Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32kdiag.exe log .


  • Please log in to reply
22 replies to this topic

#1 bradrx

bradrx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 23 September 2009 - 05:43 PM

here is my log from running win32kdiag.exe log ...hope it helps. All Search engine results do not work. and I cannot run malwarebytes or rootrepeal. they start to scan and then shutdown after a few seconds.


Running from: C:Documents and SettingsBradDesktopWin32kDiag.exe

Log file at : C:Documents and SettingsBradDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINDOWS'...



Found mount point : C:WINDOWS$hf_mig$KB925454KB925454

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB932168KB932168

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB933729KB933729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB941568KB941568

Mount point destination : Device__max++>^

Found mount point : C:WINDOWS$hf_mig$KB943460KB943460

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322BDATunePIABDATunePIA

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehCIRehCIR

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322EhCMEhCM

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehcommonehcommon

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehepgehepg

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehepgdatehepgdat

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehExtCOMehExtCOM

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehExtHostehExtHost

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiExtCOMehiExtCOM

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiExtensehiExtens

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiMsgrehiMsgr

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiPlayehiPlay

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiProxyehiProxy

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiUserXpehiUserXp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiVidCtlehiVidCtl

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiwmpehiwmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehiWUapiehiWUapi

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehRecObjehRecObj

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322ehshellehshell

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages1_v1.1.4322Microsoft.MediaCenterMicrosoft.MediaCenter

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAPD24.tmpZAPD24.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAPE23.tmpZAPE23.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYTEMPTEMP

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYTMPTMP

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConfigConfig

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConnection WizardConnection Wizard

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd1d1

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd2d2

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd3d3

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd4d4

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd5d5

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd6d6

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd7d7

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSCSCd8d8

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPROCbzCbz

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPROLibLib

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPROWaveWave

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMEJPAPPLETSAPPLETS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMEJP98IMEJP98

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed0DC1503A46F231838AD88BCDDC8E8F7C3.2.307293.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$ManagedD7314F9862C648A4DB8BE2A5B47BE1001.0.01.0.0

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$ManagedDC3BF90CC0D3D2F398A9A6D1762F70F32.2.307292.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSJAVATRUSTLIBTRUSTLIB

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv1.0.3705Temporary ASP.NET FilesBind LogsBind Logs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET FilesBind LogsBind Logs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET FilesTemporary ASP.NET Files

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMinidumpMinidump

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMSAPPSMSINFOMSINFO

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSmsdownld.tmpmsdownld.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHErrorRepQHEADLESQHEADLES

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHErrorRepQSIGNOFFQSIGNOFF

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHErrorRepUserDumpsUserDumps

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRBATCHBATCH

Mount point destination : Device__max++>^

Cannot access: C:WINDOWSPCHEALTHHELPCTRBINARIEShelpsvc.exe

[1] 2004-08-10 06:00:00 743936 C:WINDOWS$NtServicePackUninstall$helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:21 744448 C:WINDOWSPCHEALTHHELPCTRBINARIEShelpsvc.exe ()

[1] 2008-04-13 19:12:21 744448 C:WINDOWSServicePackFilesi386helpsvc.exe (Microsoft Corporation)



Found mount point : C:WINDOWSPCHEALTHHELPCTRConfigCheckPointCheckPoint

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRHelpFilesHelpFiles

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRInstalledSKUsInstalledSKUs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRSystemDFSDFS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRTempTemp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPIFPIF

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSProfilesAll UsersAdobeWebbuyWebbuy

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSRegistrationCRMLogCRMLog

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSoftwareDistributionAuthCabsDownloadedDownloaded

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSoftwareDistributionDownload355f788b6de8a3ec79e9aa172e6317f1backupbackup

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSoftwareDistributionDownload4264f7fcfd0444cc62e52f55a4263036backupbackup

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSoftwareDistributionDownload555558d2c7916b118ad5baef62b18136backupbackup

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSunJavaDeploymentDeployment

Mount point destination : Device__max++>^

Cannot access: C:WINDOWSSYSTEM32dumprep.exe

[1] 2004-08-10 06:00:00 10752 C:WINDOWS$NtServicePackUninstall$dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:WINDOWSServicePackFilesi386dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:18 10752 C:WINDOWSSYSTEM32dumprep.exe ()

[1] 2004-08-10 06:00:00 10752 C:i386DUMPREP.EXE (Microsoft Corporation)



Cannot access: C:WINDOWSSYSTEM32eventlog.dll

[1] 2004-08-10 06:00:00 55808 C:WINDOWS$NtServicePackUninstall$eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:WINDOWSServicePackFilesi386eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 62464 C:WINDOWSSYSTEM32eventlog.dll ()

[2] 2008-04-13 19:11:53 56320 C:WINDOWSSYSTEM32logevent.dll (Microsoft Corporation)

[1] 2004-08-10 06:00:00 55808 C:i386EVENTLOG.DLL (Microsoft Corporation)



Found mount point : C:WINDOWSWinSxSInstallTempInstallTemp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : Device__max++>^



Finished!

here is also an SRE log i was asked to post as well

2009-09-20,20:40:38

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
	<ctfmon.exe><C:WINDOWSsystem32ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<H/PC Connection Agent><"C:Program FilesMicrosoft ActiveSyncwcescomm.exe">  [(Verified)Microsoft Corporation]
	<Orb><"C:Program FilesOrb NetworksOrbbinOrbTray.exe" /background>  [File is missing]
	<ISUSPM><"C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler>  [(Verified)Acresso Software Inc.]
	<SUPERAntiSpyware><C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe>  []
	<WMPNSCFG><C:Program FilesWindows Media PlayerWMPNSCFG.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
	<DwlClient><C:Program FilesCommon FilesDellEUSWSupport.exe>  [Dell]
	<UpdateManager><"C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r>  [Sonic Solutions]
	<SoundMAXPnP><C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe>  [Analog Devices, Inc.]
	<PrinTray><C:WINDOWSSystem32spoolDRIVERSW32X863printray.exe>  [Lexmark]
	<POINTER><point32.exe>  [N/A]
	<lxamsp32.exe><lxamsp32.exe>  [Lexmark International]
	<IntelMeM><C:Program FilesIntelModem Event MonitorIntelMEM.exe>  [Intel Corporation]
	<IAAnotif><C:Program FilesIntelIntel Application Acceleratoriaanotif.exe>  [Intel Corporation]
	<dla><C:WINDOWSsystem32dlatfswctrl.exe>  [Sonic Solutions]
	<mmtask><"C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe">  [Musicmatch Inc.]
	<UnlockerAssistant><"C:Program FilesUnlockerUnlockerAssistant.exe">  [File is missing]
	<NvCplDaemon><RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<mcagent_exe><"C:Program FilesMcAfee.comAgentmcagent.exe" /runkey>  [(Verified)"McAfee, Inc."]
	<BlackBerryAutoUpdate><C:Program FilesCommon FilesResearch In MotionAuto UpdateRIMAutoUpdate.exe /background>  [(Verified)Research In Motion]
	<QuickTime Task><"C:Program FilesQuickTimeqttask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:Program FilesiTunesiTunesHelper.exe">  [(Verified)Apple Inc.]
	<RoxWatchTray><"C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe">  [(Verified)Sonic Solutions]
	<SunJavaUpdateSched><"C:Program FilesJavajre6binjusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<Orb><>  [N/A]
	<KernelFaultCheck><%systemroot%system32dumprep 0 -k>  [File is missing]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:WINDOWSsystem32userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
	<AppInit_DLLs><nadubesu.dll>  [N/A]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:Program FilesSUPERAntiSpywareSASSEH.DLL>  [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%system32SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%system32SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:WINDOWSsystem32webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
	<SysTray><C:WINDOWSsystem32stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:WINDOWSsystem32WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
	<WinlogonNotify: !SASWinLogon><C:Program FilesSUPERAntiSpywareSASWINLO.dll>  [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifydimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%System32dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifytermsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%system32browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%system32browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<IE7 Uninstall Stub><C:WINDOWSsystem32ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:WINDOWSinfunregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><%systemroot%system32shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%system32shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled ComponentsKB910393]
	<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFEasyCDBlock.inf,PerUserInstall>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{407408d4-94ed-4d86-ab69-a7f649d112ee}]
	<Media Center><%SystemRoot%System32rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%infmcdftreg.inf>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFwmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:WINDOWSsystem32ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:WINDOWSsystem32Rundll32.exe c:WINDOWSsystem32mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFfxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USERControl PanelDesktop]
	<SCRNSAVE.EXE><C:WINDOWSsystem32WPGLDFSH.SCR>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
	<DVDLauncher><; "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe">  [CyberLink Corp.]
	<iTunesHelper><; "C:Program FilesiTunesiTunesHelper.exe">  [(Verified)Apple Inc.]
	<mmtask><; C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe>  [Musicmatch Inc.]
	<QuickTime Task><; "C:Program FilesQuickTimeqttask.exe" -atboottime>  [Apple Inc.]
	<RealTray><; C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER>  [File is missing]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:Program FilesBonjourmDNSResponder.exe"><Apple Inc.>
[IAA Event Monitor / IAANTMon][Running/Auto Start]
  <C:Program FilesIntelIntel Application Acceleratoriaantmon.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:Program FilesiPodbiniPodService.exe"><Apple Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:Program FilesJavajre6binjqs.exe" -service -config "C:Program FilesJavajre6libdeployjqsjqs.conf"><Sun Microsystems, Inc.>
[LexBce Server / LexBceS][Running/Auto Start]
  <C:WINDOWSsystem32LEXBCES.EXE><Lexmark International, Inc.>
[McAfee SiteAdvisor Service / McAfee SiteAdvisor Service][Running/Auto Start]
  <"C:Program FilesMcAfeeSiteAdvisorMcSACore.exe"><>
[McAfee Services / mcmscsvc][Running/Auto Start]
  <C:PROGRA~1McAfeeMSCmcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
  <"c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS][Stopped/Manual Start]
  <C:PROGRA~1McAfeeVIRUSS~1mcods.exe><N/A>
[McAfee Proxy Service / McProxy][Running/Auto Start]
  <c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Running/Auto Start]
  <C:PROGRA~1McAfeeVIRUSS~1mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Running/Manual Start]
  <C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe><McAfee, Inc.>
[MHN / MHN][Stopped/Manual Start]
  <C:WINDOWSSystem32svchost.exe -k netsvcs-->%SystemRoot%System32mhn.dll><Microsoft Corporation>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
  <"C:Program FilesMcAfeeMPFMPFSrv.exe"><McAfee, Inc.>
[McAfee Anti-Spam Service / MSK80Service][Running/Auto Start]
  <"C:Program FilesMcAfeeMSKMskSrver.exe"><McAfee, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:WINDOWSsystem32nvsvc32.exe><NVIDIA Corporation>
[Roxio UPnP Renderer 9 / Roxio UPnP Renderer 9][Stopped/Manual Start]
  <"C:Program FilesRoxioDigital Home 9RoxioUPnPRenderer9.exe"><Sonic Solutions>
[Roxio Upnp Server 9 / Roxio Upnp Server 9][Stopped/Auto Start]
  <"C:Program FilesRoxioDigital Home 9RoxioUpnpService9.exe"><Sonic Solutions>
[LiveShare P2P Server 9 / RoxLiveShare9][Stopped/Auto Start]
  <"C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe"><Sonic Solutions>
[RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start]
  <"C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe"><Sonic Solutions>
[Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start]
  <"C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe"><Sonic Solutions>
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
  <C:Program FilesSpyware DoctorpctsAuxs.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
  <C:Program FilesSpyware DoctorpctsSvc.exe><PC Tools>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[AliIde / AliIde][Running/Boot Start]
  <SystemRootsystem32DRIVERSaliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <SystemRootsystem32DRIVERSamdagp.sys><Advanced Micro Devices, Inc.>
[APLMp50 NDIS Protocol Driver / APLMp50][Stopped/Manual Start]
  <System32DriversAPLMp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[asc / asc][Running/Boot Start]
  <SystemRootsystem32DRIVERSasc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <SystemRootsystem32DRIVERSasc3550.sys><Advanced System Products, Inc.>
[ATI TV Wonder Pro A/V Capture / ATICXCAP][Stopped/Manual Start]
  <system32driversaticxcap.sys><ATI Technologies, Inc.>
[ATI TV Wonder Pro Tuner (Philips 1236 MK3) / ATICXTUN][Stopped/Manual Start]
  <system32driversaticxtun.sys><ATI Technologies, Inc.>
[ATI TV Wonder Pro A/V Crossbar / ATICXXBR][Stopped/Manual Start]
  <system32driversaticxxbr.sys><ATI Technologies, Inc.>
[ATITool Overclocking Utility / ATITool][Stopped/System Start]
  <system32DRIVERSATITool.sys><>
[Broadcom NetXtreme 57xx Gigabit Controller / b57w2k][Running/Manual Start]
  <system32DRIVERSb57xp32.sys><Broadcom Corporation>
[Arrowkey Device Access / CDRPDACC][Running/Auto Start]
  <??C:Program Files321StudiosSharedCDRPDACC.SYS><Arrowkey>
[CmdIde / CmdIde][Running/Boot Start]
  <SystemRootsystem32DRIVERScmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <SystemRootsystem32DRIVERSdac2w2k.sys><Mylex Corporation>
[drvmcdb / drvmcdb][Running/Boot Start]
  <SystemRootsystem32driversdrvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32driversdrvnddm.sys><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32DRIVERSe100b325.sys><Intel Corporation>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32DRIVERSGEARAspiWDM.sys><GEAR Software Inc.>
[Hauppauge WinTV PVR PCI II ([23|25|26]xxx) / hcwPP2][Running/Manual Start]
  <system32DRIVERShcwPP2.sys><Hauppauge Computer Works, Inc.>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <SystemRootsystem32driversiaStor.sys><Intel Corporation>
[IntelC51 / IntelC51][Running/Manual Start]
  <system32DRIVERSIntelC51.sys><Intel Corporation>
[IntelC52 / IntelC52][Running/Manual Start]
  <system32DRIVERSIntelC52.sys><Intel Corporation>
[IntelC53 / IntelC53][Running/Manual Start]
  <system32DRIVERSIntelC53.sys><Intel Corporation>
[Lbd / Lbd][Stopped/Boot Start]
  <SystemRootsystem32DRIVERSLbd.sys><N/A>
[McAfee Inc. mfeavfk / mfeavfk][Running/Manual Start]
  <system32driversmfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Running/Manual Start]
  <system32driversmfebopk.sys><McAfee, Inc.>
[McAfee Inc. mfehidk / mfehidk][Running/System Start]
  <system32driversmfehidk.sys><McAfee, Inc.>
[McAfee Inc. mferkdk / mferkdk][Stopped/Manual Start]
  <system32driversmferkdk.sys><McAfee, Inc.>
[McAfee Inc. mfesmfk / mfesmfk][Running/Manual Start]
  <system32driversmfesmfk.sys><McAfee, Inc.>
[MHN driver / MHNDRV][Stopped/Manual Start]
  <system32DRIVERSmhndrv.sys><Microsoft Corporation>
[mohfilt / mohfilt][Running/Manual Start]
  <system32DRIVERSmohfilt.sys><Intel Corporation>
[MPFP / MPFP][Running/System Start]
  <System32DriversMpfp.sys><McAfee, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
  <SystemRootsystem32DRIVERSmraid35x.sys><American Megatrends Inc.>
[nv / nv][Running/Manual Start]
  <system32DRIVERSnv4_mini.sys><NVIDIA Corporation>
[OMCI WDM Device Driver / omci][Running/System Start]
  <system32DRIVERSomci.sys><Dell Computer Corporation>
[Low level access layer for CD devices / Pcouffin][Running/Manual Start]
  <System32DriversPcouffin.sys><VSO Software>
[PCTools KDS / PCTCore][Running/Boot Start]
  <SystemRootsystem32driversPCTCore.sys><PC Tools>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32DRIVERSptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <SystemRootSystem32DriversPxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
  <SystemRootsystem32DRIVERSql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <SystemRootsystem32DRIVERSql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <SystemRootsystem32DRIVERSql1280.sys><QLogic Corporation>
[BlackBerry Smartphone / RimUsb][Stopped/Manual Start]
  <System32DriversRimUsb.sys><Research In Motion Limited>
[RIM Virtual Serial Port v2 / RimVSerPort][Running/Manual Start]
  <system32DRIVERSRimSerial.sys><Research in Motion Ltd>
[rootrepeal / rootrepeal][Stopped/Manual Start]
  <??C:WINDOWSsystem32driversrootrepeal.sys><N/A>
[SASDIFSV / SASDIFSV][Running/System Start]
  <??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASENUM / SASENUM][Stopped/Manual Start]
  <??C:Program FilesSUPERAntiSpywareSASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[SASKUTIL / SASKUTIL][Running/System Start]
  <??C:Program FilesSUPERAntiSpywareSASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32DRIVERSsecdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32driverssenfilt.sys><Sensaura>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <SystemRootsystem32DRIVERSsisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32driverssmwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32DRIVERSSONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <SystemRootsystem32DRIVERSsparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32driverssscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32driversssrtln.sys><Sonic Solutions>
[symc810 / symc810][Running/Boot Start]
  <SystemRootsystem32DRIVERSsymc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <SystemRootsystem32DRIVERSsymc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <SystemRootsystem32DRIVERSsym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <SystemRootsystem32DRIVERSsym_u3.sys><LSI Logic>
[Tunebite High-Speed Dubbing / tbhsd][Running/Manual Start]
  <system32driverstbhsd.sys><RapidSolution Software AG>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32dlatfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32dlatfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32dlatfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32dlatfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32dlatfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32dlatfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32dlatfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32dlatfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32dlatfsnudfa.sys><Sonic Solutions>
[ultra / ultra][Running/Boot Start]
  <SystemRootsystem32DRIVERSultra.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32Driversusbaapl.sys><Apple, Inc.>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32DRIVERSwanatw4.sys><N/A>

==================================
Browser Add-ons
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:PROGRA~1MI3AA1~1INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:PROGRA~1MI3AA1~1INetRepl.dll, (Signed) Microsoft Corporation>
[]
  {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} <, >
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:WINDOWSsystem32Shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%Network Diagnosticxpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:Program FilesMessengermsmsgs.exe, (Signed) Microsoft Corporation>
[McAfee SiteAdvisor Toolbar]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:PROGRA~1mcafeeSITEAD~1mcieplg.dll, (Signed) >
[]
  {2E28242B-A689-11D4-80F2-0040266CBB8D} <, >
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:Program FilesJavajre6binnpjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:WINDOWSsystem32MacromedFlashFlash10c.ocx, (Signed) Adobe Systems, Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:Program FilesQuickTimeQTPlugin.ocx, (Signed) Apple Inc.>
[MetaStreamCtl Class]
  {03F998B2-0E00-11D3-A498-00104B6EB52E} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {089FD14D-132B-48FC-8861-0048AE113215} <, >
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:WINDOWSsystem32msjava.dll, Microsoft Corporation>
[]
  {0BF43445-2F28-4351-9252-17FE6E806AA0} <, >
[McAfee SiteAdvisor Toolbar]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:PROGRA~1mcafeeSITEAD~1mcieplg.dll, (Signed) >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%Microsoft SharedVGXvgx.dll, (Signed) N/A>
[]
  {11260943-421B-11D0-8EAC-0000C07D88CF} <, >
[]
  {166B1BCA-3F9C-11CF-8075-444553540000} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:WINDOWSsystem32legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:WINDOWSsystem32icardie.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:WINDOWSsystem32wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {233C1507-6A77-46A4-9443-F871F945D258} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:WINDOWSsystem32mshtml.dll, (Signed) Microsoft Corporation>
[McAfee Phishing Filter]
  {27B4851A-3207-45A2-B947-BE8AFE6163AB} <c:PROGRA~1mcafeemskmskapbho.dll, (Signed) >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:Program FilesCommon FilesMicrosoft SharedTrieditdhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2E28242B-A689-11D4-80F2-0040266CBB8D} <, >
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:WINDOWSsystem32mshtmled.dll, (Signed) Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:WINDOWSsystem32tdc.ocx, (Signed) Microsoft Corporation>
[]
  {36C417C6-13C6-448B-9784-DD73A93B0582} <, >
[XML Schema Cache]
  {373984C9-B845-449B-91E7-45AC83036ADE} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[]
  {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:PROGRA~1COMMON~1MICROS~1SMARTT~1IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {39FD89BF-D3F1-45B6-BB56-3582CCF489E1} <, >
[]
  {3AA42713-5C1E-48E2-B432-D8BF420DD31D} <, >
[]
  {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} <, >
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:Program FilesQuickTimeQTPlugin.ocx, (Signed) Apple Inc.>
[]
  {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} <, >
[]
  {43CF38F3-5AEC-45A3-AD31-04EB06E9C6CA} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[]
  {4C29D864-C55A-46DD-865C-17A1B7CC1A1A} <, >
[]
  {4DC7EF9E-48DC-4E29-B3E7-ACF54BB91B45} <, >
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <, >
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%system32mstscax.dll, (Signed) N/A>
[Glassbook Detecter Class]
  {4F878398-E58A-11D3-BEE9-00C04FA0D6BA} <C:Program FilesAdobeAcrobat 7.0ActiveXGbDetect.dll, (Signed) Adobe Systems Incorporated>
[Microsoft Licensed Class Manager 1.0]
  {5220CB21-C88D-11CF-B347-00AA00A28331} <C:WINDOWSsystem32licmgr10.dll, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:WINDOWSsystem32ieframe.dll, (Signed) Microsoft Corporation>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:Program FilesJavajre6binwsdetect.dll, Sun Microsystems, Inc.>
[]
  {5940894F-4BA9-4FAC-ACFD-2F56F7CE0E3B} <, >
[InstallShield Update Service Agent]
  {5B7524C8-2446-40E9-9474-94A779DBA224} <C:WINDOWSDownloaded Program Filesisusweb.dll, (Signed) Macrovision Corporation>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:WINDOWSsystem32dlatfswshx.dll, Sonic Solutions>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:WINDOWSsystem32wuweb.dll, (Signed) Microsoft Corporation>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:WINDOWSsystem32ieframe.dll, (Signed) Microsoft Corporation>
[]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[Windows Script Host Shell Object]
  {72C24DD5-D70A-438B-8A42-98424B88AFB8} <C:WINDOWSsystem32wshom.ocx, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%system32mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[COM+ Transaction Context Component]
  {7999FC25-D3C6-11CF-ACAB-00A024A55AEF} <C:WINDOWSsystem32comsvcs.dll, (Signed) Microsoft Corporation>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll, (Signed) McAfee, Inc.>
[]
  {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:WINDOWSsystem32ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 4.0]
  {88D969C2-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML Data Source Object 4.0]
  {88D969C4-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:WINDOWSsystem32msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:WINDOWSsystem32msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:WINDOWSsystem32msxml6.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 6.0]
  {88D96A07-F192-11D4-A65F-0040963251E5} <C:WINDOWSsystem32msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:WINDOWSsystem32msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:WINDOWSsystem32msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%system32mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} <, >
[McSubMgr Class]
  {9BE8D7B2-329C-442A-A4AC-ABA9D7572602} <c:PROGRA~1mcafeemscmcsubmgr9_3_13~1mcsubmgr.dll, (Signed) McAfee, Inc.>
[McAfee SiteAdvisor BHO]
  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:PROGRA~1mcafeeSITEAD~1mcieplg.dll, (Signed) >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%system32shdocvw.dll, (Signed) N/A>
[]
  {BA52B914-B692-46C4-B683-905236F6F655} <, >
[]
  {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} <, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:Program FilesCommon FilesSystemmsadcmsadco.dll, (Signed) Microsoft Corporation>
[EPUImageControl Class]
  {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <C:WINDOWSDownloaded Program FilesEPUWALcontrol.dll, (Signed) eBay, Inc.>
[]
  {CA145D71-4BCB-461D-BCBE-C01C42867380} <, >
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:Program FilesCommon FilesAdobeAcrobatActiveXAcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:Program FilesJavajre6binjp2iexp.dll, (Signed) >
[Deployment Toolkit]
  {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} <C:WINDOWSsystem32deploytk.dll, (Signed) Sun Microsystems, Inc.>
[Behavior Object]
  {CB927D12-4FF7-4A9E-A169-56E4B8A75598} <C:Program FilesQuickTimeQTPlugin.ocx, (Signed) Apple Inc.>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:WINDOWSsystem32wmp.dll, (Signed) Microsoft Corporation>
[]
  {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:WINDOWSsystem32rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:WINDOWSsystem32MacromedFlashFlash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D2D8D3C0-C750-4703-A6AD-75D6B578FFE6} <, >
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:Program FilesiTunesITDetector.ocx, (Signed) Apple Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:Program FilesJavajre6binjp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:Program FilesQuickTimeQTSystemQuickTimeCheck.ocx, (Signed) Apple Inc.>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:Program FilesMicrosoft Silverlight3.0.40818.0npctrl.dll, (Signed)  Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll, Sun Microsystems, Inc.>
[InstallShield Update Service Agent]
  {E9880553-B8A7-4960-A668-95C68BED571E} <C:WINDOWSDownloaded Program Filesisusweb.dll, (Signed) Macrovision Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:WINDOWSsystem32scrrun.dll, (Signed) Microsoft Corporation>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML Schema Cache 3.0]
  {F5078F34-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML Data Source Object 3.0]
  {F5078F39-C551-11D3-89B9-0000F81FE221} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML Data Source Object]
  {F6D90F14-9C73-11D3-B32E-00C04F990BB4} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:WINDOWSsystem32msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Download ALL with IDA]
  <F1910-F110-11D2-BB9E-00C04F795683}, N/A>
[Download with IDA]
  <, >
[E&xport to Microsoft Excel]
  <res://C:PROGRA~1MI1933~1Office12EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 708 / SYSTEM][SystemRootSystem32smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 756 / SYSTEM][??C:WINDOWSsystem32csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780 / SYSTEM][??C:WINDOWSsystem32winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:Program FilesSUPERAntiSpywareSASWINLO.dll]  [SUPERAntiSpyware.com, 1, 0, 0, 1054]
[PID: 824 / SYSTEM][C:WINDOWSsystem32services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 836 / SYSTEM][C:WINDOWSsystem32lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:WINDOWStscocawf.dll]  [user, 1, 0, 0, 9]
[PID: 1032 / SYSTEM][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1116 / NETWORK SERVICE][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1212 / SYSTEM][C:WINDOWSSystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 1336 / NETWORK SERVICE][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 1412 / LOCAL SERVICE][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1556 / SYSTEM][C:WINDOWSsystem32LEXBCES.EXE]  [Lexmark International, Inc., 7.2]
	[C:WINDOWSsystem32lexp2p32.dll]  [Lexmark International, Inc., 7.2]
	[C:WINDOWSsystem32lex2kusb.dll]  [Lexmark International, Inc., 7.2]
[PID: 1600 / SYSTEM][C:WINDOWSsystem32LEXPPS.EXE]  [Lexmark International, Inc., 7.2]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:WINDOWSsystem32LEXBCE.DLL]  [Lexmark International, Inc., 7.2]
[PID: 1620 / SYSTEM][C:WINDOWSsystem32spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:WINDOWSsystem32LEXLMPM.DLL]  [Lexmark International, Inc., 7.2]
	[C:WINDOWSsystem32LexBce.dll]  [Lexmark International, Inc., 7.2]
	[C:WINDOWSSystem32spoolPRTPROCSW32X86lxampp.dll]  [Lexmark International, 1, 0, 0, 1]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 232 / Brad][C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 0]
	[C:Program FilesAnalog DevicesSoundMAXSMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 2, 008]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
[PID: 236 / Brad][C:WINDOWSSystem32spoolDRIVERSW32X863printray.exe]  [Lexmark, 1, 0, 0, 7]
	[C:WINDOWSSystem32spoolDRIVERSW32X863PrinTray.dll]  [Lexmark, 1, 0, 0, 7]
	[C:WINDOWSSystem32spoolDRIVERSW32X863LXAMICO.DLL]  [N/A, ]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
[PID: 248 / Brad][C:Program FilesMicrosoft HardwareMousepoint32.exe]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMouseCMTOOL32.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMouseMSHLOCAL.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMouseMSLNG32.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMousePOINT32.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:Program FilesMicrosoft HardwareMouseIP4xBatt.dll]  [N/A, ]
[PID: 256 / Brad][C:WINDOWSsystem32lxamsp32.exe]  [Lexmark International, 0, 98, 1, 0]
	[C:WINDOWSsystem32lxamsp32.dll]  [Lexmark International, 0, 98, 4, 0]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
[PID: 520 / LOCAL SERVICE][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 552 / SYSTEM][C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe]  [Apple Inc., 2.50.39.0]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 568 / SYSTEM][C:Program FilesBonjourmDNSResponder.exe]  [Apple Inc., 1,0,6,2]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 604 / SYSTEM][C:WINDOWSeHomeehRecvr.exe]  [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
	[C:WINDOWSsystem32sbe.dll]  [, ]
	[C:WINDOWSsystem32quartz.dll]  [, ]
	[C:WINDOWSsystem32devenum.dll]  [, ]
	[C:WINDOWSsystem32msdmo.dll]  [, ]
	[C:WINDOWSsystem32hcwECP.ax]  [Hauppauge Computer Works, Inc., 1.3.22208]
	[C:WINDOWSsystem32mpg2splt.ax]  [, ]
	[C:WINDOWSsystem32VBICodec.ax]  [, ]
	[C:WINDOWSsystem32encdec.dll]  [, ]
	[C:WINDOWSsystem32hcwXDS.dll]  [, 1, 4, 0, 20266]
	[C:WINDOWSsystem32hcwCCnv2.ax]  [Hauppauge Computer Works, Inc., 2.0.16.22216]
	[C:Program FilesReplay AV 8ffdshow.ax]  [, 1.0.2.2041]
	[C:Program FilesReplay AV 8VSFilter.dll]  [Gabest, 1, 0, 1, 3]
	[C:Program FilesCommon FilesRoxio Shared9.0SharedComRxDSMp3Encoder.ax]  [Sonic Solutions, 9.4.1.48]
	[C:Program FilesCommon FilesRoxio SharedSharedComRxACMP3Lame3.dll]  [Sonic Solutions, 9.4.1.48]
	[C:Program Files321StudiosPlatinummlcom.ax]  [Moonlight Cordless Ltd., 1.00]
	[C:Program FilesCommon FilesIviSDKHauppaugeIviAudio_Hauppauge.ax]  [InterVideo Inc., 4.5.28.92]
	[C:WINDOWSsystem32L3CODECX.AX]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
	[C:Program FilesOrb NetworksOrbbinDScaler5MpegAudio.dll]  [DScaler Team, 0, 0, 6, 0]
[PID: 672 / SYSTEM][C:WINDOWSeHomeehSched.exe]  [(Verified) Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1239)]
[PID: 840 / SYSTEM][C:WINDOWSSystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1324 / SYSTEM][C:Program FilesIntelIntel Application Acceleratoriaantmon.exe]  [Intel Corporation, 4.0.0.6211]
[PID: 1392 / SYSTEM][C:Program FilesJavajre6binjqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 1572 / SYSTEM][C:Program FilesMcAfeeSiteAdvisorMcSACore.exe]  [, ]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[c:PROGRA~1mcafeeSITEAD~1apengine.dll]  [, ]
	[c:PROGRA~1mcafeeSITEAD~1saupkeep.dll]  [, ]
	[C:Program FilesMcAfeeSiteAdvisorSACore.dll]  [, ]
	[C:Program FilesMcAfeeSiteAdvisorSASet.dll]  [, ]
	[c:PROGRA~1mcafeeSITEAD~1MCSACO~1.DLL]  [, ]
	[c:PROGRA~1mcafeemscmcregobj9_3_13~1mcregobj.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeemscmcutil9_3_11~1McUtil.dll]  [McAfee, Inc., 9,3,114,0]
	[c:PROGRA~1mcafeeSITEAD~1McFrmWk.dll]  [, ]
	[c:PROGRA~1mcafeeSITEAD~1CntScan.dll]  [, ]
[PID: 1884 / Brad][C:WINDOWSexplorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:WINDOWStscocawf.dll]  [user, 1, 0, 0, 9]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
	[c:PROGRA~1mcafeeVIRUSS~1mcctxmnu.dll]  [McAfee, Inc., 13,3,127,0]
	[C:Program FilesSUPERAntiSpywareSASCTXMN.DLL]  [SUPERAntiSpyware.com, 1, 0, 0, 1004]
	[C:Program FilesWinRARrarext.dll]  [N/A, ]
	[C:Program FilesSUPERAntiSpywareSASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]
[PID: 2012 / SYSTEM][C:PROGRA~1McAfeeMSCmcmscsvc.exe]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeemscmcutil9_3_11~1McUtil.dll]  [McAfee, Inc., 9,3,114,0]
	[C:PROGRA~1McAfeeMSCMcRes.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSC1033McLocRes.dll]  [McAfee, Inc., 9,3,106,0]
	[C:Program FilesMcAfeeMSCoem105-59Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:PROGRA~1McAfeeMSCMccobres.dll]  [McAfee, Inc., 9,3,106,0]
	[C:PROGRA~1COMMON~1McAfeeMSCsqlite3.dll]  [McAfee, Inc., 9,3,114,0]
	[c:PROGRA~1COMMON~1mcafeecoremccoreps.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1mcafeemscmcshllps.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSCMcProHlp.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeeVIRUSS~1mvsap.dll]  [McAfee, Inc., 13,3,127,0]
	[c:PROGRA~1mcafeemscmcsubmgr9_3_13~1mcsubmgr.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeVIRUSS~11033vscobres.dll]  [McAfee, Inc., 13,3,126,0]
	[c:PROGRA~1mcafeempfmcmpfmisp.dll]  [McAfee, Inc., 10.3.106.0]
	[C:Program FilesMcAfeeMPF1033L10N.DLL]  [McAfee, Inc., 10.3.102.0]
	[c:PROGRA~1mcafeempsmpsmspap.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeemscmcmscver.dll]  [McAfee, Inc., 9,3,162,0]
	[C:PROGRA~1McAfeeMPS1033MpsRes.DLL]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeemskmskmisp.dll]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeemscmcprotpv.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeeVIRUSS~1mvsver.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1COMMON~1mcafeecoremcevtbrk.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1COMMON~1mcafeemcproxyproxyver.dll]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1COMMON~1mcafeeHACKER~1hwapi.dll]  [McAfee, Inc., 10.3.104.0]
	[c:PROGRA~1COMMON~1mcafeefwdriverfwdrvver.dll]  [McAfee, Inc., 10.3.102.0]
	[c:PROGRA~1mcafeempsmpsver.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeemscmcnmcver.dll]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1mcafeemqcqcmisp.dll]  [McAfee, Inc., 9,3,102,0]
	[c:PROGRA~1mcafeemqcQcLite.dll]  [McAfee, Inc., 9,3,102,0]
[PID: 2036 / SYSTEM][c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1COMMON~1mcafeemscmcutil9_3_11~1McUtil.dll]  [McAfee, Inc., 9,3,114,0]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[c:PROGRA~1mcafeemscmcnmcsrv.dll]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[c:PROGRA~1mcafeemscmcndsv.dll]  [McAfee, Inc., 3,3,104,0]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[c:PROGRA~1COMMON~1mcafeecoremccoreps.dll]  [McAfee, Inc., 3,3,103,0]
	[C:PROGRA~1McAfeeMSCMcRes.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeemscmcshllps.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSC1033McLocRes.dll]  [McAfee, Inc., 9,3,106,0]
	[C:Program FilesMcAfeeMSCoem105-59Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:PROGRA~1McAfeeMSCMccobres.dll]  [McAfee, Inc., 9,3,106,0]
	[c:PROGRA~1mcafeemscmcsubmgr9_3_13~1mcsubmgr.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeemnaMCNASV~1.DLL]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1mcafeemscmcnmcsps.dll]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1mcafeempfmcmpfp.dll]  [McAfee, Inc., 10.3.106.0]
	[c:PROGRA~1mcafeemscmcregobj9_3_13~1mcregobj.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeemscmcmismgr.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeemnamcuj.dll]  [McAfee, Inc., 3,3,104,0]
[PID: 2204 / SYSTEM][c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe]  [McAfee, Inc., 3,3,104,0]
	[c:PROGRA~1mcafeeVIRUSS~1escnplug.dll]  [McAfee, Inc., 13,3,130,0]
	[C:PROGRA~1McAfeeVIRUSS~11033EsPlgRes.dll]  [McAfee, Inc., 13,3,113,0]
	[c:PROGRA~1mcafeeVIRUSS~1mvscfg.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1mcafeempsmps.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeemskmskpxplg.dll]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeempsmpscfg.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeecoremcevtbrk.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1mcafeemscmcsubmgr9_3_13~1mcsubmgr.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeempsmpsevh.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1mcafeempsmpsmisp.dll]  [McAfee, Inc., 11.3.103.0]
	[c:PROGRA~1COMMON~1mcafeecoremccoreps.dll]  [McAfee, Inc., 3,3,103,0]
	[C:Program FilesMcAfeeVirusScanmvslog.dll]  [McAfee, Inc., 13,3,127,0]
[PID: 2292 / SYSTEM][C:PROGRA~1McAfeeVIRUSS~1mcshield.exe]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1LockDown.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mytilus3.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mytilus3_server.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1RES00McShield.dll]  [McAfee, Inc., VSCORE.14.0.0.423]
	[C:PROGRA~1McAfeeVIRUSS~1FTL.Dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[C:PROGRA~1McAfeeVIRUSS~1naiann.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1COMMON~1mcafeecoremccoreps.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1mcafeeVIRUSS~1mcvsps.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1mcafeeVIRUSS~1naiannps.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1mcafeeVIRUSS~1mvscfg.dll]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1COMMON~1mcafeecoremcevtbrk.dll]  [McAfee, Inc., 3,3,103,0]
	[C:PROGRA~1McAfeeVIRUSS~1mvslog.dll]  [McAfee, Inc., 13,3,127,0]
	[C:Program FilesMcAfeeVirusScanEngine5301.4018mcscan32.dll]  [McAfee, Inc., 5.3.00]
	[C:Program FilesMcAfeeVirusScanEngine5301.4018mc5300up.001]  [McAfee, Inc., 5.3.00]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeVIRUSS~1mfebopa.dll]  [McAfee, Inc., SYSCORE.14.0.0.340.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mfehida.dll]  [McAfee, Inc., SYSCORE.14.0.0.340.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mfeavfa.dll]  [McAfee, Inc., SYSCORE.14.0.0.340.x86]
[PID: 2348 / SYSTEM][C:Program FilesMcAfeeMPFMPFSrv.exe]  [McAfee, Inc., 10.3.111.0]
	[c:PROGRA~1COMMON~1mcafeeHACKER~1hwapi.dll]  [McAfee, Inc., 10.3.104.0]
	[c:PROGRA~1COMMON~1mcafeecoremcevtbrk.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1mcafeempfmcmpfmisp.dll]  [McAfee, Inc., 10.3.106.0]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]
	[c:PROGRA~1mcafeemscmccfgpv.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSCMcRes.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSC1033McLocRes.dll]  [McAfee, Inc., 9,3,106,0]
	[C:Program FilesMcAfeeMSCoem105-59Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:PROGRA~1McAfeeMSCMccobres.dll]  [McAfee, Inc., 9,3,106,0]
[PID: 2436 / SYSTEM][C:Program FilesMcAfeeMSKMskSrver.exe]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeemskmskengn.dll]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeemskmskupd.dll]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeemskmskwm.dll]  [McAfee, Inc., 10.3.109.0]
	[c:PROGRA~1mcafeemskmskxaif.dll]  [McAfee, Inc., 10.3.109.0]
	[C:Program FilesMcAfeeMSKMSKSet.dll]  [McAfee, Inc., 10.3.109.0]
	[C:Program FilesMcAfeeMSKmasecore.dll]  [McAfee, Inc., 2.1.0.7825]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 2484 / SYSTEM][C:WINDOWSsystem32nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.8120]
	[C:WINDOWSsystem32nvapi.dll]  [NVIDIA Corporation, 6.14.11.8120]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
[PID: 528 / Brad][c:PROGRA~1mcafee.comagentmcagent.exe]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSCMcRes.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeMSC1033McLocRes.dll]  [McAfee, Inc., 9,3,106,0]
	[C:Program FilesMcAfeeMSCoem105-59Mccobres.dll]  [McAfee, Inc., 8,0,205,0]
	[C:PROGRA~1McAfeeMSCMccobres.dll]  [McAfee, Inc., 9,3,106,0]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[C:PROGRA~1McAfeeMSCMcAltLib.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1COMMON~1McAfeeMSCMispLF.dll]  [McAfee, Inc., 9,3,114,0]
	[c:PROGRA~1COMMON~1mcafeemscmcutil9_3_11~1McUtil.dll]  [McAfee, Inc., 9,3,114,0]
	[c:PROGRA~1mcafeemscmcuicfg.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1COMMON~1mcafeecoremccoreps.dll]  [McAfee, Inc., 3,3,103,0]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeemscmccfgpv.dll]  [McAfee, Inc., 9,3,137,0]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
	[c:PROGRA~1mcafee.comagentmcagntps.dll]  [McAfee, Inc., 9,3,137,0]
	[c:PROGRA~1mcafeemscmcshllps.dll]  [McAfee, Inc., 9,3,137,0]
[PID: 3584 / SYSTEM][c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe]  [Microsoft Corporation, 2005.090.3042.00]
[PID: 3608 / LOCAL SERVICE][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 3660 / SYSTEM][C:WINDOWSsystem32svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3752 / SYSTEM][C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 3940 / LOCAL SERVICE][C:WINDOWSehomemcrdsvc.exe]  [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1239)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 3996 / NETWORK SERVICE][C:Program FilesWindows Media PlayerWMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 3128 / SYSTEM][C:WINDOWSsystem32dllhost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 3320 / SYSTEM][C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe]  [McAfee, Inc., 13,3,130,0]
	[c:PROGRA~1mcafeemscmcmispps.dll]  [McAfee, Inc., 9,3,137,0]
	[C:PROGRA~1McAfeeVIRUSS~1mvslog.dll]  [McAfee, Inc., 13,3,127,0]
	[C:PROGRA~1McAfeeVIRUSS~1mfesmfa.dll]  [McAfee, Inc., SYSCORE.14.0.0.340.x86]
	[C:PROGRA~1McAfeeVIRUSS~1mfehida.dll]  [McAfee, Inc., SYSCORE.14.0.0.340.x86]
	[c:PROGRA~1COMMON~1mcafeeHACKER~1hwapi.dll]  [McAfee, Inc., 10.3.104.0]
	[c:PROGRA~1mcafeeVIRUSS~1mvscfg.dll]  [McAfee, Inc., 13,3,130,0]
[PID: 1956 / LOCAL SERVICE][C:WINDOWSSystem32alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
[PID: 3384 / Brad][C:WINDOWSsystem32ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
[PID: 304 / Brad][C:downloadsstrsreng2SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 3428 / Brad][C:downloadsstrsreng2SRE3757f084.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:Program FilesMcAfeeSiteAdvisorsaHook.dll]  [, ]
	[C:Program FilesMicrosoft HardwareMouseMSH_ZWF.dll]  [Microsoft Corporation, 4.10.0851.0]
	[C:downloadsstrsreng2Upload3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[?globalrootDevice__max++>19726338.x86.dll]  [N/A, ]
	[C:Program FilesBonjourmdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[c:PROGRA~1mcafeeVIRUSS~1scriptsn.dll]  [McAfee, Inc., VSCORE.14.0.0.423.x86]

==================================
File Associations
.TXT  OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:WINDOWShh.exe" %1]
.HLP  OK. [%SystemRoot%System32winhlp32.exe %1]
.INI  OK. [%SystemRoot%System32NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%System32NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%System32WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%System32WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1556, C:WINDOWSSYSTEM32LEXBCES.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1600, C:WINDOWSSYSTEM32LEXPPS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 232, C:PROGRAM FILESANALOG DEVICESSOUNDMAXSMAX4PNP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 236, C:WINDOWSSYSTEM32SPOOLDRIVERSW32X863PRINTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 248, C:PROGRAM FILESMICROSOFT HARDWAREMOUSEPOINT32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 256, C:WINDOWSSYSTEM32LXAMSP32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1324, C:PROGRAM FILESINTELINTEL APPLICATION ACCELERATORIAANTMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3752, C:PROGRAM FILESCOMMON FILESULEAD SYSTEMSDVDULCDRSVR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 304, C:DOWNLOADSSTRSRENG2SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] Orb Index when idle.job
		C:Program FilesOrb NetworksOrbbinOrbLauncher.exe 
[Enabled] McQcTask.job
		c:PROGRA~1mcafeemqcQcConsol.exe 
[Enabled] McDefragTask.job
		c:PROGRA~1mcafeemqcQcConsol.exe 
[Enabled] AppleSoftwareUpdate.job
		C:Program FilesApple Software UpdateSoftwareUpdate.exe 
[Enabled] Ad-Aware Update (Weekly).job
		C:Program FilesLavasoftAd-AwareAd-AwareAdmin.exe 
[Enabled] User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job
		C:WINDOWSsystem32msfeedssync.exe 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Merged posts. ~ OB

Edited by Orange Blossom, 23 September 2009 - 10:39 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 10 October 2009 - 10:20 AM

Hello bradrx

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 11 October 2009 - 07:01 PM

OTL logfile created on: 10/11/2009 6:57:04 PM - Run 1
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 98.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 40.41 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINOFFICEPC
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\lxamsp32.exe (Lexmark International)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (0121731254288776mcinstcleanup [Auto | Stopped]) -- C:\WINDOWS\Temp\0121731254288776mcinst.exe (McAfee, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe ()
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APLMp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ATICXCAP [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aticxcap.sys (ATI Technologies, Inc.)
DRV - (ATICXTUN [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aticxtun.sys (ATI Technologies, Inc.)
DRV - (ATICXXBR [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aticxxbr.sys (ATI Technologies, Inc.)
DRV - (ATITool [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ATITool.sys ()
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (CDRPDACC [Auto | Running]) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS (Arrowkey)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcwPP2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ICAM5USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Icam5USB.sys (Microsoft Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (IPFilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys (Microsoft Corporation)
DRV - (IrBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Sensaura)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 04:54:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 20:34:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/18 02:20:54 | 00,000,000 | ---D | M]

[2009/04/22 01:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Extensions
[2009/04/22 01:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2006/09/15 02:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Firefox\Profiles\4t8eo7wv.default\extensions
[2006/09/15 02:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Firefox\Profiles\4t8eo7wv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/09/15 02:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\mozilla\Firefox\Profiles\4t8eo7wv.default\extensions\videodowloader@videodownloader.net

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] File not found
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lxamsp32.exe] C:\WINDOWS\System32\lxamsp32.exe (Lexmark International)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Orb] File not found
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [RealTray] File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (nadubesu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 17:07:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ea7653b-89f0-11dd-8023-0011117a0e3b}\Shell - "" = AutoRun
O33 - MountPoints2\{3ea7653b-89f0-11dd-8023-0011117a0e3b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ea7653b-89f0-11dd-8023-0011117a0e3b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ca522f3e-4d8e-11d9-8a28-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/09/19 23:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/23 01:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/20 09:59:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/20 00:24:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/19 23:09:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Malwarebytes
[2009/09/21 21:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\McAfee
[2009/09/23 01:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\PC Tools
[2009/09/20 09:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\SUPERAntiSpyware.com
[2009/09/18 23:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\Ulead Systems
[2009/09/23 00:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Deployment
[2009/09/23 00:36:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Google
[2009/09/23 00:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Temp
[2009/09/23 01:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/22 22:22:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/12 18:15:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/09/23 01:48:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/20 09:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/11 01:27:40 | 00,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/10/10 10:52:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/23 01:49:06 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/23 01:48:58 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/23 01:48:57 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/23 01:48:44 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/23 00:42:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/09/23 00:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Downloads
[2009/09/22 21:24:28 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Brad\Desktop\winlogon.exe
[2009/09/20 16:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Desktop\RootRepeal
[2009/09/20 15:48:54 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup2.exe
[2009/09/20 14:41:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/09/20 03:32:01 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/09/20 02:51:08 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\maleware-setup.exe
[2009/09/20 01:08:44 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/20 01:08:32 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Brad\Desktop\VundoFix.exe
[2009/09/20 00:23:34 | 18,051,592 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Brad\Desktop\spdoc.exe
[2009/09/20 00:17:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/19 23:08:47 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/09/19 22:51:49 | 00,048,640 | ---- | C] (user) -- C:\mdnsq.exe
[2009/09/18 23:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brad\My Documents\Ulead DVD MovieFactory
[2009/09/13 05:06:55 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/09/13 05:06:55 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/09/13 05:06:55 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/11 18:41:16 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005UA.job
[2009/10/11 18:06:32 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Orb Index when idle.job
[2009/10/11 07:41:23 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job
[2009/10/11 01:27:40 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2009/10/11 00:41:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005Core.job
[2009/10/10 10:48:01 | 00,163,328 | ---- | M] () -- C:\WINDOWS\agigonamanewoh.dll
[2009/10/10 10:44:57 | 00,023,977 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/10 10:41:06 | 00,200,790 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/10 10:40:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/10 10:40:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\sUBs
[2009/10/10 10:40:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/10 10:40:51 | 32,192,96256 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/08 00:43:48 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 18:41:55 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Google Chrome.lnk
[2009/10/06 10:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/04 09:30:44 | 00,131,168 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/03 11:33:01 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/01 01:00:13 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/30 07:39:33 | 00,163,328 | ---- | M] () -- C:\WINDOWS\evunibume.dll
[2009/09/30 07:36:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/26 17:44:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/23 17:24:23 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Win32kDiag.exe
[2009/09/23 02:34:51 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/23 02:34:50 | 00,007,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/23 01:48:47 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/23 00:51:02 | 00,163,840 | ---- | M] () -- C:\WINDOWS\ecarayeh.dll
[2009/09/23 00:43:54 | 00,523,418 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/23 00:43:54 | 00,442,774 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/09/23 00:43:54 | 00,071,848 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/09/23 00:43:00 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/22 21:27:11 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Brad\Desktop\winlogon.exe
[2009/09/20 20:12:22 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\yekajona
[2009/09/20 17:44:04 | 03,727,824 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\SINO.exe
[2009/09/20 16:21:30 | 00,059,664 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\mbam-clean.exe
[2009/09/20 16:09:38 | 00,465,306 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\RootRepeal.rar
[2009/09/20 15:49:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup2.exe
[2009/09/20 14:59:32 | 03,745,244 | -H-- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\IconCache.db
[2009/09/20 14:55:45 | 00,001,341 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\regtools.vbs
[2009/09/20 12:58:57 | 00,050,176 | -HS- | M] () -- C:\WINDOWS\System32\lihiyufi.dll
[2009/09/20 04:22:20 | 00,507,904 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\moveonb.msi
[2009/09/20 02:51:08 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\maleware-setup.exe
[2009/09/20 01:08:34 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Brad\Desktop\VundoFix.exe
[2009/09/20 00:59:20 | 00,983,076 | -HS- | M] () -- C:\WINDOWS\System32\hegizuku.exe
[2009/09/20 00:59:09 | 00,044,970 | -HS- | M] () -- C:\WINDOWS\System32\vosorudi.exe
[2009/09/20 00:59:09 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\pozapevi.dll
[2009/09/20 00:23:37 | 18,051,592 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brad\Desktop\spdoc.exe
[2009/09/19 23:08:55 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brad\Desktop\mbam-setup.exe
[2009/09/19 22:52:25 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/09/19 22:51:50 | 00,048,640 | ---- | M] (user) -- C:\mdnsq.exe
[2009/09/19 22:51:49 | 00,006,656 | ---- | M] () -- C:\rhjdpc.exe
[2009/09/15 01:22:03 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/09/13 22:13:27 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\office pool.doc
[2009/09/13 21:48:40 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Brad\My Documents\New Microsoft Word Document (3).doc
[2009/09/13 00:57:17 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Orb.lnk

========== Files - No Company Name ==========
[2100/02/23 19:55:50 | 00,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2009/10/10 10:47:57 | 00,163,328 | ---- | C] () -- C:\WINDOWS\agigonamanewoh.dll
[2009/09/30 07:39:31 | 00,163,328 | ---- | C] () -- C:\WINDOWS\evunibume.dll
[2009/09/30 00:09:01 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 17:24:22 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Win32kDiag.exe
[2009/09/23 02:34:50 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/23 01:48:47 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/23 00:51:01 | 00,163,840 | ---- | C] () -- C:\WINDOWS\ecarayeh.dll
[2009/09/23 00:38:26 | 00,002,277 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Google Chrome.lnk
[2009/09/23 00:36:35 | 00,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005UA.job
[2009/09/23 00:36:35 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005Core.job
[2009/09/20 17:44:04 | 03,727,824 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\SINO.exe
[2009/09/20 16:21:28 | 00,059,664 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\mbam-clean.exe
[2009/09/20 16:02:35 | 00,465,306 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\RootRepeal.rar
[2009/09/20 14:55:44 | 00,001,341 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\regtools.vbs
[2009/09/20 14:05:11 | 32,192,96256 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/20 04:22:15 | 00,507,904 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\moveonb.msi
[2009/09/19 22:52:25 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/09/19 22:51:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sUBs
[2009/09/19 22:51:49 | 00,006,656 | ---- | C] () -- C:\rhjdpc.exe
[2009/09/13 21:49:09 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\office pool.doc
[2009/09/13 21:48:40 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Brad\My Documents\New Microsoft Word Document (3).doc
[2009/09/13 00:58:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Orb Index when idle.job
[2009/06/20 12:58:26 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\lihiyufi.dll
[2009/06/20 00:59:08 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\pozapevi.dll
[2008/12/26 00:08:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 00:08:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 00:08:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 00:08:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/05 21:51:25 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/19 16:33:01 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\$_hpcst$.hpc
[2007/08/20 19:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 19:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 17:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 17:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/16 02:29:37 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/05/15 23:24:07 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/05/05 01:14:20 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/09 02:12:32 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 04:14:48 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/06 04:14:48 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/17 19:56:22 | 00,001,378 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/10 08:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/06/02 17:15:44 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 12:37:27 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/02/24 03:41:59 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 03:41:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 11:36:20 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 11:36:20 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 11:36:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2005/08/07 01:53:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/07 13:27:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\PFP120JPR.{PB
[2005/06/07 13:27:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\PFP120JCM.{PB
[2005/05/23 22:53:12 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/05/23 22:53:12 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/05/23 22:53:12 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/05/23 22:53:12 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/02/01 01:25:20 | 00,064,816 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/23 23:26:25 | 00,003,760 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/25 20:10:59 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2004/12/25 20:07:35 | 00,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2004/12/25 20:07:20 | 00,022,863 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2004/12/25 20:07:01 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2004/12/25 20:05:38 | 00,000,583 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2004/12/25 20:04:10 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2004/12/19 23:54:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/10 04:16:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Brad\Application Data\DESKTOP.INI
[2004/12/10 04:16:20 | 00,131,168 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/12/10 04:16:20 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\fusioncache.dat
[2004/12/10 04:16:19 | 03,745,244 | -H-- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\IconCache.db
[2004/12/06 19:33:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/06 19:29:27 | 00,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/06 18:53:02 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 17:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:22:58 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 17:07:08 | 00,000,507 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/19 16:57:48 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/19 16:57:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/10 06:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2004/08/10 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/12/10 01:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 01:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 01:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/04/11 11:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/05/13 18:18:34 | 00,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 10:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/10/24 15:56:36 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2009/09/23 01:48:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/03 14:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/15 01:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 21:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2004/12/06 19:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/13 00:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/09/27 16:20:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/08 01:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/07/18 23:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2004/12/06 18:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/07/18 17:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
[2009/09/27 07:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/18 23:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/09/23 01:48:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Brad\Application Data
[2005/01/03 03:14:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Azureus
[2009/06/14 22:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Blackberry Desktop
[2005/06/07 13:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Corel
[2005/02/20 22:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\CyberLink
[2009/09/23 01:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\GetRightToGo
[2005/07/17 22:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Internet Download Accelerator
[2004/12/25 20:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\InterTrust
[2004/12/14 22:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Kazaa Lite
[2005/01/16 23:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Leadertech
[2009/09/06 11:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\LimeWire
[2008/01/06 02:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Musicmatch
[2009/06/09 21:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Research In Motion
[2007/11/13 02:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\RTPlayer
[2005/10/16 22:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\teamspeak2
[2008/07/17 10:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\tunebite
[2008/09/24 17:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\U3
[2009/09/18 23:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Ulead Systems
[2008/12/05 21:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Ventrilo
[2009/10/06 10:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/03 11:33:01 | 00,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/11 00:41:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005Core.job
[2009/10/11 18:41:16 | 00,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005UA.job
[2009/09/15 01:22:03 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/01 01:00:13 | 00,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/10/11 18:06:32 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Orb Index when idle.job
[2009/10/10 10:40:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/11 07:41:23 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 11 October 2009 - 07:03 PM

OTL Extras logfile created on: 10/11/2009 6:57:04 PM - Run 1
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 98.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 40.41 Gb Free Space | 28.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINOFFICEPC
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:wow
"6112:TCP" = 6112:TCP:*:Enabled:wow2
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
"C:\Program Files\World of Warcraft\WoW.exe" = C:\Program Files\World of Warcraft\WoW.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE" = C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\RUNDLL32.EXE" = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- File not found
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe:*:Enabled:OrbLauncher -- (Orb Networks)
"C:\Program Files\Orb Networks\Orb\bin\OrbSetupWizard.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbSetupWizard.exe:*:Enabled:OrbSetupWizard -- ()
"C:\Program Files\Orb Networks\Orb\bin\OrbControlPanel.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbControlPanel.exe:*:Enabled:OrbControlPanel -- ()
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\winlogon.exe" = C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\lsass.exe" = C:\WINDOWS\SYSTEM32\lsass.exe:*:Enabled:lsass -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{44974444-B0F5-4F62-AE4E-7ECBD04AE29C}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D5FABDC7-9048-42B1-BE21-EF7ABD836706}" = oRipa Video Recorder1.2.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBMediaSyncUninstall" = BlackBerry Media Sync
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro_is1" = Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.05
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LimeWire" = LimeWire 5.1.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Orb
"PPTView97" = Microsoft PowerPoint Viewer 97
"RealPlayer 6.0" = RealPlayer Basic
"Replay Media Catcher" = Replay Media Catcher
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.75C
"Replay_Screencast_1.0" = Replay Screencast 1.21
"SkyCaddieDesktop" = SkyCaddie Desktop
"Spyware Doctor" = Spyware Doctor 6.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tunebite_is1" = Tunebite 4.1.0.35
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2009 6:02:27 AM | Computer Name = MAINOFFICEPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/7/2009 3:37:20 PM | Computer Name = MAINOFFICEPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This operation returned because the timeout period expired.

Error - 10/7/2009 3:37:20 PM | Computer Name = MAINOFFICEPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This operation returned because the timeout period expired.

Error - 10/8/2009 1:23:11 AM | Computer Name = MAINOFFICEPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This operation returned because the timeout period expired.

Error - 10/8/2009 1:23:11 AM | Computer Name = MAINOFFICEPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/801D62D07B449D5C5C035C98EA61FA443C2A58FE.crt>
with error: This operation returned because the timeout period expired.

Error - 10/10/2009 11:41:55 AM | Computer Name = MAINOFFICEPC | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.423
Exception
Code : 0XC0000005 Exception Address : 0X1472E752 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000091 More information : ScanRequest : NTName
is \Device\HarddiskVolume2\Program Files\Common Files\McAfee\MNA\McNASvc.exe.

Error - 10/10/2009 11:42:03 AM | Computer Name = MAINOFFICEPC | Source = Application Error | ID = 1000
Description = Faulting application Mcshield.exe, version 14.0.0.423, faulting module
mytilus3_worker.dll, version 14.0.0.433, fault address 0x0001e752.

Error - 10/10/2009 11:43:25 AM | Computer Name = MAINOFFICEPC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1992 (0x7c8) Thread address : 0x7C90E514 Thread message : Object being scanned
= \Device\HarddiskVolume2\Program Files\Common Files\McAfee\MNA\McNASvc.exe by
C:\Program Files\McAfee\MPF\MPFSrv.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/10/2009 11:46:00 AM | Computer Name = MAINOFFICEPC | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.423
Exception
Code : 0XC0000005 Exception Address : 0X1472E752 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000091 More information : ScanRequest : NTName
is \Device\HarddiskVolume2\Program Files\McAfee\MSC\McRes.dll.

Error - 10/10/2009 11:47:09 AM | Computer Name = MAINOFFICEPC | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.423
Exception
Code : 0XC0000005 Exception Address : 0X1472E752 Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000091 More information : ScanRequest : NTName
is \Device\HarddiskVolume2\Program Files\McAfee\MSC\McRes.dll.

[ System Events ]
Error - 10/10/2009 11:42:16 AM | Computer Name = MAINOFFICEPC | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 10/10/2009 11:42:36 AM | Computer Name = MAINOFFICEPC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/10/2009 11:43:16 AM | Computer Name = MAINOFFICEPC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/10/2009 11:43:57 AM | Computer Name = MAINOFFICEPC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/10/2009 11:44:37 AM | Computer Name = MAINOFFICEPC | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 10/10/2009 11:44:47 AM | Computer Name = MAINOFFICEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASKUTIL

Error - 10/10/2009 11:44:48 AM | Computer Name = MAINOFFICEPC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/10/2009 11:44:48 AM | Computer Name = MAINOFFICEPC | Source = Service Control Manager | ID = 7034
Description = The McAfee Application Installer Cleanup (0121731254288776) service
terminated unexpectedly. It has done this 1 time(s).

Error - 10/10/2009 11:46:02 AM | Computer Name = MAINOFFICEPC | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/10/2009 11:47:10 AM | Computer Name = MAINOFFICEPC | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).


< End of report >

#5 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 11 October 2009 - 07:56 PM

got the first part done.. the second one strarted and scanned for quite a while and then shutdown and now it will not run again


thanks for your help

Brad

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 12 October 2009 - 06:55 AM

You are welcome :(

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 12 October 2009 - 08:55 PM

Here is the combofix log. I had to run it twice the first run did not create a log after reboot ??? 2nd run seemed to work fine

thank you again.

Brad

ComboFix 09-10-11.03 - Brad 10/12/2009 20:36.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2576 [GMT -5:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\mdnsq.exe
C:\p2hhr.bat
C:\rhjdpc.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\WinRMSrv.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe
c:\windows\system32\iniasd.txt
c:\windows\system32\logs

c:\windows\system32\eventlog.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 00:07 . 2009-10-12 00:07 290816 ----a-w- C:\kiutq87z.exe
2009-10-10 15:47 . 2009-10-10 15:48 163328 ----a-w- c:\windows\agigonamanewoh.dll
2009-09-30 12:39 . 2009-09-30 12:39 163328 ----a-w- c:\windows\evunibume.dll
2009-09-23 06:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 06:48 . 2009-09-23 07:34 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 06:48 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-23 06:48 . 2009-09-23 07:01 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-23 06:48 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-23 06:48 . 2009-09-25 08:07 -------- d-----w- c:\program files\Spyware Doctor
2009-09-23 06:48 . 2009-09-23 06:48 -------- d-----w- c:\documents and settings\Brad\Application Data\PC Tools
2009-09-23 06:48 . 2009-09-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-23 05:51 . 2009-09-23 05:51 163840 ----a-w- c:\windows\ecarayeh.dll
2009-09-23 05:42 . 2009-10-12 22:30 -------- d-----w- c:\windows\system32\CatRoot
2009-09-23 05:36 . 2009-10-06 23:41 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Temp
2009-09-23 05:36 . 2009-09-23 05:38 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Google
2009-09-23 05:36 . 2009-09-23 05:36 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Deployment
2009-09-19 04:17 . 2009-09-19 04:17 -------- d-----w- c:\documents and settings\Brad\Application Data\Ulead Systems
2009-09-13 10:06 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-09-13 10:06 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 01:40 . 2009-09-20 14:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-12 08:33 . 2009-03-13 01:09 -------- d-----w- c:\program files\McAfee
2009-10-04 14:30 . 2004-12-10 09:16 131168 ----a-w- c:\documents and settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 02:59 . 2005-02-14 18:40 -------- d-----w- c:\program files\World of Warcraft
2009-09-27 12:36 . 2009-09-20 05:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 07:34 . 2009-09-23 07:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 07:00 . 2009-09-23 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 06:45 . 2009-02-09 23:14 -------- d-----w- c:\documents and settings\Brad\Application Data\GetRightToGo
2009-09-23 03:22 . 2009-09-20 04:09 -------- d-----w- c:\documents and settings\Brad\Application Data\Malwarebytes
2009-09-23 03:22 . 2009-09-20 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 01:10 . 2008-03-28 18:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 02:44 . 2009-09-22 02:44 -------- d-----w- c:\documents and settings\Brad\Application Data\McAfee
2009-09-22 02:44 . 2007-09-19 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-20 17:58 . 2009-06-20 17:58 50176 --sha-w- c:\windows\system32\lihiyufi.dll
2009-09-20 14:59 . 2009-09-20 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-20 14:59 . 2009-09-20 14:59 -------- d-----w- c:\documents and settings\Brad\Application Data\SUPERAntiSpyware.com
2009-09-20 05:59 . 2009-06-20 05:59 983076 --sha-w- c:\windows\system32\hegizuku.exe
2009-09-20 05:59 . 2009-06-20 05:59 44970 --sha-w- c:\windows\system32\vosorudi.exe
2009-09-20 05:59 . 2009-06-20 05:59 38400 --sha-w- c:\windows\system32\pozapevi.dll
2009-09-19 04:17 . 2004-12-26 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-18 05:22 . 2004-12-27 02:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-13 20:02 . 2009-02-10 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-13 05:57 . 2009-02-28 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-09-12 23:15 . 2009-09-12 23:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 16:12 . 2007-08-12 19:57 -------- d-----w- c:\documents and settings\Brad\Application Data\LimeWire
2009-08-30 18:18 . 2006-12-18 05:16 -------- d-----w- c:\program files\Replay AV 8
2009-08-26 20:55 . 2008-02-03 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-26 20:55 . 2006-06-13 20:10 -------- d-----w- c:\program files\Lavasoft
2009-08-26 17:49 . 2009-06-06 20:10 256 ----a-w- c:\windows\system32\pool.bin
2009-08-26 17:33 . 2009-06-06 19:58 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-20 02:24 . 2009-08-20 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-07 00:24 . 2004-08-10 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-12-22 06:31 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 11:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-12-22 06:31 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2008-12-14 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-03-13 01:09 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 22:32 . 2006-05-08 18:07 616448 --sha-r- c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\SYSTEM32\cygz.dll
2007-05-20 23:07 . 2007-05-05 06:14 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SYSTEM32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.DLL
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 11:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SYSTEM32\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\mshtml.dll
[-] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\mshtml.dll
[-] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-04 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[-] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\I386\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8318ED54797F3E513FD5817A1D4BBD18 . 2136064 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SYSTEM32\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SYSTEM32\DLLCACHE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\wininet.dll
[-] 2006-10-23 . 6B2735ADFF5A5D3B9130CA4A794722F0 . 658944 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-02 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-05-02 . 1A078AF3F85D10BA56444C23B3A18E74 . 657920 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-03-10 . 6F018D6319BE4F96426EA829B79E05D5 . 656896 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\wininet.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SYSTEM32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 . E7046C16373A7D3057557BDF59A590DD . 62464 . . [------] . . c:\windows\SYSTEM32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SYSTEM32\DRIVERS\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SYSTEM32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\I386\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BBB2322EB14AD9AD55B1024FFD4D88BF . 2015744 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SYSTEM32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 36864]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-07 26112]
"lxamsp32.exe"="lxamsp32.exe" - c:\windows\SYSTEM32\LXAMSP32.EXE [2001-10-22 45056]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli tscocawf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow
"6112:TCP"= 6112:TCP:wow2
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [9/23/2009 1:48 AM 206256]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 8:11 PM 210216]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 0121731254288776mcinstcleanup;McAfee Application Installer Cleanup (0121731254288776);c:\windows\TEMP\012173~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012173~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\SYSTEM32\DRIVERS\aticxcap.sys [12/20/2004 12:27 AM 188506]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\SYSTEM32\DRIVERS\aticxtun.sys [12/20/2004 12:27 AM 31003]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\SYSTEM32\DRIVERS\aticxxbr.sys [12/20/2004 12:27 AM 9882]
S3 root-repealrenamed;root-repealrenamed;\??\c:\windows\system32\drivers\root-repealrenamed.sys --> c:\windows\system32\drivers\root-repealrenamed.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/23/2009 1:48 AM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-23 05:36]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-23 05:36]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-13 02:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-13 02:26]

2009-10-12 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-08-21 21:05]

2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Orb - c:\program files\Orb Networks\Orb\bin\OrbTray.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-POINTER - point32.exe
HKLM-Run-Orb - (no file)
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 20:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1164722536-2189672071-2877611864-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67A532FC-D478-D3D9-C1AD-528AB9FE6E8E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaenghanoafpaloean"=hex:69,61,66,6d,69,6b,66,69,6e,69,6a,6a,6d,65,61,61,6c,69,
00,00
"hagimjplmhjniigg"=hex:69,61,66,6d,69,6b,66,69,6e,69,6a,6a,6d,65,61,61,6c,69,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(840)
c:\windows\tscocawf.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\tscocawf.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\EHOME\ehrecvr.exe
c:\windows\EHOME\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\EHOME\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\SYSTEM32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-10-13 20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 01:53

Pre-Run: 40,918,917,120 bytes free
Post-Run: 42,130,673,664 bytes free

676 --- E O F --- 2009-09-18 05:23

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 13 October 2009 - 07:00 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\agigonamanewoh.dll
c:\windows\evunibume.dll
c:\windows\ecarayeh.dll
c:\windows\system32\lihiyufi.dll
c:\windows\system32\hegizuku.exe
c:\windows\system32\vosorudi.exe
c:\windows\system32\pozapevi.dll
c:\windows\tscocawf.dll


SrPeek::
c:\windows\system32\eventlog.dll

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=73,63,65,63,6c,69,00,00


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 13 October 2009 - 08:49 AM

here it is

ComboFix 09-10-11.03 - Brad 10/13/2009 8:33.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2557 [GMT -5:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brad\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\agigonamanewoh.dll"
"c:\windows\ecarayeh.dll"
"c:\windows\evunibume.dll"
"c:\windows\system32\hegizuku.exe"
"c:\windows\system32\lihiyufi.dll"
"c:\windows\system32\pozapevi.dll"
"c:\windows\system32\vosorudi.exe"
"c:\windows\tscocawf.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\agigonamanewoh.dll
c:\windows\ecarayeh.dll
c:\windows\evunibume.dll
c:\windows\system32\hegizuku.exe
c:\windows\system32\lihiyufi.dll
c:\windows\system32\pozapevi.dll
c:\windows\system32\vosorudi.exe
c:\windows\tscocawf.dll

c:\windows\system32\eventlog.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 02:53 . 2009-10-13 02:53 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-12 00:07 . 2009-10-12 00:07 290816 ----a-w- C:\kiutq87z.exe
2009-09-23 06:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 06:48 . 2009-09-23 07:34 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 06:48 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-23 06:48 . 2009-09-23 07:01 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-23 06:48 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-23 06:48 . 2009-09-25 08:07 -------- d-----w- c:\program files\Spyware Doctor
2009-09-23 06:48 . 2009-09-23 06:48 -------- d-----w- c:\documents and settings\Brad\Application Data\PC Tools
2009-09-23 06:48 . 2009-09-23 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-23 05:42 . 2009-10-12 22:30 -------- d-----w- c:\windows\system32\CatRoot
2009-09-23 05:36 . 2009-10-06 23:41 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Temp
2009-09-23 05:36 . 2009-09-23 05:38 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Google
2009-09-23 05:36 . 2009-09-23 05:36 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Deployment
2009-09-19 04:17 . 2009-09-19 04:17 -------- d-----w- c:\documents and settings\Brad\Application Data\Ulead Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 13:36 . 2009-09-20 14:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-13 07:13 . 2009-03-13 01:09 -------- d-----w- c:\program files\McAfee
2009-10-13 02:59 . 2005-02-14 18:40 -------- d-----w- c:\program files\World of Warcraft
2009-10-04 14:30 . 2004-12-10 09:16 131168 ----a-w- c:\documents and settings\Brad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:36 . 2009-09-20 05:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 07:34 . 2009-09-23 07:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 07:00 . 2009-09-23 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 06:45 . 2009-02-09 23:14 -------- d-----w- c:\documents and settings\Brad\Application Data\GetRightToGo
2009-09-23 03:22 . 2009-09-20 04:09 -------- d-----w- c:\documents and settings\Brad\Application Data\Malwarebytes
2009-09-23 03:22 . 2009-09-20 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 01:10 . 2008-03-28 18:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 02:44 . 2009-09-22 02:44 -------- d-----w- c:\documents and settings\Brad\Application Data\McAfee
2009-09-22 02:44 . 2007-09-19 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-20 14:59 . 2009-09-20 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-20 14:59 . 2009-09-20 14:59 -------- d-----w- c:\documents and settings\Brad\Application Data\SUPERAntiSpyware.com
2009-09-19 04:17 . 2004-12-26 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-18 05:22 . 2004-12-27 02:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-13 20:02 . 2009-02-10 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-13 05:57 . 2009-02-28 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2009-09-12 23:15 . 2009-09-12 23:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 16:12 . 2007-08-12 19:57 -------- d-----w- c:\documents and settings\Brad\Application Data\LimeWire
2009-08-30 18:18 . 2006-12-18 05:16 -------- d-----w- c:\program files\Replay AV 8
2009-08-26 20:55 . 2008-02-03 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-26 20:55 . 2006-06-13 20:10 -------- d-----w- c:\program files\Lavasoft
2009-08-26 17:49 . 2009-06-06 20:10 256 ----a-w- c:\windows\system32\pool.bin
2009-08-26 17:33 . 2009-06-06 19:58 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-20 02:24 . 2009-08-20 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-07 00:24 . 2004-08-10 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-12-22 06:31 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 11:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-12-22 06:31 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-09-13 10:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-09-13 10:06 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-08-10 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2008-12-14 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-03-13 01:09 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 22:32 . 2006-05-08 18:07 616448 --sha-r- c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\SYSTEM32\cygz.dll
2007-05-20 23:07 . 2007-05-05 06:14 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SYSTEM32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.DLL
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SYSTEM32\DLLCACHE\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 11:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SYSTEM32\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\mshtml.dll
[-] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\mshtml.dll
[-] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-10-04 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[-] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\I386\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8318ED54797F3E513FD5817A1D4BBD18 . 2136064 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SYSTEM32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SYSTEM32\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SYSTEM32\DLLCACHE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2qfe\wininet.dll
[-] 2006-10-23 . 6B2735ADFF5A5D3B9130CA4A794722F0 . 658944 . . [6.00.2900.3020] . . c:\windows\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\sp2gdr\wininet.dll
[-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-05-02 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-05-02 . 1A078AF3F85D10BA56444C23B3A18E74 . 657920 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-03-10 . 6F018D6319BE4F96426EA829B79E05D5 . 656896 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\wininet.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SYSTEM32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 . E7046C16373A7D3057557BDF59A590DD . 62464 . . [------] . . c:\windows\SYSTEM32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SYSTEM32\DRIVERS\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SYSTEM32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 03:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 00:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\I386\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\SYSTEM32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BBB2322EB14AD9AD55B1024FFD4D88BF . 2015744 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SYSTEM32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-13_01.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 13:41 . 2009-10-13 13:41 16384 c:\windows\Temp\Perflib_Perfdata_120.dat
+ 2004-12-10 09:11 . 2009-10-13 13:28 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-10 09:11 . 2009-10-12 22:24 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-13 02:35 . 2009-10-13 13:28 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-12-10 09:11 . 2009-10-12 22:24 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 36864]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-07 26112]
"lxamsp32.exe"="lxamsp32.exe" - c:\windows\SYSTEM32\LXAMSP32.EXE [2001-10-22 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow
"6112:TCP"= 6112:TCP:wow2
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [9/23/2009 1:48 AM 206256]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 8:11 PM 210216]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 0116341255402425mcinstcleanup;McAfee Application Installer Cleanup (0116341255402425);c:\windows\TEMP\011634~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\011634~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\SYSTEM32\DRIVERS\aticxcap.sys [12/20/2004 12:27 AM 188506]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\SYSTEM32\DRIVERS\aticxtun.sys [12/20/2004 12:27 AM 31003]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\SYSTEM32\DRIVERS\aticxxbr.sys [12/20/2004 12:27 AM 9882]
S3 root-repealrenamed;root-repealrenamed;\??\c:\windows\system32\drivers\root-repealrenamed.sys --> c:\windows\system32\drivers\root-repealrenamed.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/23/2009 1:48 AM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0116341255402425MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-23 05:36]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164722536-2189672071-2877611864-1005UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-23 05:36]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-13 02:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-13 02:26]

2009-10-13 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Orb Networks\Orb\bin\OrbLauncher.exe [2009-08-21 21:05]

2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{31133D98-C44C-4191-A7E3-ACCE74E204F2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 08:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????????????????????X:??????????????(???x????????:??x???????`???????????x???? ??x???x??????????????|????????x???????????????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1164722536-2189672071-2877611864-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{67A532FC-D478-D3D9-C1AD-528AB9FE6E8E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaenghanoafpaloean"=hex:69,61,66,6d,69,6b,66,69,6e,69,6a,6a,6d,65,61,61,6c,69,
00,00
"hagimjplmhjniigg"=hex:69,61,66,6d,69,6b,66,69,6e,69,6a,6a,6d,65,61,61,6c,69,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\EHOME\ehrecvr.exe
c:\windows\EHOME\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\EHOME\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\SYSTEM32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-10-13 8:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 13:49
ComboFix2.txt 2009-10-13 01:53

Pre-Run: 42,140,418,048 bytes free
Post-Run: 42,111,885,312 bytes free

671 --- E O F --- 2009-09-18 05:23

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 13 October 2009 - 10:08 PM

Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as query.bat on your Desktop.
@Echo off 
sc query "CryptSvc">log.txt
notepad log.txt
del %0
Then please double click on query.bat a notepad document will open please post the contents of that in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 13 October 2009 - 11:58 PM

SERVICE_NAME: CryptSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 14 October 2009 - 07:06 AM

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Online Scanner
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 14 October 2009 - 07:48 PM

Here is the malwarebytes report

Malwarebytes' Anti-Malware 1.41
Database version: 2964
Windows 5.1.2600 Service Pack 3

10/14/2009 7:48:10 PM
mbam-log-2009-10-14 (19-48-10).txt

Scan type: Quick Scan
Objects scanned: 95722
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brad\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#14 bradrx

bradrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 14 October 2009 - 08:50 PM

and the online scanner :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=6de981f39afba24dbd81e846dc8cc38b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-15 01:48:36
# local_time=2009-10-14 08:48:36 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 21 100 85 84946043593750
# scanned=86803
# found=3
# cleaned=2
# scan_time=2013
C:\Qoobox\Quarantine\C\mdnsq.exe.vir Win32/Cimag.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\tscocawf.dll.vir Win32/Cimag.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\eventlog.dll a variant of Win32/Kryptik.YQ trojan (unable to clean) 00000000000000000000000000000000 I

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:22 PM

Posted 15 October 2009 - 07:22 AM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

c:\windows\SYSTEM32\upnphost.dll
c:\windows\SYSTEM32\svchost.exe
c:\windows\SYSTEM32\tapisrv.dll

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users