Software Distribution Service 3.0
RP372: 12/1/2010 6:59:13 PM - Software Distribution Service 3.0
RP373: 12/1/2010 7:06:59 PM - Software Distribution Service 3.0
RP374: 12/2/2010 6:00:16 PM - Software Distribution Service 3.0
RP375: 12/3/2010 4:17:19 PM - Software Distribution Service 3.0
RP376: 12/3/2010 6:00:17 PM - Software Distribution Service 3.0
RP377: 12/4/2010 5:01:20 PM - Software Distribution Service 3.0
RP378: 12/4/2010 6:00:15 PM - Software Distribution Service 3.0
RP379: 12/5/2010 6:00:20 PM - Software Distribution Service 3.0
RP380: 12/6/2010 5:51:59 PM - Software Distribution Service 3.0
RP381: 12/6/2010 6:00:15 PM - Software Distribution Service 3.0
RP382: 12/7/2010 6:00:15 PM - Software Distribution Service 3.0
RP383: 12/8/2010 7:07:20 PM - Software Distribution Service 3.0
RP384: 12/8/2010 7:15:25 PM - Software Distribution Service 3.0
RP385: 12/9/2010 6:00:23 PM - Software Distribution Service 3.0
RP386: 12/10/2010 4:53:35 PM - Software Distribution Service 3.0
RP387: 12/11/2010 9:38:37 AM - Software Distribution Service 3.0
RP388: 12/11/2010 6:00:20 PM - Software Distribution Service 3.0
RP389: 12/12/2010 3:04:43 PM - Software Distribution Service 3.0
RP390: 12/12/2010 6:00:16 PM - Software Distribution Service 3.0
RP391: 12/13/2010 6:00:19 PM - Software Distribution Service 3.0
RP392: 12/13/2010 8:35:40 PM - Software Distribution Service 3.0
RP393: 12/14/2010 6:00:14 PM - Software Distribution Service 3.0
RP394: 12/15/2010 5:49:41 PM - Software Distribution Service 3.0
RP395: 12/15/2010 6:00:16 PM - Software Distribution Service 3.0
RP396: 12/16/2010 6:00:16 PM - Software Distribution Service 3.0
RP397: 12/17/2010 4:07:29 PM - Software Distribution Service 3.0
RP398: 12/17/2010 6:00:25 PM - Software Distribution Service 3.0
RP399: 12/18/2010 6:00:19 PM - Software Distribution Service 3.0
RP400: 12/19/2010 9:49:59 AM - Software Distribution Service 3.0
RP401: 12/19/2010 9:52:28 AM - Software Distribution Service 3.0
RP402: 12/19/2010 6:00:19 PM - Software Distribution Service 3.0
RP403: 12/20/2010 6:46:07 PM - Software Distribution Service 3.0
RP404: 12/20/2010 6:54:24 PM - Software Distribution Service 3.0
RP405: 12/21/2010 6:00:21 PM - Software Distribution Service 3.0
RP406: 12/22/2010 5:36:42 PM - Software Distribution Service 3.0
RP407: 12/22/2010 6:00:19 PM - Software Distribution Service 3.0
RP408: 12/23/2010 6:00:17 PM - Software Distribution Service 3.0
RP409: 12/24/2010 9:07:24 AM - Software Distribution Service 3.0
RP410: 12/24/2010 6:00:18 PM - Software Distribution Service 3.0
RP411: 12/25/2010 11:33:42 AM - Software Distribution Service 3.0
RP412: 12/25/2010 6:00:18 PM - Software Distribution Service 3.0
RP413: 12/26/2010 2:21:03 PM - Software Distribution Service 3.0
RP414: 12/26/2010 6:00:18 PM - Software Distribution Service 3.0
RP415: 12/27/2010 3:20:52 PM - Software Distribution Service 3.0
RP416: 12/27/2010 6:00:17 PM - Software Distribution Service 3.0
RP417: 12/27/2010 6:07:00 PM - Software Distribution Service 3.0
RP418: 12/27/2010 6:24:44 PM - Software Distribution Service 3.0
RP419: 12/27/2010 9:01:14 PM - Software Distribution Service 3.0
RP420: 12/28/2010 6:00:19 PM - Software Distribution Service 3.0
RP421: 12/28/2010 7:14:54 PM - Software Distribution Service 3.0
RP422: 12/29/2010 6:12:49 PM - Software Distribution Service 3.0
RP423: 12/29/2010 8:40:36 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AMD's Cool'n'Quiet (tm) Technology Version 1.0.1
Ask Toolbar
AXIS Media Control Embedded
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCleaner
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Data Lifeguard Diagnostic for Windows
Defraggler
Destinations
Director
DNA
Driver Detective
FileZilla Client 3.0.7.1
G-Lock SpamCombat
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Chrome
Google Earth
Google Update Helper
HD Tune 2.55
Hot CPU Tester Pro 4.4.1
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 6800
HP Diagnostic Assistant
HP Software Update
HPSystemDiagnostics
InboxDollars
InstantShare
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
jv16 PowerTools 2010
Malwarebytes' Anti-Malware
McAfee Internet Security
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (UPWARDSQL)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XML Parser and SDK
MonitorTest V3.0
Move Media Player
MovieEdit Task
Mozilla Firefox (3.6.8)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
Netflix Movie Viewer
NVIDIA Drivers
Oracle JInitiator 1.3.1.26
Overland
palmOne
PersonalWebKit
PhotoGallery
PhotoStitch
Picasa 3
PrintScreen
QFolder
QuickProjects
QuickTime
RAW Image Task 2.2
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.89
Security Task Manager 1.7e
Security Update for Windows 2000 (KB923689)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Spelling Dictionaries Support For Adobe Reader 8
SWLive
Symantec KB-DocID:2003093015493306
SymNet
The Ultimate Troubleshooter
TrayApp
U232 P9/P25 V2.98
ULi M5289 SATA Controller Driver
ULi PCI to AGP Controller Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows 2000 SP4
URGE
WeatherBug
WebFldrs
WebReg
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB904706
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917344
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928843
Windows 2000 Service Pack 4
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XXClone ver 0.58.0

==== Event Viewer Messages From Past Week ========

12/29/2010 7:26:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/28/2010 7:04:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt SASDIFSV SASKUTIL
12/27/2010 9:03:08 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
12/27/2010 8:47:49 PM, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
12/26/2010 12:59:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:58:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:57:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:56:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:55:21 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:54:26 PM, error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:54:26 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:54:26 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:54:26 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:54:26 PM, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:54:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:53:25 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:53:25 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:53:25 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:53:25 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:53:21 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:27:11 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 5 time(s).
12/26/2010 12:24:05 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 4 time(s).
12/26/2010 12:23:35 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 3 time(s).
12/26/2010 12:23:35 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 2 time(s).
12/26/2010 12:23:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
12/26/2010 12:23:35 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:23:35 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
12/26/2010 12:22:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Services service to connect.
12/26/2010 12:22:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Anti-Spam Service service to connect.
12/26/2010 12:22:10 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:22:10 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:21:10 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:21:10 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:21:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall Service service to connect.
12/26/2010 12:21:10 PM, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: Access is denied.
12/26/2010 12:21:10 PM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The pipe has been ended.
12/26/2010 12:21:10 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The pipe state is invalid.
12/26/2010 12:21:10 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:21:10 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The pipe state is invalid.
12/26/2010 12:20:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
12/26/2010 12:20:24 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:20:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
12/26/2010 12:20:19 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 12:20:13 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:10 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:09 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 12:20:09 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 12:20:09 PM, error: Service Control Manager [7034] - The AMD PowerNow! (tm) Technology Service service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 12:20:09 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 12:20:09 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/26/2010 12:20:09 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 11:16:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt
12/26/2010 11:16:38 AM, error: Service Control Manager [7024] - The SQL Server (UPWARDSQL) service terminated with service-specific error 17113 (0x42D9).
12/26/2010 11:16:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00148521EA12 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/26/2010 1:18:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2583.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
12/26/2010 1:18:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/26/2010 1:10:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments " " in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/26/2010 1:09:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips MpFilter Processor SASDIFSV SASKUTIL SYMTDI
12/26/2010 1:08:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/26/2010 1:08:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaSvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
12/26/2010 1:06:14 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 8 time(s).
12/26/2010 1:04:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server Browser service to connect.
12/26/2010 1:04:23 PM, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2010 1:03:23 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 1:02:23 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 1:01:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 1:00:43 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 7 time(s).
12/26/2010 1:00:22 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/26/2010 1:00:12 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 6 time(s).
12/25/2010 6:00:44 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2416427).
12/25/2010 6:00:32 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB978464).
12/24/2010 8:58:01 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/24/2010 8:55:32 AM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 00148521EA12 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/23/2010 5:12:42 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00148521EA12 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

DDS (Ver_10-12-12.02) - NTFSx86
Run by Weelsl623 at 16:59:22.01 on Thu 12/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2309 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\Program Files\AMD\PowerNow!\gemback.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Weelsl623\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.msn.com
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - c:\program files\inboxdollars\Helper.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - c:\program files\inboxdollars\Toolbar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101105114550.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No File
TB: MYPOINTS: {a057a204-bacc-4d26-cec4-75a487fd6484} -
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - c:\program files\inboxdollars\Toolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe "
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171164800093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\weelsl~1\applic~1\mozilla\firefox\profiles\3wgg1tfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\weelsl623\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13126.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\msn toolbar\platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\weelsl623\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\winnt\system32\drivers\m5289.sys [2007-2-10 51840]
R0 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2010-8-23 386840]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\winnt\system32\drivers\tdrpm258.sys [2010-3-13 911680]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\winnt\system32\drivers\ULiAGP.SYS [2007-2-10 33408]
R1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2007-2-10 11776]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [2010-8-23 84072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\winnt\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [2010-8-23 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\winnt\system32\drivers\mfeavfk.sys [2010-8-23 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\winnt\system32\drivers\mfebopk.sys [2010-8-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [2010-8-23 313288]
R3 mfendiskmp;mfendiskmp;c:\winnt\system32\drivers\mfendisk.sys [2010-8-23 88544]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S2 MSSQL$UPWARDSQL;SQL Server (UPWARDSQL);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 afcdp;afcdp;c:\winnt\system32\drivers\afcdp.sys [2010-3-13 160288]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\weelsl~1\locals~1\temp\{55638dd9-d5a9-11d3-b74b-204c4f4f5020}\amdmsrio.sys --> c:\docume~1\weelsl~1\locals~1\temp\{55638dd9-d5a9-11d3-b74b-204c4f4f5020}\AMDMSRIO.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\weelsl~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\weelsl~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\drivers\mfendisk.sys [2010-8-23 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [2010-8-23 84264]
S3 SASENUM;SASENUM;\??\c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\weelsl~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\winnt\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-3-13 2480048]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-2-11 1251720]
S4 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2010-12-30 01:40:57 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{44c76e2d-9398-4527-8c27-e25755781fb8}\mpengine.dll
2010-12-26 17:11:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\jPdAc08200
2010-12-17 22:12:33 -------- d-----w- c:\docume~1\weelsl~1\applic~1\FCTB000062133
2010-12-17 21:14:42 -------- d-----w- c:\program files\common files\FreeCause
2010-12-15 01:47:10 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-06 00:40:19 53355 ----a-w- c:\program files\mozilla firefox\plugins\NPJinit13126.dll
2010-12-06 00:40:19 45164 ------w- c:\winnt\system32\plugincpl13126.cpl
2010-12-06 00:40:08 36962 ------w- c:\winnt\system32\ActPanel.dll
2010-12-06 00:40:08 -------- d-----w- c:\program files\Oracle

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-12 18:46:58 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
2010-11-06 00:26:58 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\winnt\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
2010-10-19 20:51:33 222080 ------w- c:\winnt\system32\MpSigStub.exe
2008-03-30 19:09:03 336 -c--a-w- c:\program files\temp995.bat

============= FINISH: 17:00:17.75 ===============

 

ComboFix 10-12-30.01 - Weelsl623 12/30/2010 19:38:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2493 [GMT -5:00]
Running from: c:\documents and settings\Weelsl623\My Documents\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Weelsl623\Start Menu\Programs\System Tool
c:\program files\Internet Explorer\SET67A.tmp
c:\program files\Internet Explorer\SET67B.tmp
c:\program files\Internet Explorer\SET67D.tmp
c:\program files\Internet Explorer\SET703.tmp
c:\winnt\system32\install.exe
c:\winnt\system32\UNWISE.EXE
c:\winnt\Web\default.htt

c:\winnt\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-26 17:11 . 2010-12-26 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\jPdAc08200
2010-12-17 22:12 . 2010-12-17 22:12 -------- d-----w- c:\documents and settings\Weelsl623\Application Data\FCTB000062133
2010-12-17 21:14 . 2010-12-17 22:12 -------- d-----w- c:\program files\Common Files\FreeCause
2010-12-15 01:47 . 2010-11-02 15:17 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-06 00:40 . 2006-05-16 09:50 53355 ----a-w- c:\program files\Mozilla Firefox\plugins\NPJinit13126.dll
2010-12-06 00:40 . 2006-05-16 09:50 45164 ------w- c:\winnt\system32\plugincpl13126.cpl
2010-12-06 00:40 . 2010-12-06 00:40 -------- d-----w- c:\program files\Oracle
2010-12-06 00:40 . 2006-05-16 09:49 36962 ------w- c:\winnt\system32\ActPanel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-27 23:59 . 2009-07-06 21:53 249856 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\NTUSER.DAT.tmp
2010-12-27 23:59 . 2009-01-19 22:54 249856 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\NTUSER.DAT.tmp
2010-12-20 23:09 . 2010-08-22 22:31 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-22 22:31 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-11-18 18:12 . 2007-02-11 03:35 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\winnt\system32\html.iec
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\winnt\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
2010-10-19 20:51 . 2009-10-02 19:59 222080 ------w- c:\winnt\system32\MpSigStub.exe
2010-10-14 02:28 . 2010-08-23 21:49 9344 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-08-23 21:49 84072 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2010-10-14 02:28 . 2010-08-23 21:48 88544 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2010-10-14 02:28 . 2010-08-23 21:48 84264 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-08-23 21:48 386840 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2010-10-14 02:28 . 2010-08-23 21:48 313288 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-08-23 21:48 52104 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-08-23 21:48 95600 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-08-23 21:48 152960 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2010-10-14 02:28 . 2010-08-23 21:48 55840 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2008-03-30 19:09 . 2008-03-30 19:08 336 -c--a-w- c:\program files\temp995.bat
2010-10-14 02:28 . 2010-08-23 21:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\winnt\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\winnt\$NtUninstallKB941644$\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917953$\tcpip.sys
[-] 2003-06-19 19:05 . 5F1BE742B1F2196663255991AE7ACC83 . 332144 . . [5.00.2195.6706] . . c:\winnt\$NtUpdateRollupPackUninstall$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\winnt\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\winnt\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\winnt\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-28 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2006-02-28 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\system32\iprip.dll
[-] 2006-02-28 . 14522C1499B146E016359EF216BDDB78 . 35328 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\iprip.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\dllcache\mspmsnsv.dll
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
[-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{4219427b-0228-4356-a78b-eb7668d37d07} "= "c:\program files\InboxDollars\Helper.dll" [2010-12-17 356864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-12-17 22:12 1536000 ----a-w- c:\program files\InboxDollars\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-17 98304]
"MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall "= "c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\winnt\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nfswwxnh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
2005-03-10 06:56 405504 ----a-w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-06-26 00:32 172032 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-17 19:34 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
2010-02-08 17:43 184320 ----a-w- c:\documents and settings\Weelsl623\Application Data\Transcend\SJelite3\SJelite3Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09 77824 ----a-w- c:\winnt\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon "=2 (0x2)
"Symantec Core LC "=2 (0x2)
"idsvc "=3 (0x3)
"gusvc "=3 (0x3)
"gupdate "=2 (0x2)
"CLTNetCnService "=2 (0x2)
"clr_optimization_v2.0.50727_32 "=2 (0x2)
"aspnet_state "=3 (0x3)
"afcdpsrv "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\G-Lock Software\\G-Lock SpamCombat\\gsc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\InboxDollars\\TroubleShooter.exe "=
"c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=

R0 m5289;m5289;c:\winnt\system32\drivers\m5289.sys [2/10/2007 10:22 PM 51840]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\winnt\system32\drivers\tdrpm258.sys [3/13/2010 8:46 PM 911680]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\winnt\system32\drivers\ULiAGP.SYS [2/10/2007 10:22 PM 33408]
R1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2/10/2007 10:22 PM 11776]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [8/23/2010 4:49 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/23/2010 4:49 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/23/2010 4:49 PM 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [8/23/2010 4:48 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [8/23/2010 4:48 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 8:42 PM 135664]
S2 MSSQL$UPWARDSQL;SQL Server (UPWARDSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
S3 afcdp;afcdp;c:\winnt\system32\drivers\afcdp.sys [3/13/2010 8:46 PM 160288]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [8/23/2010 4:48 PM 84264]
S3 SASENUM;SASENUM;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/13/2010 8:46 PM 2480048]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

2010-12-30 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

2010-12-31 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-31 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Weelsl623\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-{E172D6FB-BF07-4F51-ABCB-F12A59CE99C7} - c:\program files\InstallShield Installation Information\{E172D6FB-BF07-4F51-ABCB-F12A59CE99C7}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\winnt\TEMP\TMP0000002395217CEFB05F5FBE 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3284)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.

 

------------------------ Other Running Processes ------------------------
.
c:\program files\AMD\PowerNow!\GemServ.exe
c:\program files\AMD\PowerNow!\gemback.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-12-30 19:51:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 00:50

Pre-Run: 71,717,437,440 bytes free
Post-Run: 71,627,812,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT= "XXCLONE: (Cloned Volume) [d:0,p:1] \WINNT" /fastdetect /NoExecute=OptIn

- - End Of File - - 003D45FC06DCD108D460924DE1E63B88

 

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/30/2010 at 20:08:41.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 12/30/2010 at 20:08:56.

 

SystemLook 04.09.10 by jpshortstuff
Log created at 20:25 on 30/12/2010 by Weelsl623
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.exe "
C:\WINNT\regedit.exe ------- 146432 bytes [12:00 28/02/2006] [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB
C:\WINNT\$NtServicePackUninstall$\regedit.exe -----c- 146432 bytes [22:14 18/08/2008] [12:00 28/02/2006] 783AFC80383C176B22DBF8333343992D
C:\WINNT\ServicePackFiles\i386\regedit.exe -----c- 146432 bytes [21:54 18/08/2008] [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB

-= EOF =-

 

ComboFix 10-12-30.01 - Weelsl623 12/30/2010 20:44:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2584 [GMT -5:00]
Running from: c:\documents and settings\Weelsl623\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Weelsl623\My Documents\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\program files\temp995.bat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\jPdAc08200
c:\documents and settings\All Users\Application Data\jPdAc08200\jPdAc08200
c:\documents and settings\Weelsl623\Application Data\FCTB000062133
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\aboutTabs.7.js
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\aboutTabs.8.js
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\audio.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\banner_container.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\bookmark_off.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\bookmark_on.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\bookmarksplugin.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\bubble_permissions.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\build
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\caching_banner.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\chevron.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\component.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\default.xml
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\efolder.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\email.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\email2.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\emailchecker_plugin.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\facebook.feature
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\fbrss.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\ff.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\folder.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\Helper.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\icons.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\iefavelem.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\amazon.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\ebay.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\email.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\email2.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\down.gif
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\hr.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\mark.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\mark_do.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\mark_na.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\navbg.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\refresh.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\refresh_do.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\refresh_na.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\trash.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\trash_do.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\trash_na.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\unmark.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\unmark_do.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\unmark_na.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\msgbox\up.gif
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\ticker\left.gif
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\ticker\right.gif
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\0.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\1.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\10.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\11.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\12.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\13.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\14.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\15.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\16.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\17.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\18.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\19.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\2.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\20.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\21.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\22.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\23.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\24.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\25.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\26.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\27.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\28.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\29.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\3.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\30.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\31.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\32.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\33.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\34.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\35.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\36.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\37.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\38.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\39.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\4.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\40.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\41.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\42.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\43.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\44.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\45.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\46.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\47.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\5.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\6.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\7.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\8.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\9.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\hr.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\na.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\0.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\1.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\10.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\11.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\12.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\13.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\14.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\15.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\16.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\17.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\18.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\19.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\2.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\20.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\21.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\22.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\23.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\24.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\25.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\26.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\27.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\28.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\29.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\3.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\30.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\31.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\32.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\33.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\34.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\35.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\36.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\37.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\38.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\39.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\4.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\40.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\41.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\42.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\43.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\44.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\45.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\46.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\47.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\5.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\6.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\7.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\8.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\9.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\na.png
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\weather\png\Thumbs.db
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\wikipedia.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\images\yahoo.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\localization.xml
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\location.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\magglass.ico
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\manage_bookmarks.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\marquee.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\marquee_permissions.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\messaging.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\minus.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\msgbox_bubble.tmpl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\msgbox_openmsg.tmpl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\msgboxplugin.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\offline.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\patch.bat
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\plus.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\podcast.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\podcast.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\radio.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\RadioPlugin.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\resize.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\rssfeed.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\RSSReader_plugin.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\search.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\SearchComponent.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\settings
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_dropdwn_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_dropdwn_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_dropdwn_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_max_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_max_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_max_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_min_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_min_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_min_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_pause_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_pause_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_pause_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_play_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_play_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_play_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_playcntrl_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_playcntrl_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_stop_down.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_stop_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_stop_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_volcntrl_over.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\btn_volcntrl_up.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer1.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer2.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer3.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer4.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer5.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\Equalizer6.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\playcntrl_bg.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\radio.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\radio_mask.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\radio_minimalized.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\radio_minimalized_mask.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\station.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\vol_01.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\vol_02.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\vol_03.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\volslide_bg.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\skins\radio\gray03\volslide_track.bmp
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\star_on.gif
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\ticker.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\Toolbar.dll
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\ToolbarUpdate.exe
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\TroubleShooter.exe
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\Uninst.exe
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\update_progress.html
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\version.txt
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\version.xsl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\weather_bubble.tmpl
c:\documents and settings\Weelsl623\Application Data\FCTB000062133\Toolbar\weatherplugin.dll
c:\program files\temp995.bat

c:\winnt\regedit.exe . . . is infected!!

.
--------------- FCopy ---------------

c:\winnt\$NtServicePackUninstall$\regedit.exe --> c:\winnt\regedit.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-17 21:14 . 2010-12-17 22:12 -------- d-----w- c:\program files\Common Files\FreeCause
2010-12-15 01:47 . 2010-11-02 15:17 40960 -c----w- c:\winnt\system32\dllcache\ndproxy.sys
2010-12-06 00:40 . 2006-05-16 09:50 53355 ----a-w- c:\program files\Mozilla Firefox\plugins\NPJinit13126.dll
2010-12-06 00:40 . 2006-05-16 09:50 45164 ------w- c:\winnt\system32\plugincpl13126.cpl
2010-12-06 00:40 . 2010-12-06 00:40 -------- d-----w- c:\program files\Oracle
2010-12-06 00:40 . 2006-05-16 09:49 36962 ------w- c:\winnt\system32\ActPanel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-27 23:59 . 2009-07-06 21:53 249856 ----a-w- c:\documents and settings\NetworkService.NT AUTHORITY\NTUSER.DAT.tmp
2010-12-27 23:59 . 2009-01-19 22:54 249856 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\NTUSER.DAT.tmp
2010-12-20 23:09 . 2010-08-22 22:31 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-22 22:31 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-11-18 18:12 . 2007-02-11 03:35 81920 ----a-w- c:\winnt\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\winnt\system32\GPhotos.scr
2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\winnt\system32\html.iec
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\winnt\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
2010-10-19 20:51 . 2009-10-02 19:59 222080 ------w- c:\winnt\system32\MpSigStub.exe
2010-10-14 02:28 . 2010-08-23 21:49 9344 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2010-10-14 02:28 . 2010-08-23 21:49 84072 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2010-10-14 02:28 . 2010-08-23 21:48 88544 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2010-10-14 02:28 . 2010-08-23 21:48 84264 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2010-10-14 02:28 . 2010-08-23 21:48 386840 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2010-10-14 02:28 . 2010-08-23 21:48 313288 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2010-10-14 02:28 . 2010-08-23 21:48 52104 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2010-10-14 02:28 . 2010-08-23 21:48 95600 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2010-10-14 02:28 . 2010-08-23 21:48 152960 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2010-10-14 02:28 . 2010-08-23 21:48 55840 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2010-10-14 02:28 . 2010-08-23 21:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\atapi.sys
[-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\asyncmac.sys
[-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\beep.sys
[-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\winnt\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2006-02-28 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ndis.sys
[-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\winnt\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\winnt\$NtServicePackUninstall$\ntfs.sys
[-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB930916$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [5.00.2195.6710] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\dllcache\null.sys
[-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\winnt\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\winnt\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\winnt\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\winnt\$NtUninstallKB941644$\tcpip.sys
[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917953$\tcpip.sys
[-] 2003-06-19 19:05 . 5F1BE742B1F2196663255991AE7ACC83 . 332144 . . [5.00.2195.6706] . . c:\winnt\$NtUpdateRollupPackUninstall$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\winnt\system32\browser.dll
[-] 2006-02-28 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [5.00.2195.6693] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\winnt\system32\lsass.exe
[-] 2006-02-28 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\winnt\system32\netman.dll
[-] 2006-02-28 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\winnt\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\winnt\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2006-02-28 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\winnt\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\rpcss.dll
[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB894391$\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\winnt\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\winnt\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [5.00.2195.6702] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\winnt\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\winnt\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\services.exe
[-] 2006-02-28 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [5.00.2195.6700] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\winnt\system32\winlogon.exe
[-] 2006-02-28 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [5.00.2195.6714] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\winnt\system32\cryptsvc.dll
[-] 2006-02-28 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [5.00.2195.6661] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\winnt\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\winnt\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\winnt\ServicePackFiles\i386\es.dll
[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\winnt\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\winnt\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [2000.2.3504.0] . . c:\winnt\$NtUpdateRollupPackUninstall$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\winnt\system32\imm32.dll
[-] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\winnt\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\winnt\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\winnt\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\winnt\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\linkinfo.dll
[-] 2006-02-28 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\winnt\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\winnt\$NtServicePackUninstall$\linkinfo.dll
[-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [5.00.2134.1] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\winnt\system32\lpk.dll
[-] 2006-02-28 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\winnt\system32\msvcrt.dll
[-] 2006-02-28 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2006-02-28 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\winnt\winsxs\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\winnt\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\winnt\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\mswsock.dll
[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\winnt\system32\netlogon.dll
[-] 2006-02-28 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [5.00.2195.6695] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\winnt\system32\powrprof.dll
[-] 2006-02-28 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\winnt\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\winnt\system32\scecli.dll
[-] 2006-02-28 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [5.00.2195.6704] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\winnt\system32\sfc.dll
[-] 2006-02-28 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\winnt\system32\svchost.exe
[-] 2006-02-28 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\winnt\system32\tapisrv.dll
[-] 2006-02-28 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\winnt\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\winnt\$NtServicePackUninstall$\tapisrv.dll

 

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\winnt\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\winnt\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\winnt\$NtServicePackUninstall$\user32.dll
[-] 2006-02-28 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\winnt\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [5.00.2195.6688] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\winnt\system32\userinit.exe
[-] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\winnt\system32\ws2_32.dll
[-] 2006-02-28 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\winnt\system32\ws2help.dll
[-] 2006-02-28 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\winnt\$NtServicePackUninstall$\explorer.exe
[-] 2006-02-28 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\winnt\system32\wscntfy.exe
[-] 2006-02-28 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\winnt\system32\xmlprov.dll
[-] 2006-02-28 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\winnt\system32\eventlog.dll
[-] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [5.00.2195.6716] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\winnt\system32\sfcfiles.dll
[-] 2006-02-28 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [5.00.2195.6717] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\winnt\system32\ctfmon.exe
[-] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\winnt\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\winnt\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\winnt\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\winnt\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\winnt\system32\regsvc.dll
[-] 2006-02-28 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\winnt\system32\schedsvc.dll
[-] 2006-02-28 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\winnt\system32\ssdpsrv.dll
[-] 2006-02-28 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\winnt\system32\termsrv.dll
[-] 2006-02-28 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\winnt\system32\appmgmts.dll
[-] 2006-02-28 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-02-28 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\winnt\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\winnt\system32\drivers\aec.sys
[-] 2006-02-28 12:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\winnt\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\winnt\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\agp440.sys
[-] 2006-02-28 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\winnt\system32\drivers\ip6fw.sys
[-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\iprip.dll
[-] 2008-04-14 . F08D74EC300B8BA60CA953C58A24D19E . 35328 . . [5.1.2600.5512] . . c:\winnt\system32\iprip.dll
[-] 2006-02-28 . 14522C1499B146E016359EF216BDDB78 . 35328 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\iprip.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\winnt\system32\msgsvc.dll
[-] 2006-02-28 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [5.00.2195.6656] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\winnt\system32\dllcache\mspmsnsv.dll
[-] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\winnt\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\winnt\system32\ntmssvc.dll
[-] 2006-02-28 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\winnt\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\winnt\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\winnt\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\winnt\$NtServicePackUninstall$\upnphost.dll
[-] 2006-02-28 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\winnt\system32\dsound.dll
[-] 2006-02-28 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\winnt\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\winnt\system32\d3d9.dll
[-] 2006-02-28 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\winnt\system32\ddraw.dll
[-] 2006-02-28 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\winnt\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\winnt\system32\olepro32.dll
[-] 2006-02-28 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\winnt\system32\perfctrs.dll
[-] 2006-02-28 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\winnt\system32\version.dll
[-] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\version.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\winnt\system32\srsvc.dll
[-] 2006-02-28 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\winnt\system32\w32time.dll
[-] 2006-02-28 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\winnt\$NtServicePackUninstall$\w32time.dll
[-] 2003-06-19 19:05 . 8703C9C4C3E08CA8C967C7AEA488112D . 51472 . . [5.00.2195.6601] . . c:\winnt\$NtUpdateRollupPackUninstall$\w32time.dll

[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\winnt\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\winnt\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\winnt\$NtServicePackUninstall$\wiaservc.dll
[-] 2006-02-28 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\winnt\$NtUninstallKB927802$\wiaservc.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-31 01:02 . 2010-12-31 01:02 16384 c:\winnt\Temp\Perflib_Perfdata_48c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{4219427b-0228-4356-a78b-eb7668d37d07} "= "c:\program files\InboxDollars\Helper.dll" [2010-12-17 356864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-12-17 22:12 1536000 ----a-w- c:\program files\InboxDollars\Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600} "= "c:\program files\InboxDollars\Toolbar.dll" [2010-12-17 1536000]

[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-02-17 98304]
"MSN Toolbar "= "c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall "= "c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\winnt\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
2005-03-10 06:56 405504 ----a-w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 05:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-06-26 00:32 172032 ----a-w- c:\winnt\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-17 19:34 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
2010-02-08 17:43 184320 ----a-w- c:\documents and settings\Weelsl623\Application Data\Transcend\SJelite3\SJelite3Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09 77824 ----a-w- c:\winnt\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon "=2 (0x2)
"Symantec Core LC "=2 (0x2)
"idsvc "=3 (0x3)
"gusvc "=3 (0x3)
"gupdate "=2 (0x2)
"CLTNetCnService "=2 (0x2)
"clr_optimization_v2.0.50727_32 "=2 (0x2)
"aspnet_state "=3 (0x3)
"afcdpsrv "=2 (0x2)
"AcrSch2Svc "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\G-Lock Software\\G-Lock SpamCombat\\gsc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
"c:\\Program Files\\InboxDollars\\TroubleShooter.exe "=
"c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=

R0 m5289;m5289;c:\winnt\system32\drivers\m5289.sys [2/10/2007 10:22 PM 51840]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\winnt\system32\drivers\tdrpm258.sys [3/13/2010 8:46 PM 911680]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\winnt\system32\drivers\ULiAGP.SYS [2/10/2007 10:22 PM 33408]
R1 gemwdm;AMD PowerNow! (tm) Technology;c:\winnt\system32\drivers\gemwdm.sys [2/10/2007 10:22 PM 11776]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [8/23/2010 4:49 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/23/2010 4:47 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/23/2010 4:49 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/23/2010 4:49 PM 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [8/23/2010 4:48 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [8/23/2010 4:48 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 8:42 PM 135664]
S2 MSSQL$UPWARDSQL;SQL Server (UPWARDSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
S3 afcdp;afcdp;c:\winnt\system32\drivers\afcdp.sys [3/13/2010 8:46 PM 160288]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\drivers\mfendisk.sys [8/23/2010 4:48 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [8/23/2010 4:48 PM 84264]
S3 SASENUM;SASENUM;\??\c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\WEELSL~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/13/2010 8:46 PM 2480048]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

2010-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:42]

2010-12-31 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-12-31 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MSN Toolbar: msntoolbar@msn.com - c:\program files\MSN Toolbar\Platform\4.0.0417.0\Firefox
FF - Ext: Search Helper Extension: {27182e60-b5f3-411c-b545-b44205977502} - c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Weelsl623\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 20:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-12-30 20:52:30
ComboFix-quarantined-files.txt 2010-12-31 01:52
ComboFix2.txt 2010-12-31 00:51

Pre-Run: 71,633,223,680 bytes free
Post-Run: 71,613,370,368 bytes free

- - End Of File - - C3BA9B734ED53D53242AAF87C6165CD2

 

I ran Blitzblank but not sure if it did anything because I can not find the C:\blitzblank.txt file

David

 

yes, the computer did reboot

 

ok, will do.