# hello and need help please "reveton trojan"



## jam1980uk (May 11, 2012)

Hello i only just joined your ste and i must say very good from what ive seen now i only found this site due to have a major problem so at least some thing good has come out of my "problem".
I have the west yourshire virus or better called "THE REVETON TROJAN". im sure you heard of it please can you help me i cant do anything cant boot in safe mode really stuck.

Thanks in advance for any help you can offer


----------



## kevinf80 (Mar 21, 2006)

Go here http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Reveton.A#recovery_link Scroll down to "Recovery" follow those instructions....


----------



## jam1980uk (May 11, 2012)

already tried that a few times m8 ctrl o don`t do any thing can`t boot into safe mode cant do anything.


----------



## kevinf80 (Mar 21, 2006)

If you have access to another system and a USB stick do the following:

Download the *Windows Defender Offline Tool* and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit










Double click







to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"










In the new window accept the agreement:










In the new window select your USB Flash Drive, then select "Next"










In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"










In the new window accept the formatting alert by selecting "Next"










Files will be Downloaded:










Files will be processed and created










Flash drive will be formatted and prepared










Files will be added to the Flash Drive and the tool will be created.










The procedure is finished and the Tool created, click on "Finish" to complete.










Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the *Esc key* to boot into regular windows.
Navigate to the following file:
*"C:\windows\windows defender offline\support\mssWrapper.log"* Open with notepad and copy and paste it into a reply.

Kevin


----------



## jam1980uk (May 11, 2012)

hello and thanks for your help im doing a scan at moment quck scan said there was 6 problems. i will update once it has done a full scan i hope i got the name of it right is it also know as west yorkshire police virus.


----------



## jam1980uk (May 11, 2012)

did full scan it nearly finished then i got blue screen of death


----------



## kevinf80 (Mar 21, 2006)

Will it re-boot to Windows?


----------



## jam1980uk (May 11, 2012)

can i first of all start by saying your awsome thank you so much after i did another full scan rebooted my comp and it booted up great i got this info hope it the right stuff..

ERRORS_ONLY=0
MAX_SIZE=5120 
APPEND=1
MAX_LINE_SIZE=256 
-------------------------------------------------
START 2012/05/16 19:10:39:593 TID:776 PID:724
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Binary architecture is x86
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Setting target OS key: "C:\Windows"
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Searching for signatures. Default signature path: ""
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Searching for signatures at root of drives...
WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 19:10:39:593 TID:776 PID:724
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
SearchForSignatures returned 0x00000000
INFO 2012/05/16 19:10:39:593 TID:776 PID:724
Initializing offline environment and service...
INFO 2012/05/16 19:10:57:515 TID:776 PID:724
Launching user interface...
INFO 2012/05/16 19:10:57:531 TID:776 PID:724
Launched UI, waiting...
START 2012/05/16 19:32:16:484 TID:780 PID:728
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Binary architecture is x86
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Setting target OS key: "C:\Windows"
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Searching for signatures. Default signature path: ""
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Searching for signatures at root of drives...
WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 19:32:16:484 TID:780 PID:728
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
SearchForSignatures returned 0x00000000
INFO 2012/05/16 19:32:16:484 TID:780 PID:728
Initializing offline environment and service...
INFO 2012/05/16 19:32:34:390 TID:780 PID:728
Launching user interface...
INFO 2012/05/16 19:32:34:406 TID:780 PID:728
Launched UI, waiting...
START 2012/05/16 20:24:01:656 TID:784 PID:732
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Binary architecture is x86
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
UtilIsFileExists(C:\Windows\SysWOW64\ntdll.dll) returned 0x80070003
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
CheckProcessorArchitecture returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Setting target OS key: "C:\Windows"
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Searching for signatures. Default signature path: ""
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Searching for signatures at root of drives...
WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
Missing definitions file in 'C:\mpam-fe.exe'
WARNING 2012/05/16 20:24:01:656 TID:784 PID:732
Missing definitions file in 'D:\mpam-fe.exe'
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Found definitions file in 'E:\mpam-fe.exe'
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Using signature path: "E:\mpam-fe.exe"
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
SearchForSignatures returned 0x00000000
INFO 2012/05/16 20:24:01:656 TID:784 PID:732
Initializing offline environment and service...
INFO 2012/05/16 20:24:19:468 TID:784 PID:732
Launching user interface...
INFO 2012/05/16 20:24:19:484 TID:784 PID:732
Launched UI, waiting...
INFO 2012/05/16 22:48:53:359 TID:784 PID:732
Wait finished (UI signaled)
INFO 2012/05/16 22:48:53:359 TID:784 PID:732
RunCallisto returned 0x00000000



But alot of my files and folders are LOCKED ??? how do i get round this please and thanks so much your a diamond


----------



## kevinf80 (Mar 21, 2006)

Can you run DDS and post the two logs...


Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*

Kevin


----------



## jam1980uk (May 11, 2012)

can i put this on usb and can you tell me a good free av please


----------



## kevinf80 (Mar 21, 2006)

Do you want to d/l and transfer DDS to the sick pc via usb stick, if so then yes.

What exactly is the status of the sick PC. What is the OS, XP, Vista or Windows 7, is it 32 or 64 bit. Do you have Malwarebytes installed. Does it have an internet connection


----------



## jam1980uk (May 11, 2012)

its xp 32 and it did have wireless but with the virus its knocked the drivers off and no dont have malwarebyts


----------



## kevinf80 (Mar 21, 2006)

Thanks for the information, OK do the following:

*Step 1*

Go *Here* and download DDS and save to your Desktop, this is a special version.

(You can transfer this to the sick PC via USB)

As you save the file re-name to DDS.com.

Double click







to run the program, Vista or Windows 7 users will have to accept the UAC alert.

The screen will go red and you will see the following window:










Expand "Advanced" check the boxes as shown, select start.

Post the logs when it completes....

*Step 2*

Please download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked:*


*Internet Services*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me see those logs..

Kevin


----------



## jam1980uk (May 11, 2012)

dont belive this oh i hate computer lol. i havent turned comp on since i messaged you the log file the other day i told you i got blue screen then redid scan managed to get onto comp got the log file message you turned off computer. just tried to start comp but my monitor wont come on must have wiped the driver for it any idears please


----------



## kevinf80 (Mar 21, 2006)

Will it boot to safe mode? Do you have your XP installation CD.


----------



## jam1980uk (May 11, 2012)

i cant get monitor to show me any thing


----------



## kevinf80 (Mar 21, 2006)

Is this PC or laptop, if PC does it have a video card?


----------



## jam1980uk (May 11, 2012)

its a pc m8 and totaly not sure it plugs in with a standard blue connecter sorry


----------



## kevinf80 (Mar 21, 2006)

If the PC has a video card there would be another VGA connection straight off the Motherboard, it would be above or below the video card connection on the back of the PC...

Is it possible the Monitor is defunct, if Video drivers were deleted windows would attribute again on re-boot...


----------



## jam1980uk (May 11, 2012)

i just lent 1 off a friend ill message in 5 when i tried that


----------



## kevinf80 (Mar 21, 2006)

OK...


----------



## jam1980uk (May 11, 2012)

no that dont work either saying no videos input gonna take case off see whats happingi inside see if any thing is loose


----------



## kevinf80 (Mar 21, 2006)

How many VGA connections are there on the back.


----------



## jam1980uk (May 11, 2012)

just 1


----------



## kevinf80 (Mar 21, 2006)

Do you have XP installation CD


----------



## jam1980uk (May 11, 2012)

no im really sorry about all this


----------



## jam1980uk (May 11, 2012)

i might have an old copied 1 do u think that will work because i cant see to do any thing


----------



## kevinf80 (Mar 21, 2006)

When you boot the PC do you hear any beeps..


----------



## jam1980uk (May 11, 2012)

no nothng just sounds like its starting as normall


----------



## kevinf80 (Mar 21, 2006)

As it goes through post, (power on self test) do you not normally hear 1 beep then it goes to splash screen etc. 

Can you remove case, pull ram modules out then boot, do you hear any beeps...


----------



## jam1980uk (May 11, 2012)

never makes beep sounds splash screen comes on fine and you want me to pull memory out of mother board s that right


----------



## kevinf80 (Mar 21, 2006)

When you boot the PC it goes through Post, if that is good you get one beep then it continues and load system you see splash screen then eventually Desktop.

If you are getting no beep after post something is wrong, if it continues to splash screen but then no Desktop it could be several things, Ram, PSU, even Mother board....

If you pull Ram and try to boot at post it will fail on Ram and should give a beep signal, the sequence is dependant on Motherboard/Bios. 

If after ram is pulled and no beeps at post, that is bad news...


----------



## jam1980uk (May 11, 2012)

i have never noticed a beep before when turn comp on the light on moniter stays orange so not getting any signal from computer that i have started it


----------



## kevinf80 (Mar 21, 2006)

Every PC i`ve ever owned has beeped once after post, maybe yours is different. Open case, pull ram and re-boot. See if you get any beeps.

Before doing this, remove power supply at wall socket, depress power switch on PC for 1 full minute. Plug power cable back in on wall socket, but do not switch on!!!!! very important. That will keep PC earthed. Before you pull ram, keep hold of PC case with other hand, that will ensure any static is discharged...


----------



## jam1980uk (May 11, 2012)

yes beeps every few seconds but no video input


----------



## kevinf80 (Mar 21, 2006)

Reseat the ram and reboot, still no video input??


----------



## jam1980uk (May 11, 2012)

its working now so why did that happenen and how do i stop t doing it again plz


----------



## jam1980uk (May 11, 2012)

done the dss you asked here are findings

DDS (Ver_2011-09-30.01)
Run by John at 0:37:30 on 2012-05-19
---- Advanced Fixes ----
Reset policy - DisableTaskMgr
Reset policy - Taskman
Reset policy - DisableCAD
Reset policy - DELETE
Reset policy - DisableRegistryTools
Reset policy - DELETE
Reset policy - DELETE
Reset policy - DisableCMD
Reset policy - autorun
Reset policy - DELETE
Reset policy - NoRun
Reset policy - NoFolderOptions
Reset policy - NoDesktop
Reset policy - NoViewOnDrive
Reset policy - NoDrives
Reset policy - DisallowCpl
Reset policy - NoControlPanel
Reset policy - RestrictCpl
Reset policy - NoNetworkConnections
Reset policy - NoAddRemovePrograms
Reset policy - NoRemovePage
Reset policy - NoDispCpl
Reset policy - NoDispAppearancePage
Reset policy - NoDispBackgroundPage
Reset policy - NoDispSettingsPage
Reset policy - Wallpaper
Reset policy - WallpaperStyle
Reset policy - NoChangingWallpaper
Reset policy - NoHTMLWallPaper
Reset policy - NoActiveDesktop
Reset policy - NoSetActiveDesktop
Reset policy - NoSetActiveDesktopChanges
Reset policy - ForceActiveDesktopOn
Reset policy - ClassicShell
Reset policy - DisableSR
Reset policy - DisableSR
Reset policy - DELETE
Reset policy - DisallowRun
Reset policy - Restrict_Run
Reset policy - NoWindowsUpdate
Reset policy - DisableWindowsUpdateAccess
Reset policy - NoInternetIcon
Reset policy - NoNetworkConnections
Reset policy - NoPropertiesMyComputer
Reset policy - NoDevMgrPage
Reset policy - NoClose
Reset policy - NoFind
Reset policy - NoShellSearchButton
Reset policy - StartMenuLogOff
Reset policy - NoStartMenuSubFolders
Reset policy - NoStartMenuMorePrograms
Reset policy - NoCommonGroups
Reset policy - NoViewContextMenu
Reset policy - NoTrayContextMenu
Reset policy - NoTrayItemsDisplay
Reset policy - HideClock
Reset policy - NoSetTaskbar
Reset policy - NoThemesTab
Reset policy - NoHardwareTab
Reset policy - NoToolbarCustomize
Reset policy - NoRecycleFiles
Reset policy - DisableCurrentUserRun
Reset policy - DisableCurrentUserRunOnce
Reset policy - DisableLocalUserRun
Reset policy - DisableLocalUserRunOnce
Reset policy - Disable Advanced
Reset policy - NoNetHood
Reset policy - SfcShowProgress
Reset policy - SfcQuota
Reset policy - SfcScan
Reset policy - NoFileMenu
Completed resetting policies.
................
Restoring file association - BAT
Restoring file association - CHM
Restoring file association - CMD
Restoring file association - COM
Restoring file association - EXE
Restoring file association - HLP
Restoring file association - INF
Restoring file association - INI
Restoring file association - JS
Restoring file association - JSE
Restoring file association - LNK
Restoring file association - PIF
Restoring file association - REG
Restoring file association - SCR
Restoring file association - TXT
Restoring file association - VBE
Restoring file association - VBS
Restoring file association - WSF
Completed restoring file associations.
................
Repairing the LSP stack
Done!
Please reboot the machine for the changes to take effect
................
Restoring safeboot keys
Done! Safeboot keys successfully repaired.
................
Resetting hosts file
Done! Successfully resetted hosts file.
................


----------



## jam1980uk (May 11, 2012)

here s the fss info you asked for mate

Farbar Service Scanner Version: 17-05-2012
Ran by John (administrator) on 19-05-2012 at 00:43:41
Running from "G:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.
IpSec Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Bridge(11) BridgeMP(10) fssfltr(12) Gpc(3) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8) 
0x0C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C000000
ATTENTION!=====> IpSec Tag value should be 5. ATTENTION!=====> IpSec Tag value is missing and it should be 5.
**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Whats the staus of your system now.... can you open files etc....internet OK


----------



## kevinf80 (Mar 21, 2006)

We cross posted there, I`ll be ack shortly


----------



## jam1980uk (May 11, 2012)

i have not connected internet back up to comp yet till you say and some folder and fles are still locked


----------



## kevinf80 (Mar 21, 2006)

I`ve attached a Zip file, d/l move to sick PC and unzip to desktop. it is new reg key for ipsec, should look like this when unzipped:










Leave the file on the Desktop for now...

Next,

Get this and move to sick PC and run it:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
ipsec.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Let me see that log...


----------



## kevinf80 (Mar 21, 2006)

ooooops forgot the file...


----------



## jam1980uk (May 11, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 01:09 on 19/05/2012 by John
Administrator - Elevation successful
========== filefind ==========
Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [19:48 05/05/2012] [12:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [19:03 05/05/2012] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
-= EOF =-


----------



## jam1980uk (May 11, 2012)

wot does that tell you lol


----------



## kevinf80 (Mar 21, 2006)

Tells me you may also have ZeroAccess rootkit infection, but lets plod on....

OK, see if we can replace ipsec.sys. Do the following:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:


```
@echo off
copy /y C:\WINDOWS\ServicePackFiles\i386\ipsec.sys C:\WINDOWS\system32\drivers >>log.txt
notepad log.txt
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.
Next navigate to your desktop, and enter the file name fixme.bat, and click Save.

You should now find a new file on your desktop named fixme.bat. Double click on fixme.bat. Windows 7 or Vista users right click and select "Run as Administrator" agree any alerts.

Then reboot.

Next,

Double click the reg file that you unzipped to the Desktop, agree the merge.

Then reboot.

Rerun Farbar Service Scanner exactly as before and post the log....


----------



## jam1980uk (May 11, 2012)

just rebooting wots zeroaccsess


----------



## jam1980uk (May 11, 2012)

Farbar Service Scanner Version: 17-05-2012
Ran by John (administrator) on 19-05-2012 at 01:29:47
Running from "G:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Bridge(11) BridgeMP(10) fssfltr(12) Gpc(3) IPSec(5) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8) 
0x0C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.
**** End of log ****


----------



## jam1980uk (May 11, 2012)

and thanks again i cant thank you enought for every thing you have done thank you


----------



## jam1980uk (May 11, 2012)

i gotta go bed now cant stay awake any more up at 5 again for work so ill check tommrow and post reply soon as i can shame you live so far i would have loved to buy you a pint thanks again and speak tommrow


----------



## kevinf80 (Mar 21, 2006)

You`re very welcome....

You should have connection available now, run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## kevinf80 (Mar 21, 2006)

Where are you from UK?


----------



## jam1980uk (May 11, 2012)

im in bolton m8 and please can you point me to a good free anti virus plz and how you learn all this stuff


----------



## kevinf80 (Mar 21, 2006)

I`ll sort you out with good security set up when we`re finished, see if you can run Combofix... Bolton eh, ah well I guess someones gotta live there...lol


----------



## jam1980uk (May 11, 2012)

when i click on link it just give me a page with loads of symbols on it m8


----------



## jam1980uk (May 11, 2012)

its ok sorry found it


----------



## jam1980uk (May 11, 2012)

its runnng now m8 what that other infection you found m8


----------



## jam1980uk (May 11, 2012)

combo fix found that root infection trying to fix it now


----------



## kevinf80 (Mar 21, 2006)

Do not touch your PC as CF runs!!!


----------



## jam1980uk (May 11, 2012)

i aint lol so how you learn all this pal years of messing about with them


----------



## jam1980uk (May 11, 2012)

here you go lol

ComboFix 12-05-19.01 - John 19/05/2012 14:20:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2552 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Iconix
c:\documents and settings\All Users\Application Data\Iconix\John.usr
c:\documents and settings\All Users\Application Data\Iconix\SYSTEM.usr
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Help topics.lnk
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor on the Web.url
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor.lnk
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Order now!.url
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Uninstall KGB Employee Monitor.lnk
c:\documents and settings\All Users\Application Data\MPK\mpk.db
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John\Favorites\locked- Golden Hat Exclusive Bingo Offer.URL.wvqk
c:\documents and settings\John\Favorites\locked- Posh Bingo.URL.phma
c:\documents and settings\John\Favorites\locked-( I.F.F) im ****ed foundation.URL.gzol
c:\documents and settings\John\Favorites\locked-0845 Numbers, 0845 Number, Free 0845 Numbers, Cheap 0845 Numbers - Just 0845 Numbers - Free Local Rate 0845 Numbers, No Set-up Fee.URL.dwsf
c:\documents and settings\John\Favorites\locked-1 Hour Loan Cash 1 Hour Cash in 1 Hour Frequently Asked Questions.URL.mqkl
c:\documents and settings\John\Favorites\locked-101 Halloween Ideas.URL.froy
c:\documents and settings\John\Favorites\locked-6 Laminate Floor Underlay Tips.URL.nlju
c:\documents and settings\John\Favorites\locked-76mm Bolt Through Tubular Mortice Latch - Door Hardware from Next Day Diy UK.url.laly
c:\documents and settings\John\Favorites\locked-AA Route Planner Routes, maps and directions - The AA.URL.froy
c:\documents and settings\John\Favorites\locked-About us - Index Books Recruitment.url.sqal
c:\documents and settings\John\Favorites\locked-Acai Optimum.URL.wvqk
c:\documents and settings\John\Favorites\locked-Advanced Colon.URL.bdvi
c:\documents and settings\John\Favorites\locked-aha - SupaPrice.co.uk.URL.htgn
c:\documents and settings\John\Favorites\locked-All About Weight Consultants.URL.dhtg
c:\documents and settings\John\Favorites\locked-amazon.co.uk PSP Accessories.url.ineb
c:\documents and settings\John\Favorites\locked-AOL.URL.lrfe
c:\documents and settings\John\Favorites\locked-Apple (United Kingdom) - iTunes - Affiliates - Download iTunes.URL.mrxr
c:\documents and settings\John\Favorites\locked-Apply Online Forbes Rentals.url.fedy
c:\documents and settings\John\Favorites\locked-Arch Pain - Arch Pain Products.URL.jrzy
c:\documents and settings\John\Favorites\locked-BBC - CBeebies - Big and Small House.URL.umgn
c:\documents and settings\John\Favorites\locked-BBC - KS3 Bitesize Maths - Algebra.url.eqcn
c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Ben & Jerry's - Halloween Crafts.URL.vtps
c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Spooky Halloween Site.URL.bnpz
c:\documents and settings\John\Favorites\locked-Bing.url.gfkl
c:\documents and settings\John\Favorites\locked-bonprix.co.uk My Personal Account.URL.vqkl
c:\documents and settings\John\Favorites\locked-Boxes and Packaging Online.URL.zzpp
c:\documents and settings\John\Favorites\locked-BranchOut.url.fdez
c:\documents and settings\John\Favorites\locked-Browse our list of 456 fantastic freebies sourced from the best UK web sites.URL.ztgr
c:\documents and settings\John\Favorites\locked-BSmart! Home.URL.vscu
c:\documents and settings\John\Favorites\locked-Business for Sale - Buy Sell Commercial Businesses FREE - RightBiz UK.URL.iyin
c:\documents and settings\John\Favorites\locked-Buy a Business.URL.oanp
c:\documents and settings\John\Favorites\locked-Buy My House - Home Buyers - Buy My Home - Homebuyers.URL.kpnj
c:\documents and settings\John\Favorites\locked-CEOP website.url.yqkl
c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop (From Firefox).URL.qdez
c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop.URL.rmgn
c:\documents and settings\John\Favorites\locked-Child Maintenance and Enforcement Commission - managing child support.url.lfed
c:\documents and settings\John\Favorites\locked-Children Charity Donate Barnardo's Believe In Children Campaign Commission Children Services.URL.ldvs
c:\documents and settings\John\Favorites\locked-Chiquito Mexican restaurant, Trafford Centre Restaurants in Manchester.URL.fomr
c:\documents and settings\John\Favorites\locked-Chiquito Restaurants Website.URL.fhyv
c:\documents and settings\John\Favorites\locked-Choosing a Business Name - Help & ideas for new company names.URL.raqk
c:\documents and settings\John\Favorites\locked-Cinema Bolton Vue Cinema Bolton Films Showing at Bolton Cinema.URL.zwvq
c:\documents and settings\John\Favorites\locked-Classified adverts, Manchester classified adverts online.URL.xfed
c:\documents and settings\John\Favorites\locked-Collections Advisor jobs in Farnworth with Irwin Mitchell Solicitors.URL.hqan
c:\documents and settings\John\Favorites\locked-Coloring Pages - Free Coloring Book Pages for Children - Coloring Printouts - Free Printable Coloring Pages to Print Out Coloring Pages.URL.dgtc
c:\documents and settings\John\Favorites\locked-Company information, credit checks and Companies House documents on UK businesses - TY Listing - Page Number 1.URL.aolr
c:\documents and settings\John\Favorites\locked-Consumer Contact.url.gsqa
c:\documents and settings\John\Favorites\locked-Customer Support.URL.npzo
c:\documents and settings\John\Favorites\locked-cybermentors.URL.boli
c:\documents and settings\John\Favorites\locked-Digital Printing - Digital Printing Services, Digital Print UK, Digital Print Blackburn.URL.dfkl
c:\documents and settings\John\Favorites\locked-Discount & Cheap Laminate Flooring, Cheap Paint, DIY Supplies.url.vqvi
c:\documents and settings\John\Favorites\locked-Discover Bing.url.icax
c:\documents and settings\John\Favorites\locked-distribution CD-Rom ISO download page.URL.stps
c:\documents and settings\John\Favorites\locked-Do-it - Volunteering made easy.url.avik
c:\documents and settings\John\Favorites\locked-Domain Name Suggestions.URL.faly
c:\documents and settings\John\Favorites\locked-DoomsDayKillers chat group - Were Gonna Kill Em All.URL.fanp
c:\documents and settings\John\Favorites\locked-Dr Foot- For all your foot pain needs.URL.komr
c:\documents and settings\John\Favorites\locked-drfoot.co.uk has been registered.URL.ooyi
c:\documents and settings\John\Favorites\locked-Dynamic Demand.URL.tmrx
c:\documents and settings\John\Favorites\locked-eHow How To Do Just About Everything! How To Videos & Articles.URL.olrf
c:\documents and settings\John\Favorites\locked-Elite Credit Repair Services.URL.rlik
c:\documents and settings\John\Favorites\locked-Eminem's family « Eminemisgod.URL.vcuj
c:\documents and settings\John\Favorites\locked-Events and What's On.URL.gfkl
c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP - Google Maps.url.lylf
c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP, UK to Swinton M27 5WQ, UK - Google Maps.url.qqcn
c:\documents and settings\John\Favorites\locked-Film and movie quotes.URL.fgng
c:\documents and settings\John\Favorites\locked-Find a local Business in your area.URL.sful
c:\documents and settings\John\Favorites\locked-Find iTunes voucher codes, iTunes cashback, iTunes discount codes & iTunes promotional codes at Quidco.URL.uxyh
c:\documents and settings\John\Favorites\locked-FindaParty.co.uk - Find a home party plan consultant or business near you.url.nmhm
c:\documents and settings\John\Favorites\locked-Fire International Xploder Movie Player and Media Centre (PSP) Amazon.co.uk PC & Video Games.url.ryvq
c:\documents and settings\John\Favorites\locked-FlyingShare - Flying Share.URL.adws
c:\documents and settings\John\Favorites\locked-FoxTab PDF Creator.url.yypt
c:\documents and settings\John\Favorites\locked-Fragrance Finder.url.rnez
c:\documents and settings\John\Favorites\locked-Free Halloween Backgrounds - Free Clipart.URL.drzy
c:\documents and settings\John\Favorites\locked-Free iTunes Voucher Codes FreebieJeebies - Free Gadgets.URL.hgtc
c:\documents and settings\John\Favorites\locked-Free Kids Crafts - More Halloween Crafts.URL.ebwl
c:\documents and settings\John\Favorites\locked-Free Kids Games, Coloring & Jigsaw Puzzles for Children.URL.poyi
c:\documents and settings\John\Favorites\locked-free unlock code generator software by imei number Resources and Information. This website is for sale!.URL.rhtg
c:\documents and settings\John\Favorites\locked-Freedom of information statistics on implementation in central government.url.banp
c:\documents and settings\John\Favorites\locked-Friends Reunited.URL.maxp
c:\documents and settings\John\Favorites\locked-Full Halloween.URL.caxy
c:\documents and settings\John\Favorites\locked-funny joke text messages information news, videos, photos and comments about funny joke text messages from the best web sites and blogs.URL.qqkl
c:\documents and settings\John\Favorites\locked-Gatekey Lending UK.URL.maxp
c:\documents and settings\John\Favorites\locked-Genes Reunited Tree.URL.yzol
c:\documents and settings\John\Favorites\locked-Get Bookmark Add-ons.URL.lrfe
c:\documents and settings\John\Favorites\locked-Golden Hat Bingo Online Bingo Free Bingo Bingo Games No Deposit Bingo Free UK Bingo Sites.URL.nfed
c:\documents and settings\John\Favorites\locked-HBO True Blood Homepage.URL.mpsc
c:\documents and settings\John\Favorites\locked-Hi-Life Diners Club, 2 4 1 restaurants in Manchester, Liverpool, Leeds, Preston, Newcastle, Belfast, Dublin and throughout the UK & Ireland.URL.whqa
c:\documents and settings\John\Favorites\locked-HM Revenue & Customs Childcare vouchers and tax credits - better off calculator.URL.fmhq
c:\documents and settings\John\Favorites\locked-Home - All About You Features - Sell Your Story To Women's Magazines.URL.ulkl
c:\documents and settings\John\Favorites\locked-Home - Toys R Us - Britain's greatest toy store.URL.ulyv
c:\documents and settings\John\Favorites\locked-Home Phil Collins.URL.eebw
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (2).url.ldvs
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (3).url.mgnp
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (4).url.gmgn
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK.url.gfkl
c:\documents and settings\John\Favorites\locked-http--businessinyou.bis.gov.uk-.url.nphm
c:\documents and settings\John\Favorites\locked-http--www.adelante.co.uk-product%20pdfs-MobilePOS.pdf.url.vqcn
c:\documents and settings\John\Favorites\locked-http--www.cmoptions.org-en-faqs-index.asp.url.forh
c:\documents and settings\John\Favorites\locked-http www.medavia.co.uk .URL.bbdv
c:\documents and settings\John\Favorites\locked-Internet Safety & Security Links.url.xxal
c:\documents and settings\John\Favorites\locked-Internet Safety.url.ylyc
c:\documents and settings\John\Favorites\locked-Intuit® Website Building Software & Website Design.URL.qcnj
c:\documents and settings\John\Favorites\locked-iPhone 4 now available on Orange.url.jwsw
c:\documents and settings\John\Favorites\locked-Isle of Man Classifieds - manx.net.url.nphm
c:\documents and settings\John\Favorites\locked-Isle of Man classifieds - ManxAds.url.oyin
c:\documents and settings\John\Favorites\locked-Isle of Man Steam Packet Company.url.ygnf
c:\documents and settings\John\Favorites\locked-iTunes GB Discount Codes, Voucher Codes & Printable Discount Vouchers!.URL.ubwv
c:\documents and settings\John\Favorites\locked-iTunes voucher codes, iTunes discount vouchers, iTunes discount codes, iTunes promotional codes, iTunes money off vouchers, iTunes coupon codes.URL.ccuj
c:\documents and settings\John\Favorites\locked-iTunes Voucher Codes,iTunes Promotional Codes and Discount Codes - CouponSnapshot UK.URL.tgrf
c:\documents and settings\John\Favorites\locked-J2 Bar Nightclb Bolton Tickets.URL.dyif
c:\documents and settings\John\Favorites\locked-Jason Manford Concert Tickets - O2 Apollo Manchester Manchester,United Kingdom.URL.qanc
c:\documents and settings\John\Favorites\locked-Jobs at Insurance Jobs Board UK recruitment site.url.nezy
c:\documents and settings\John\Favorites\locked-Jobs in Bl4 Bl4 Vacancies Fish4 Manchester.url.froy
c:\documents and settings\John\Favorites\locked-Karndean Flooring, Quickstep, Pergo Laminate Flooring, Bamboo, Vinyl and Wood Flooring.URL.xmgn
c:\documents and settings\John\Favorites\locked-Laminate Underlay.URL.qgtc
c:\documents and settings\John\Favorites\locked-Laptop Covers skins UK - Laptop Covers vinyl covers - Laptop Covers vinyl stickers UK.URL.vscu
c:\documents and settings\John\Favorites\locked-Learn How to Play Bingo Playing Bingo Online at Mecca Bingo.url.kujw
c:\documents and settings\John\Favorites\locked-Learning to Read - Ideas and Activities to Learn to Spell and Write Words.url.ptmh
c:\documents and settings\John\Favorites\locked-Legal And Copyright Vertex.url.mgnp
c:\documents and settings\John\Favorites\locked-Little Rascals Kids Club Bolton Marketplace Shopping Centre.url.yiki
c:\documents and settings\John\Favorites\locked-Lose 2 Stone In 30Days WeeklyHealthNewsUK.URL.froy
c:\documents and settings\John\Favorites\locked-Lovefilmbook.URL.ezyl
c:\documents and settings\John\Favorites\locked-lovehome.co.uk Interior design ideas and easy how to guides for decorating, DIY and the garden.url.nezy
c:\documents and settings\John\Favorites\locked-Magic Competitions - Competitions, Comps, Freebies & Offers For The UK.URL.prom
c:\documents and settings\John\Favorites\locked-Magic Freebies UK - UK Freebies, Free Samples and Free Stuff.URL.wnpz
c:\documents and settings\John\Favorites\locked-Magic Price Comparison - compare prices dvd, blu-ray, wii, ds, xbox 360, ps3, ps2, consoles.URL.htpt
c:\documents and settings\John\Favorites\locked-Magic Promotions - Marketing Made Easier.URL.bfed
c:\documents and settings\John\Favorites\locked-Make sure your CV is an attention grabber! Worklife - Jobsite.url.yvqv
c:\documents and settings\John\Favorites\locked-Makeup Artist Supplies, Beauty Supplies, Cosmetic Cases, Makeup Cases, Train Cases, Airbrush Makeup Kits, Makeup Brush Sets and Makeup Palettes.URL.tcnx
c:\documents and settings\John\Favorites\locked-Manchester's 106.6 - Home.URL.rdws
c:\documents and settings\John\Favorites\locked-Manchester.fish4jobs.co.uk Jobs in Manchester, Top Manchester Vacancies & Recruitment Site.url.pscs
c:\documents and settings\John\Favorites\locked-Math is Fun - Maths Resources.URL.ujws
c:\documents and settings\John\Favorites\locked-Mecca Bingo Bolton Find Bingo Halls in Bolton.url.sqal
c:\documents and settings\John\Favorites\locked-MobilePOS mobile phone based credit card payments system.url.snfb
c:\documents and settings\John\Favorites\locked-Mobsters 2 Vendetta on Facebook - Online Item Equipment Manager - Location Selection.URL.lqvi
c:\documents and settings\John\Favorites\locked-MOBSTERS ADDS 200 FREE ENERGY EMAIL QUICK ADDS STATS INFO.URL.ebwl
c:\documents and settings\John\Favorites\locked-Money Transfer & Online Payment NETELLER - Free Account Registration.URL.qklj
c:\documents and settings\John\Favorites\locked-mumandbabyonline - Home RA.URL.ikxr
c:\documents and settings\John\Favorites\locked-My Old House - Every house has a story to tell, what's yours .URL.ntik
c:\documents and settings\John\Favorites\locked-Namesco - Get a professional Website Completly Free.URL.ylrp
c:\documents and settings\John\Favorites\locked-News 6 Daily - Work at home mum makes £4,397-month working part-time from home.url.mruj
c:\documents and settings\John\Favorites\locked-Nouvatan Spray Tan Solutions, Spray Tanning Retail Products, Spray Tanning Equipment and nationwide Spray Tanning Training - 07932 508084 - Training & Info.URL.pdvm
c:\documents and settings\John\Favorites\locked-O2 Mobile Phones, Broadband & Sims From The UK's Leading Provider.URL.bpti
c:\documents and settings\John\Favorites\locked-ODEON - The Trafford Centre, Manchester.URL.hlfn
c:\documents and settings\John\Favorites\locked-Online Photo! Enhancement Platform can be embedded on your website to create an online photo editor.URL.gklr
c:\documents and settings\John\Favorites\locked-OpenOffice.org.url.uxbw
c:\documents and settings\John\Favorites\locked-Oriflame Consultant Registration Form.url.npdv
c:\documents and settings\John\Favorites\locked-Oriflame - Natural Swedish Cosmetics.url.nedh
c:\documents and settings\John\Favorites\locked-Party Plan Together - Sharing the Secrets of Success.url.pyzy
c:\documents and settings\John\Favorites\locked-Party Plan Together » Links - Sharing the Secrets of Success.url.qdey
c:\documents and settings\John\Favorites\locked-Payday Loans Cheque Cashing Payday Advance Pawnbroking Second hand goods from Cash Converters.URL.lcne
c:\documents and settings\John\Favorites\locked-People we've helped - Child Maintenance Options.url.rwsg
c:\documents and settings\John\Favorites\locked-Pepsi Max - Win a Flip every 10 minutes.URL.nufn
c:\documents and settings\John\Favorites\locked-Play Online Bingo at Gone Bingo UK - Get £15 free Sign-Up Bonus!.URL.rxbw
c:\documents and settings\John\Favorites\locked-pogo.URL.kxrw
c:\documents and settings\John\Favorites\locked-Radio Station Guide.url.yxbw
c:\documents and settings\John\Favorites\locked-Rally Point - Play Free Online Games at Games.co.uk.URL.cngn
c:\documents and settings\John\Favorites\locked-Rebus Puzzles (Pictogram Puzzles).URL.vxbw
c:\documents and settings\John\Favorites\locked-RewardTV.URL.jlos
c:\documents and settings\John\Favorites\locked-Royal Mail - Products and Services for Personal Customers.URL.afbp
c:\documents and settings\John\Favorites\locked-Salford - Manchester Before the Bench April 12, 2012.url.hlfn
c:\documents and settings\John\Favorites\locked-Serif Product Registration.url.nedh
c:\documents and settings\John\Favorites\locked-Sexy MySpace layouts & backgrounds created by CoolChasers - CoolChaser.URL.fnpd
c:\documents and settings\John\Favorites\locked-Short Term Loans - Wonga Cash on demand.URL.bpti
c:\documents and settings\John\Favorites\locked-Small Business UK Guides & tips for small business start ups and small companies.URL.tkia
c:\documents and settings\John\Favorites\locked-Smithills Farm - March 2012 on PhotoPeach - Fresh slideshows to go!.url.cney
c:\documents and settings\John\Favorites\locked-Smithills Farm (2) March 2012 on PhotoPeach - Fresh slideshows to go!.url.lcne
c:\documents and settings\John\Favorites\locked-Sony Ericsson XPERIA X10 mini pro review & compare deals on contract.url.jtik
c:\documents and settings\John\Favorites\locked-Sourz cocktails - cocktail recipes from Sourz Sourz.URL.iaxb
c:\documents and settings\John\Favorites\locked-Sourz shots, cocktails and flavours Sourz.URL.mfup
c:\documents and settings\John\Favorites\locked-Spanish Customs and Traditions.URL.pyia
c:\documents and settings\John\Favorites\locked-Spanish Traditions - An Overview of Culture and Traditions in Spain.URL.upzv
c:\documents and settings\John\Favorites\locked-Speedtest.net - The Global Broadband Speed Test.url.vmru
c:\documents and settings\John\Favorites\locked-Starfall's Learn to Read with phonics.url.iaxb
c:\documents and settings\John\Favorites\locked-Super Hub.url.rwsg
c:\documents and settings\John\Favorites\locked-Tarosophy.URL.pdvm
c:\documents and settings\John\Favorites\locked-Tea Tree Oil - Travel - Recreation.URL.bpti
c:\documents and settings\John\Favorites\locked-Thank you for downloading Opera.url.dhmf
c:\documents and settings\John\Favorites\locked-Thank you for registering - www.energysavingplug.co.uk.URL.eyhl
c:\documents and settings\John\Favorites\locked-The Beauty Biz - Categories.URL.cney
c:\documents and settings\John\Favorites\locked-The Party Plan Guru.url.bpti
c:\documents and settings\John\Favorites\locked-the swarm.url.zvqr
c:\documents and settings\John\Favorites\locked-Thinkuknow.url.tikx
c:\documents and settings\John\Favorites\locked-TrialPay Online Payment and Promotions Platform for Leading Software and Social Apps Publishers.URL.rujz
c:\documents and settings\John\Favorites\locked-UK Office Direct.URL.yfnp
c:\documents and settings\John\Favorites\locked-Ultimate Handyman Laminate flooring underlay.URL.vmru
c:\documents and settings\John\Favorites\locked-Underlay.URL.hlfn
c:\documents and settings\John\Favorites\locked-Unlock your party potential! The Party Plan Guru.url.oscn
c:\documents and settings\John\Favorites\locked-Using and Maxing Out Speeds With uTorrent - AfterDawn Guides.url.cdhm
c:\documents and settings\John\Favorites\locked-Virtual Global Taskforce.url.bpti
c:\documents and settings\John\Favorites\locked-vision2learn - Register for an online course.url.gyol
c:\documents and settings\John\Favorites\locked-Weight Loss surgery - BMI Healthcare.URL.yqaf
c:\documents and settings\John\Favorites\locked-Welcome to BrightHouse.URL.vmru
c:\documents and settings\John\Favorites\locked-Welcome to Isle Of Man Homes - Failt! - Save Yourself Money.url.afbp
c:\documents and settings\John\Favorites\locked-WELL ESTABLISHED NAIL AND BEAUTY BUSINESS FOR SALE FOR SALE.URL.mdhm
c:\documents and settings\John\Favorites\locked-Willow Wellbeing Torquay Beauty Counselling Massage Stress Depression.URL.miax
c:\documents and settings\John\Favorites\locked-zmovie - insidious.url.yqaf
c:\documents and settings\John\System
c:\documents and settings\John\System\locked-win_qs8.jqx.rnxp
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\[email protected]\chrome.manifest
c:\program files\Complitly\[email protected]\chrome\content\appIcon.png
c:\program files\Complitly\[email protected]\chrome\content\browserOverlay.xul
c:\program files\Complitly\[email protected]\chrome\content\options.js
c:\program files\Complitly\[email protected]\chrome\content\options.xul
c:\program files\Complitly\[email protected]\chrome\content\utils.js
c:\program files\Complitly\[email protected]\defaults\preferences\predictad.js
c:\program files\Complitly\[email protected]\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET12C.tmp
c:\program files\Internet Explorer\SET12D.tmp
c:\program files\Internet Explorer\SET130.tmp
c:\program files\Internet Explorer\SET131.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET380.tmp
c:\program files\Internet Explorer\SET381.tmp
c:\program files\Internet Explorer\SET3B.tmp
c:\program files\Internet Explorer\SET3C.tmp
c:\program files\Internet Explorer\SET3DA.tmp
c:\program files\Internet Explorer\SET3DB.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET9C.tmp
c:\program files\Internet Explorer\SET9D.tmp
c:\program files\Internet Explorer\SETCA.tmp
c:\program files\Internet Explorer\SETCB.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\program files\Internet Explorer\SETF8.tmp
c:\program files\Internet Explorer\SETF9.tmp
c:\windows\$NtUninstallKB64146$
c:\windows\$NtUninstallKB64146$\1428729786\@
c:\windows\$NtUninstallKB64146$\1428729786\cfg.ini
c:\windows\$NtUninstallKB64146$\1428729786\Desktop.ini
c:\windows\$NtUninstallKB64146$\1428729786\L\pqpygwuk
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\U\[email protected]
c:\windows\$NtUninstallKB64146$\1428729786\version
c:\windows\$NtUninstallKB64146$\2031495861
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET10.tmp
c:\windows\system32\SET100.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FE.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET5.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET6.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET7.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 00:27 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-05-19 00:27 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-05-17 03:10 . 2012-05-17 03:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-09 21:22 . 2012-05-17 06:43 -------- d-----w- c:\documents and settings\John\Application Data\Hvdnffpyhy
2012-05-09 21:21 . 2012-05-09 21:21 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
2012-05-09 21:20 . 2012-05-17 04:33 -------- d-----w- c:\program files\Common Files\HotKey
2012-05-09 21:19 . 2012-05-17 04:33 -------- d-----w- c:\documents and settings\John\Application Data\Ywehet
2012-05-09 21:19 . 2012-05-09 22:39 -------- d-----w- c:\documents and settings\John\Application Data\Loxai
2012-05-09 21:19 . 2012-05-09 21:19 -------- d-----w- c:\documents and settings\John\Application Data\Uvohv
2012-05-06 13:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-06 13:21 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-06 13:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-06 13:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-06 13:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-06 13:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles
2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8
2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This
2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator
2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect]
2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn]
2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd]
2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
S7oppilx
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-01-29 c:\windows\Tasks\Qtutqqbm.job
- c:\windows\system32\msconfv.dll [2012-01-18 19:46]
.
2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22]
.
2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q=
FF - prefs.js: network.proxy.type - 2
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx
FF - user.js: CT2438727.CTID - CT2438727
FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0
FF - user.js: CT2438727.CurrentServerDate - 15-2-2011
FF - user.js: CT2438727.DialogsAlignMode - LTR
FF - user.js: CT2438727.DownloadReferralCookieData - 
FF - user.js: CT2438727.FirstServerDate - 20-9-2010
FF - user.js: CT2438727.FirstTime - true
FF - user.js: CT2438727.FirstTimeFF3 - true
FF - user.js: CT2438727.FirstTimeSettingsDone - true
FF - user.js: CT2438727.FixPageNotFoundErrors - true
FF - user.js: CT2438727.GroupingInvalidateCache - false
FF - user.js: CT2438727.GroupingLastCheckTime - 0
FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0
FF - user.js: CT2438727.GroupingServerCheckInterval - 1440
FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/
FF - user.js: CT2438727.Initialize - true
FF - user.js: CT2438727.InitializeCommonPrefs - true
FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3
FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time)
FF - user.js: CT2438727.InvalidateCache - false
FF - user.js: CT2438727.IsGrouping - false
FF - user.js: CT2438727.IsMulticommunity - false
FF - user.js: CT2438727.IsOpenThankYouPage - true
FF - user.js: CT2438727.IsOpenUninstallPage - true
FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440
FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx
FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LatestVersion - 2.7.1.3
FF - user.js: CT2438727.Locale - en
FF - user.js: CT2438727.LoginCache - 4
FF - user.js: CT2438727.MCDetectTooltipHeight - 83
FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@[email protected]/rank/tooltip/?version=1
FF - user.js: CT2438727.MCDetectTooltipWidth - 295
FF - user.js: CT2438727.RadioLastCheckTime - 0
FF - user.js: CT2438727.RadioLastUpdateIPServer - 0
FF - user.js: CT2438727.RadioLastUpdateServer - 0
FF - user.js: CT2438727.SHRINK_TOOLBAR - 1
FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1
FF - user.js: CT2438727.SearchFromAddressBarIsInit - true
FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - user.js: CT2438727.SearchInNewTabEnabled - true
FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440
FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SettingsCheckIntervalMin - 120
FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SettingsLastUpdate - 1297721424
FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504
FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578
FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID
FF - user.js: CT2438727.UserID - UN14965108183067577
FF - user.js: CT2438727.ValidationData_Search - 0
FF - user.js: CT2438727.ValidationData_Toolbar - 2
FF - user.js: CT2438727.alertChannelId - 832836
FF - user.js: CT2438727.clientLogIsEnabled - false
FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent
FF - user.js: CT2438727.myStuffEnabled - true
FF - user.js: CT2438727.myStuffPublihserMinWidth - 400
FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID
FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440
FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT
FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation
FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties
FF - user.js: CommunityToolbar.ToolbarsList - CT2438727
FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727
FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440
FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com
FF - user.js: CommunityToolbar.alert.locale - en
FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440
FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234
FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20
FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com
FF - user.js: CommunityToolbar.alert.showTrayIcon - false
FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300
FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8}
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.save_converter_index - 3
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.selectedEngine - Bing
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20111220165912
FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.visited_color - #800080
FF - user.js: dom.disable_open_during_load - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: dom.max_script_run_time - 0
FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT
FF - user.js: extensions.blocklist.pingCountTotal - 237
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\[email protected]\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}]
FF - user.js: extensions.lastAppVersion - 9.0.1
FF - user.js: extensions.lastPlatformVersion - 9.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.zoodles.account_created - true
FF - user.js: extensions.zoodles.toolbar_installed - true
FF - user.js: font.name.serif.x-western - Verdana
FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729)
FF - user.js: general.useragent.extra.zoodles - 
FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1326992866
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15
FF - user.js: lightweightThemes.isThemeSelected - false
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/...26\,\author\:\infectious\,\description\:\etsu meusyâ€™s work has been described as â€œsunny and cleanâ€ by giant robot and â€œnostalgia-tinged 70s and 80s pop cultural pastichesâ€ by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...\author\:\scoobydolittle\,\description\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...11578\,\author\:\madonna\,\description\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallpaper/335230/\\u000d\\u000a\\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}]
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 2
FF - user.js: places.database.lastMaintenance - 1326992866
FF - user.js: places.history.expiration.transient_current_max_pages - 76949
FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894
FF - user.js: places.last_vacuum - 1301663853
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_printer - HP Deskjet D2600 series
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: print_printer - HP Deskjet D2600 series
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.siteSettings - true
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 0
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.enable_ssl2 - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1325869576
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084
FF - user.js: xpinstall.whitelist.add - 
FF - user.js: xpinstall.whitelist.add.36 - 
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Update - c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Gtwatch - c:\windows\gtwatch.exe
MSConfigStartUp-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Completion time: 2012-05-19 14:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 13:41
.
Pre-Run: 154,489,208,832 bytes free
Post-Run: 154,577,326,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8B59B7E45875B886EA672C1544E6761A


----------



## kevinf80 (Mar 21, 2006)

No not really, I used to work offshore, had a real bad accident Dec 2004, took me 4 years to get over it and many operations to my right leg and shoulder. Started messing about with computers for soething to do...
About 2009 took interest in Malware and its effect on computers. Started traing at Geeks2Go, had to leave course midway for personal reasons, (I lost the plot due to accident and how it affected my life)
Started again at Spywarehammer and completed this time. SH is my home site, I come here to help out cos it gets really busy.
If you want to learn you have to be dedicated, it takes about a 6 months to a year, depending on you and the effort you put in..

Let me know if you`re interested, i`ll point you in the right direction...


----------



## kevinf80 (Mar 21, 2006)

I`ve got to go out, back maybe 1 to 2 hours, i`ll look at CF log then. Dont do anything with that PC...


----------



## jam1980uk (May 11, 2012)

ok ill shut it down now sorry to hear about your past least you pulled though m8 and on the up hope fully what site is sh and its just very nice to know there are people still out there who help others and not just to charge them money. i would love to learn about computer but aint got much tme or any money to do that sort of stuff.


----------



## kevinf80 (Mar 21, 2006)

Dont be sorry, I just started drinking maybe more than I should, feeling sorry for myself I guess. Came back twice as strong and more determined...

OK, Lets continue:

*Step 1*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::
File::
c:\windows\Tasks\Qtutqqbm.job
c:\windows\system32\msconfv.dll
Folder::
c:\documents and settings\John\Application Data\Hvdnffpyhy
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
c:\program files\Common Files\HotKey
c:\documents and settings\John\Application Data\Ywehet
c:\documents and settings\John\Application Data\Loxai
c:\documents and settings\John\Application Data\Uvohv
c:\documents and settings\John\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Babylon
DirLook::
c:\documents and settings\John\Local Settings\Application Data\I Want This
c:\program files\I Want This
C:\Program1
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableRegedit"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
Firefox::
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see those two logs, also give update on current issues/concerns

Kevin


----------



## jam1980uk (May 11, 2012)

how do i do screen shot m8


----------



## jam1980uk (May 11, 2012)

and sh your home site what site is that please


----------



## Mark1956 (May 7, 2011)

Just so you can keep going while Kevin is offline this is a guide for taking a screenshot in XP: How to take a screenshot in XP

SH is SpywareHammer, it's my home site also, you will find the site here: SpywareHammer


----------



## jam1980uk (May 11, 2012)

thank you


----------



## jam1980uk (May 11, 2012)

step 1 results

ComboFix 12-05-19.01 - John 19/05/2012 17:59:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2349 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: G:\CFScript.txt
.
FILE ::
"c:\windows\system32\msconfv.dll"
"c:\windows\Tasks\Qtutqqbm.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\John\Application Data\Babylon
c:\documents and settings\John\Application Data\Babylon\log_file.txt
c:\documents and settings\John\Application Data\Hvdnffpyhy
c:\documents and settings\John\Application Data\Loxai
c:\documents and settings\John\Application Data\Uvohv
c:\documents and settings\John\Application Data\Uvohv\usnow.fit
c:\documents and settings\John\Application Data\Ywehet
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome.manifest
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\install.rdf
c:\program files\Common Files\HotKey
c:\windows\system32\msconfv.dll
c:\windows\Tasks\Qtutqqbm.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles
2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8
2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This
2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator
2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\John\Local Settings\Application Data\I Want This ----
.
2012-02-29 13:21 . 2012-02-29 13:21 90207 ----a-w- c:\documents and settings\John\Local Settings\Application Data\I Want This\Chrome\I Want This.crx
.
---- Directory of c:\program files\I Want This ----
.
2012-04-27 09:16 . 2012-04-27 09:16 7729 ----a-w- c:\program files\I Want This\I Want ThisInstaller.log
2012-04-27 09:16 . 2012-04-27 09:16 137 ----a-w- c:\program files\I Want This\I Want This.ini
2012-04-27 09:16 . 2012-04-27 09:16 463627 ----a-w- c:\program files\I Want This\Uninstall.exe
2012-02-28 00:51 . 2012-02-28 00:51 35792 ----a-w- c:\program files\I Want This\appAPIinternalWrapper.js
2012-02-28 00:51 . 2012-02-28 00:51 15711 ----a-w- c:\program files\I Want This\fb.js
2012-02-28 00:51 . 2012-02-28 00:51 475480 ----a-w- c:\program files\I Want This\I Want This.dll
2012-02-28 00:51 . 2012-02-28 00:51 336216 ----a-w- c:\program files\I Want This\I Want This.exe
2012-02-28 00:51 . 2012-02-28 00:51 9662 ----a-w- c:\program files\I Want This\I Want This.ico
2012-02-28 00:51 . 2012-02-28 00:51 2096984 ----a-w- c:\program files\I Want This\I Want ThisGui.exe
2012-02-28 00:51 . 2012-02-28 00:51 166313 ----a-w- c:\program files\I Want This\jquery.js
2012-02-28 00:51 . 2012-02-28 00:51 10790 ----a-w- c:\program files\I Want This\json.js
.
---- Directory of C:\Program1 ----
.
2012-04-27 09:11 . 2005-10-25 08:36 116 ----a-w- c:\program1\PDFWrite.rsp
2012-04-27 09:11 . 2011-02-22 23:05 32768 ----a-w- c:\program1\Preferences.exe
2012-04-27 09:11 . 2011-02-22 08:28 53248 ----a-w- c:\program1\uninstpw.exe
2012-04-27 09:11 . 2011-02-22 08:27 126976 ----a-w- c:\program1\CPWriter2.exe
2012-04-27 09:11 . 2011-10-03 21:56 40960 ----a-w- c:\program1\pdfwriter.exe
2012-04-27 09:11 . 2008-01-28 18:23 4928 ----a-w- c:\program1\README.HTM
2012-04-27 09:11 . 2012-03-28 19:07 296 ----a-w- c:\program1\setup.inf
.
.
((((((((((((((((((((((((((((( [email protected]_13.34.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-19 13:28 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll
- 2012-05-19 13:28 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll
- 2012-05-19 13:28 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe
- 2012-05-19 13:28 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect]
2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn]
2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd]
2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
S7oppilx
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22]
.
2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: network.proxy.type - 2
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx
FF - user.js: CT2438727.CTID - CT2438727
FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0
FF - user.js: CT2438727.CurrentServerDate - 15-2-2011
FF - user.js: CT2438727.DialogsAlignMode - LTR
FF - user.js: CT2438727.DownloadReferralCookieData - 
FF - user.js: CT2438727.FirstServerDate - 20-9-2010
FF - user.js: CT2438727.FirstTime - true
FF - user.js: CT2438727.FirstTimeFF3 - true
FF - user.js: CT2438727.FirstTimeSettingsDone - true
FF - user.js: CT2438727.FixPageNotFoundErrors - true
FF - user.js: CT2438727.GroupingInvalidateCache - false
FF - user.js: CT2438727.GroupingLastCheckTime - 0
FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0
FF - user.js: CT2438727.GroupingServerCheckInterval - 1440
FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/
FF - user.js: CT2438727.Initialize - true
FF - user.js: CT2438727.InitializeCommonPrefs - true
FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3
FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time)
FF - user.js: CT2438727.InvalidateCache - false
FF - user.js: CT2438727.IsGrouping - false
FF - user.js: CT2438727.IsMulticommunity - false
FF - user.js: CT2438727.IsOpenThankYouPage - true
FF - user.js: CT2438727.IsOpenUninstallPage - true
FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440
FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx
FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LatestVersion - 2.7.1.3
FF - user.js: CT2438727.Locale - en
FF - user.js: CT2438727.LoginCache - 4
FF - user.js: CT2438727.MCDetectTooltipHeight - 83
FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@[email protected]/rank/tooltip/?version=1
FF - user.js: CT2438727.MCDetectTooltipWidth - 295
FF - user.js: CT2438727.RadioLastCheckTime - 0
FF - user.js: CT2438727.RadioLastUpdateIPServer - 0
FF - user.js: CT2438727.RadioLastUpdateServer - 0
FF - user.js: CT2438727.SHRINK_TOOLBAR - 1
FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1
FF - user.js: CT2438727.SearchFromAddressBarIsInit - true
FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - user.js: CT2438727.SearchInNewTabEnabled - true
FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440
FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SettingsCheckIntervalMin - 120
FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SettingsLastUpdate - 1297721424
FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504
FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578
FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID
FF - user.js: CT2438727.UserID - UN14965108183067577
FF - user.js: CT2438727.ValidationData_Search - 0
FF - user.js: CT2438727.ValidationData_Toolbar - 2
FF - user.js: CT2438727.alertChannelId - 832836
FF - user.js: CT2438727.clientLogIsEnabled - false
FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent
FF - user.js: CT2438727.myStuffEnabled - true
FF - user.js: CT2438727.myStuffPublihserMinWidth - 400
FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID
FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440
FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT
FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation
FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties
FF - user.js: CommunityToolbar.ToolbarsList - CT2438727
FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727
FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440
FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com
FF - user.js: CommunityToolbar.alert.locale - en
FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440
FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234
FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20
FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com
FF - user.js: CommunityToolbar.alert.showTrayIcon - false
FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300
FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8}
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.save_converter_index - 3
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.selectedEngine - Bing
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20111220165912
FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.visited_color - #800080
FF - user.js: dom.disable_open_during_load - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: dom.max_script_run_time - 0
FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT
FF - user.js: extensions.blocklist.pingCountTotal - 237
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\[email protected]\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}]
FF - user.js: extensions.lastAppVersion - 9.0.1
FF - user.js: extensions.lastPlatformVersion - 9.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.zoodles.account_created - true
FF - user.js: extensions.zoodles.toolbar_installed - true
FF - user.js: font.name.serif.x-western - Verdana
FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729)
FF - user.js: general.useragent.extra.zoodles - 
FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1326992866
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15
FF - user.js: lightweightThemes.isThemeSelected - false
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/...26\,\author\:\infectious\,\description\:\etsu meusy's work has been described as "sunny and clean" by giant robot and "nostalgia-tinged 70s and 80s pop cultural pastiches" by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...\author\:\scoobydolittle\,\description\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...11578\,\author\:\madonna\,\description\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallpaper/335230/\\u000d\\u000a\\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}]
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 2
FF - user.js: places.database.lastMaintenance - 1326992866
FF - user.js: places.history.expiration.transient_current_max_pages - 76949
FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894
FF - user.js: places.last_vacuum - 1301663853
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_printer - HP Deskjet D2600 series
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: print_printer - HP Deskjet D2600 series
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.siteSettings - true
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 0
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.enable_ssl2 - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1325869576
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084
FF - user.js: xpinstall.whitelist.add - 
FF - user.js: xpinstall.whitelist.add.36 - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Completion time: 2012-05-19 18:17:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 17:17
ComboFix2.txt 2012-05-19 13:42
.
Pre-Run: 154,587,893,760 bytes free
Post-Run: 154,569,039,872 bytes free
.
- - End Of File - - 2AE5735BA08F1AE546315C6EA770B401


----------



## jam1980uk (May 11, 2012)

took a screen shot how do i get it in the text box now please


----------



## jam1980uk (May 11, 2012)

was going to do step 2 but comp wont recognise my wreless adapter now but it worked before


----------



## Mark1956 (May 7, 2011)

If you have not rebooted after running Combofix please do so, this may bring back your internet connection, if not please wait for further instructions from Kevin.

*How to post a screenshot.*

Below the *Message Box* click on *Go Advanced*. 
Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the screenshot you made earlier and doubleclick on it.
Now click on the *Upload* button. When done, click on the *Close this window* button at the bottom of the page.
 Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## jam1980uk (May 11, 2012)

hope fully you can see picture my misses has lots of collage work saved and the files or pics say locked how do i get them back plz


----------



## jam1980uk (May 11, 2012)

i reboted 2 times but my wireless dongle aint turning on and the connection has gone


----------



## kevinf80 (Mar 21, 2006)

Can you navigate here *C:\Qoobox\ComboFix-quarantined-files.txt* copy that file and let me see it... Looks like CF has removed Netgear software, may be easier if you re-install that...


----------



## jam1980uk (May 11, 2012)

2012-05-19 16:59:52 . 2012-05-19 16:59:52 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-05-19 13:41:18 . 2012-05-19 13:41:18 1,376 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1.reg.dat
2012-05-19 13:37:32 . 2012-05-19 13:37:32 668 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PSUNMain.reg.dat
2012-05-19 13:37:32 . 2012-05-19 13:37:32 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-jswtrayutil.reg.dat
2012-05-19 13:37:32 . 2012-05-19 13:37:32 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Gtwatch.reg.dat
2012-05-19 13:37:32 . 2012-05-19 13:37:32 734 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Google Update.reg.dat
2012-05-19 13:37:31 . 2012-05-19 13:37:31 668 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
2012-05-19 13:37:22 . 2012-05-19 13:37:22 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-05-19 13:29:20 . 2012-05-19 13:29:20 814 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AMSERVICE.reg.dat
2012-05-19 13:29:09 . 2012-05-19 17:05:21 10,326 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-05-19 13:10:52 . 2012-05-19 16:58:34 470 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-05-09 21:22:32 . 2012-05-16 18:19:32 1,265 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\version.vir
2012-05-09 21:22:31 . 2012-05-16 18:19:31 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dds_trash_log.cmd.vir
2012-05-09 21:22:10 . 2012-04-13 22:17:24 960,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsh324.vir
2012-05-09 21:22:10 . 2012-04-13 22:16:56 960,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsh323.vir
2012-05-09 21:22:10 . 2012-04-13 22:16:38 960,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsh322.vir
2012-05-09 21:22:10 . 2012-04-13 22:16:22 960,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsh321.vir
2012-05-09 21:22:10 . 2012-04-13 22:15:08 960,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winsh320.vir
2012-05-09 21:21:10 . 2012-05-09 21:21:10 129 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome.manifest.vir
2012-05-09 21:21:10 . 2012-05-09 21:21:10 804 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\install.rdf.vir
2012-05-09 21:21:10 . 2012-05-09 21:21:10 6,522 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul.vir
2012-05-09 21:20:34 . 2012-05-16 18:19:31 169 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\cfg.ini.vir
2012-05-09 21:20:33 . 2012-05-09 21:20:34 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\@.vir
2012-05-09 21:20:33 . 2012-05-09 21:20:33 75,264 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\L\pqpygwuk.vir
2012-05-09 21:20:33 . 2012-05-16 18:19:10 4,608 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\Desktop.ini.vir
2012-05-07 09:03:45 . 2012-05-09 21:22:29 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2012-05-06 13:46:25 . 2012-05-09 21:24:46 206 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Bing.url.gfkl.vir
2012-05-06 13:46:25 . 2012-05-09 21:24:47 206 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Discover Bing.url.icax.vir
2012-05-05 19:03:43 . 2008-04-14 00:12:17 294,912 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\dlimport.exe.vir
2012-05-05 17:34:58 . 2012-05-09 21:24:47 171 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Internet Safety & Security Links.url.xxal.vir
2012-05-05 17:34:58 . 2012-05-09 21:24:47 166 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Internet Safety.url.ylyc.vir
2012-05-05 17:34:58 . 2012-05-09 21:24:48 154 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Thinkuknow.url.tikx.vir
2012-05-05 17:34:58 . 2012-05-09 21:24:48 164 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Virtual Global Taskforce.url.bpti.vir
2012-05-05 17:34:58 . 2012-05-09 21:24:46 152 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-CEOP website.url.yqkl.vir
2012-05-05 13:29:09 . 2012-05-09 21:24:47 2,313 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (4).url.gmgn.vir
2012-05-05 13:29:08 . 2012-05-09 21:24:47 2,313 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (3).url.mgnp.vir
2012-05-05 13:28:59 . 2012-05-09 21:24:47 2,313 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (2).url.ldvs.vir
2012-05-05 13:28:53 . 2012-05-09 21:24:47 2,313 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK.url.gfkl.vir
2012-04-30 20:41:49 . 2012-05-09 21:24:47 4,085 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-http--businessinyou.bis.gov.uk-.url.nphm.vir
2012-04-27 09:15:28 . 2012-05-09 21:24:47 500 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-FoxTab PDF Creator.url.yypt.vir
2012-04-27 09:11:49 . 2012-04-27 09:12:24 6,453 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Application Data\Babylon\log_file.txt.vir
2012-04-23 21:05:25 . 2012-05-09 21:24:47 190 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-MobilePOS mobile phone based credit card payments system.url.snfb.vir
2012-04-23 21:05:06 . 2012-05-09 21:24:46 276 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-BBC - KS3 Bitesize Maths - Algebra.url.eqcn.vir
2012-04-23 21:04:41 . 2012-05-09 21:24:48 265 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-vision2learn - Register for an online course.url.gyol.vir
2012-04-21 21:19:34 . 2012-05-09 21:24:47 311 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Jobs in Bl4 Bl4 Vacancies Fish4 Manchester.url.froy.vir
2012-04-21 21:16:31 . 2012-05-09 21:24:47 665 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Manchester.fish4jobs.co.uk Jobs in Manchester, Top Manchester Vacancies & Recruitment Site.url.pscs.vir
2012-04-21 21:14:17 . 2012-05-09 21:24:47 143 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\LOCKED~1.VQC.vir
2012-04-21 20:23:42 . 2012-05-09 21:24:48 1,829 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Salford - Manchester Before the Bench April 12, 2012.url.hlfn.vir
2012-04-20 18:11:57 . 2012-05-09 21:24:48 4,043 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Using and Maxing Out Speeds With uTorrent - AfterDawn Guides.url.cdhm.vir
2012-04-16 21:28:46 . 2012-05-09 21:24:47  625 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Farnworth BL4 9JP, UK to Swinton M27 5WQ, UK - Google Maps.url.qqcn.vir
2012-04-16 21:21:44 . 2012-05-09 21:24:47 188 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Fragrance Finder.url.rnez.vir
2012-04-14 21:17:49 . 2012-02-02 11:57:56 9,882 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\chrome\ComplitlyChrome.crx.vir
2012-04-14 21:17:48 . 2011-12-19 00:56:56 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\FireFoxUninstaller.exe.vir
2012-04-14 21:17:48 . 2010-11-09 05:33:58 904,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\System.Data.SQLite.dll.vir
2012-04-14 21:17:48 . 2012-02-02 04:19:38 10,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\FireFoxExtensionWithFF8Fix.exe.vir
2012-04-14 21:17:48 . 2011-12-13 23:00:08 10,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\InstTracker.exe.vir
2012-04-14 21:17:48 . 2009-06-22 02:03:30 0 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome\content\utils.js.vir
2012-04-14 21:17:48 . 2009-11-08 05:56:04 373 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\defaults\preferences\predictad.js.vir
2012-04-14 21:17:48 . 2012-01-17 05:32:16 529 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome\content\appIcon.png.vir
2012-04-14 21:17:48 . 2012-02-02 11:57:16 5,731 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome\content\browserOverlay.xul.vir
2012-04-14 21:17:48 . 2008-10-23 04:52:02 32 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome\content\options.js.vir
2012-04-14 21:17:48 . 2010-07-19 23:27:24 496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome\content\options.xul.vir
2012-04-14 21:17:48 . 2012-02-02 11:57:56 184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\chrome.manifest.vir
2012-04-14 21:17:48 . 2012-02-02 11:57:56 2,017 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\[email protected]\install.rdf.vir
2012-04-14 21:17:48 . 2012-04-14 21:17:49 9,590 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\unins000.dat.vir
2012-04-14 21:17:48 . 2012-04-14 21:17:48 714,526 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Complitly\unins000.exe.vir
2012-04-13 23:25:41 . 2012-05-09 21:24:47 1,122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Fire International Xploder Movie Player and Media Centre (PSP) Amazon.co.uk PC & Video Games.url.ryvq.vir
2012-04-13 23:25:32 . 2012-05-09 21:24:46 1,113 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-amazon.co.uk PSP Accessories.url.ineb.vir
2012-04-08 17:35:16 . 2012-05-09 21:24:46 258 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-BranchOut.url.fdez.vir
2012-04-08 17:27:55 . 2012-05-09 21:24:47 273 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Isle of Man Steam Packet Company.url.ygnf.vir
2012-04-08 17:27:24 . 2012-05-09 21:24:47 5,861 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-FindaParty.co.uk - Find a home party plan consultant or business near you.url.nmhm.vir
2012-04-08 04:20:16 . 2012-05-09 21:24:47 478 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Jobs at Insurance Jobs Board UK recruitment site.url.nezy.vir
2012-04-08 04:19:59 . 2012-05-09 21:24:48 904 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Unlock your party potential! The Party Plan Guru.url.oscn.vir
2012-04-08 04:10:46 . 2012-05-09 21:24:48 259 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-The Party Plan Guru.url.bpti.vir
2012-04-08 04:10:00 . 2012-05-09 21:24:48 970 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Party Plan Together - Sharing the Secrets of Success.url.pyzy.vir
2012-04-08 03:51:48 . 2012-05-09 21:24:48 5,220 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Party Plan Together » Links - Sharing the Secrets of Success.url.qdey.vir
2012-04-02 18:32:17 . 2012-05-09 21:24:47 252 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Legal And Copyright Vertex.url.mgnp.vir
2012-04-02 18:31:27 . 2012-05-09 21:24:47 194 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-http--www.cmoptions.org-en-faqs-index.asp.url.forh.vir
2012-04-02 18:21:11 . 2012-05-09 21:24:48 214 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-People we've helped - Child Maintenance Options.url.rwsg.vir
2012-04-02 17:53:42 . 2012-05-09 21:24:47 220 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Freedom of information statistics on implementation in central government.url.banp.vir
2012-04-02 17:45:27 . 2012-05-09 21:24:46 174 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Child Maintenance and Enforcement Commission - managing child support.url.lfed.vir
2012-04-01 19:27:37 . 2012-05-09 21:24:48 3,839 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Sony Ericsson XPERIA X10 mini pro review & compare deals on contract.url.jtik.vir
2012-03-30 14:18:01 . 2012-05-09 21:22:30 1,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2012-03-30 13:58:12 . 2012-05-09 21:22:31 115,712 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2012-03-26 13:44:52 . 2012-05-09 21:24:48 1,263 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Smithills Farm (2) March 2012 on PhotoPeach - Fresh slideshows to go!.url.lcne.vir
2012-03-26 13:43:22 . 2012-05-09 21:24:48 1,461 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Smithills Farm - March 2012 on PhotoPeach - Fresh slideshows to go!.url.cney.vir
2012-03-22 20:36:20 . 2012-05-09 21:24:47 2,377 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Make sure your CV is an attention grabber! Worklife - Jobsite.url.yvqv.vir
2012-03-22 19:00:50 . 2012-05-09 21:24:47 214 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Isle of Man classifieds - ManxAds.url.oyin.vir
2012-03-22 18:48:40 . 2012-05-09 21:24:47 244 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Discount & Cheap Laminate Flooring, Cheap Paint, DIY Supplies.url.vqvi.vir
2012-03-22 15:47:48 . 2012-05-09 21:24:48 217 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Starfall's Learn to Read with phonics.url.iaxb.vir
2012-03-22 15:47:39 . 2012-05-09 21:24:47 2,001 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Learning to Read - Ideas and Activities to Learn to Spell and Write Words.url.ptmh.vir
2012-03-21 22:13:48 . 2012-05-09 21:24:47 158 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Do-it - Volunteering made easy.url.avik.vir
2012-03-21 20:53:29 . 2012-05-09 21:24:47 312 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Little Rascals Kids Club Bolton Marketplace Shopping Centre.url.yiki.vir
2012-03-10 15:10:09 . 2012-05-09 21:25:07 86 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\System\locked-win_qs8.jqx.rnxp.vir
2012-02-29 19:41:40 . 2012-05-09 21:24:47 259 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Mecca Bingo Bolton Find Bingo Halls in Bolton.url.sqal.vir
2012-02-28 19:18:25 . 2012-05-09 21:24:49 217 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Welcome to Isle Of Man Homes - Failt! - Save Yourself Money.url.afbp.vir
2012-02-28 19:04:13 . 2012-05-09 21:24:47 907 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Isle of Man Classifieds - manx.net.url.nphm.vir
2012-02-28 17:53:12 . 2012-05-09 21:24:48 1,660 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-the swarm.url.zvqr.vir
2012-02-25 10:49:05 . 2012-05-09 21:24:48 202 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Super Hub.url.rwsg.vir
2012-02-25 10:39:35 . 2012-05-09 21:24:48 160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Speedtest.net - The Global Broadband Speed Test.url.vmru.vir
2012-02-23 17:51:58 . 2012-05-09 21:24:46 214 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-About us - Index Books Recruitment.url.sqal.vir
2012-02-20 15:53:17 . 2012-05-09 21:24:47 533 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Farnworth BL4 9JP - Google Maps.url.lylf.vir
2012-02-15 19:14:44 . 2012-05-09 21:24:47 371 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Learn How to Play Bingo Playing Bingo Online at Mecca Bingo.url.kujw.vir
2012-02-10 12:03:04 . 2012-05-09 21:22:31 66,560 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2012-02-08 20:19:17 . 2012-05-09 21:24:47 376 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-lovehome.co.uk Interior design ideas and easy how to guides for decorating, DIY and the garden.url.nezy.vir
2012-02-08 16:23:35 . 2012-05-09 21:24:46 192 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Apply Online Forbes Rentals.url.fedy.vir
2012-02-07 17:10:12 . 2012-05-09 21:24:46 319 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Consumer Contact.url.gsqa.vir
2012-01-19 21:15:06 . 2011-11-25 21:57:19 293,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET488.tmp.vir
2012-01-19 21:13:52 . 2011-10-14 14:47:29 176,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET473.tmp.vir
2012-01-19 21:11:40 . 2011-11-16 14:21:44 152,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET46A.tmp.vir
2012-01-19 21:11:40 . 2011-11-16 14:21:44 354,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET46B.tmp.vir
2012-01-19 21:10:28 . 2011-11-03 15:28:36 1,292,288 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET461.tmp.vir
2012-01-19 21:03:49 . 2011-11-04 19:20:51 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET301.tmp.vir
2012-01-19 21:03:49 . 2011-11-04 19:20:51 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET300.tmp.vir
2012-01-19 21:03:48 . 2011-11-04 19:20:51 105,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2FB.tmp.vir
2012-01-19 21:03:48 . 2011-11-04 19:20:51 2,000,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET305.tmp.vir
2012-01-19 21:03:47 . 2011-11-04 19:20:51 916,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2F9.tmp.vir
2012-01-19 21:03:47 . 2011-11-04 19:20:51 1,212,416 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2FA.tmp.vir
2012-01-19 21:03:46 . 2011-11-04 19:20:51 5,978,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2FF.tmp.vir
2012-01-19 21:03:44 . 2011-11-04 19:20:50 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET307.tmp.vir
2012-01-19 20:55:33 . 2011-11-01 16:07:10 1,288,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2D8.tmp.vir
2012-01-18 19:46:19 . 2012-01-29 00:16:40 304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\Qtutqqbm.job.vir
2012-01-18 19:46:19 . 2012-01-18 19:46:19 118,784 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfv.dll.vir
2011-12-02 12:07:49 . 2012-05-09 21:22:32 224,768 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2011-11-02 17:48:14 . 2012-05-09 21:22:30 1,024 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB64146$\1428729786\U\[email protected]
2011-09-18 17:43:54 . 2012-05-09 21:24:48 430 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Serif Product Registration.url.nedh.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11E.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET124.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET156.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET176.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET28.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A6.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET400.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4C.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET70.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET94.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC2.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 666,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF0.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11D.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET123.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET155.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET175.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET27.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A5.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FF.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4B.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET93.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC1.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 276,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETEF.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11B.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET121.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET153.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET173.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET25.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A3.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FD.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET49.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6D.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET91.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBF.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 619,520 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETED.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11A.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET120.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET152.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET172.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET24.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A2.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FC.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET48.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6C.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET90.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:08 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETEC.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET117.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET118.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET119.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET150.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET151.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET170.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET171.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET21.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET22.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET23.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A0.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A1.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F9.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FA.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FB.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET45.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET46.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET47.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET69.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6A.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6B.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8D.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8E.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8F.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBB.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBC.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBD.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE9.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETEA.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:10:58 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETEB.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF9.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFA.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET116.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00  532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14E.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16E.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39E.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F8.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET44.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET68.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8C.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBA.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE8.tmp.vir
2011-08-04 19:01:37 . 2008-04-14 00:12:00 532,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET115.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET43.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET67.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF7.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET113.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14B.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16B.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1D.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39B.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F5.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET41.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET65.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET89.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB7.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE5.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 56,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF5.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET112.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET40.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET64.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET88.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 449,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF4.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET111.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET149.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET169.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1B.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET399.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F3.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET63.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET87.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB5.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE3.tmp.vir
2011-08-04 19:01:36 . 2008-04-13 16:26:26 1,351,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET110.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET148.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET168.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET398.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET62.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:59 3,066,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET147.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET167.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET19.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET397.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET61.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET85.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:27 29,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET143.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET145.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET146.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET163.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET165.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET166.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET17.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET18.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET393.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET395.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET396.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3ED.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3EF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F0.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET60.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET81.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET83.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET84.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCC.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:55 96,256 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDD.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 15,872 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:56 22,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE0.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET142.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET162.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET392.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3EC.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET80.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAE.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:41 360,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDC.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET109.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET141.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET161.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET37.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET391.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3EB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAD.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 35,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET107.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET35.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET59.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC5.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET105.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET106.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET33.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET34.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET57.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET58.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETAA.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 48,640 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 251,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET104.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET32.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET56.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 323,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET102.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET30.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET54.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET78.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 216,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET101.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET139.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET159.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET389.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET53.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET77.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA5.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET100.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET138.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET158.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET388.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET52.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET76.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 34,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET137.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET157.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET387.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET51.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET75.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET99.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 205,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET132.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET136.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET386.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E0.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET50.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET98.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD0.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:52 357,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFE.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET131.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET135.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET385.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3DF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET73.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET97.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA1.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:51 35,328 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFD.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET130.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET134.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET2A.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET384.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3DE.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4E.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET72.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET96.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA0.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCE.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFC.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET12F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET133.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET29.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET383.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3DD.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET71.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET95.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9F.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCD.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:48 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETFB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET10.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET12D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET131.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET381.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3DB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET5.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET7.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET9D.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETCB.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:12:22 93,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETF9.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET12C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET130.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET2.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET380.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3B.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET3DA.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET4.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET6.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET9C.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETCA.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETF.tmp.vir
2011-08-04 19:01:36 . 2008-04-14 00:11:54 38,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SETF8.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET11C.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET122.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET154.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET174.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET26.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A4.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3FE.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4A.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6E.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET92.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETC0.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:40 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETEE.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET114.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET14C.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16C.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1E.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET39C.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3F6.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET42.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET66.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET8A.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB8.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETE6.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETF6.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET10C.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET144.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET16.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET164.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET394.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3A.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3EE.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET5E.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET82.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETB0.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETCA.tmp.vir
2011-08-04 19:01:36 . 2008-05-09 10:53:39 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETDE.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET103.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET13B.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15B.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET31.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET38B.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET3E5.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET55.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET79.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET9D.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA7.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD.tmp.vir
2011-08-04 19:01:36 . 2004-08-04 12:00:00 221,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETD5.tmp.vir
2011-05-16 19:57:42 . 2012-05-09 21:24:49 245 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-zmovie - insidious.url.yqaf.vir
2011-03-20 03:48:35 . 2012-05-09 21:19:46 415,853 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Application Data\Uvohv\usnow.fit.vir
2011-03-19 20:18:07 . 2012-05-09 21:24:46 395 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-76mm Bolt Through Tubular Mortice Latch - Door Hardware from Next Day Diy UK.url.laly.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 141 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Get Bookmark Add-ons.URL.lrfe.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 481 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-AOL.URL.lrfe.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Ultimate Handyman Laminate flooring underlay.URL.vmru.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 116 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Free Kids Games, Coloring & Jigsaw Puzzles for Children.URL.poyi.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Rally Point - Play Free Online Games at Games.co.uk.URL.cngn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Dynamic Demand.URL.tmrx.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 115 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Tarosophy.URL.pdvm.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-UK Office Direct.URL.yfnp.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 119 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-DoomsDayKillers chat group - Were Gonna Kill Em All.URL.fanp.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 129 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Pepsi Max - Win a Flip every 10 minutes.URL.nufn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Laminate Underlay.URL.qgtc.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 152 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Karndean Flooring, Quickstep, Pergo Laminate Flooring, Bamboo, Vinyl and Wood Flooring.URL.xmgn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 172 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Underlay.URL.hlfn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 216 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-6 Laminate Floor Underlay Tips.URL.nlju.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 209 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-mumandbabyonline - Home RA.URL.ikxr.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 131 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Magic Freebies UK - UK Freebies, Free Samples and Free Stuff.URL.wnpz.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 124 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Magic Competitions - Competitions, Comps, Freebies & Offers For The UK.URL.prom.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 169 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-RewardTV.URL.jlos.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Magic Promotions - Marketing Made Easier.URL.bfed.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 133 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Magic Price Comparison - compare prices dvd, blu-ray, wii, ds, xbox 360, ps3, ps2, consoles.URL.htpt.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 165 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Namesco - Get a professional Website Completly Free.URL.ylrp.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 119 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Online Photo! Enhancement Platform can be embedded on your website to create an online photo editor.URL.gklr.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Spanish Traditions - An Overview of Culture and Traditions in Spain.URL.upzv.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 125 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Genes Reunited Tree.URL.yzol.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 187 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Spanish Customs and Traditions.URL.pyia.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 164 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-0845 Numbers, 0845 Number, Free 0845 Numbers, Cheap 0845 Numbers - Just 0845 Numbers - Free Local Rate 0845 Numbers, No Set-up Fee.URL.dwsf.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 165 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Lose 2 Stone In 30Days WeeklyHealthNewsUK.URL.froy.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 165 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Acai Optimum.URL.wvqk.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 195 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Advanced Colon.URL.bdvi.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Payday Loans Cheque Cashing Payday Advance Pawnbroking Second hand goods from Cash Converters.URL.lcne.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 131 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Money Transfer & Online Payment NETELLER - Free Account Registration.URL.qklj.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 189 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-AA Route Planner Routes, maps and directions - The AA.URL.froy.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 195 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Royal Mail - Products and Services for Personal Customers.URL.afbp.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Customer Support.URL.npzo.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-My Old House - Every house has a story to tell, what's yours .URL.ntik.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Buy My House - Home Buyers - Buy My Home - Homebuyers.URL.kpnj.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 170 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Chiquito Mexican restaurant, Trafford Centre Restaurants in Manchester.URL.fomr.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 126 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Hi-Life Diners Club, 2 4 1 restaurants in Manchester, Liverpool, Leeds, Preston, Newcastle, Belfast, Dublin and throughout the UK & Ireland.URL.whqa.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 162 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Chiquito Restaurants Website.URL.fhyv.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 801 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-free unlock code generator software by imei number Resources and Information. This website is for sale!.URL.rhtg.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Elite Credit Repair Services.URL.rlik.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 129 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-1 Hour Loan Cash 1 Hour Cash in 1 Hour Frequently Asked Questions.URL.mqkl.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 177 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-eHow How To Do Just About Everything! How To Videos & Articles.URL.olrf.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 144 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Cinema Bolton Vue Cinema Bolton Films Showing at Bolton Cinema.URL.zwvq.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-ODEON - The Trafford Centre, Manchester.URL.hlfn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 116 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked- Posh Bingo.URL.phma.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 127 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Play Online Bingo at Gone Bingo UK - Get £15 free Sign-Up Bonus!.URL.rxbw.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 169 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked- Golden Hat Exclusive Bingo Offer.URL.wvqk.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 119 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Golden Hat Bingo Online Bingo Free Bingo Bingo Games No Deposit Bingo Free UK Bingo Sites.URL.nfed.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 158 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Thank you for registering - www.energysavingplug.co.uk.URL.eyhl.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 128 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Makeup Artist Supplies, Beauty Supplies, Cosmetic Cases, Makeup Cases, Train Cases, Airbrush Makeup Kits, Makeup Brush Sets and Makeup Palettes.URL.tcnx.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 112 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Short Term Loans - Wonga Cash on demand.URL.bpti.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 151 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Classified adverts, Manchester classified adverts online.URL.xfed.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 126 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-( I.F.F) im ****ed foundation.URL.gzol.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 169 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-funny joke text messages information news, videos, photos and comments about funny joke text messages from the best web sites and blogs.URL.qqkl.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 141 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-HBO True Blood Homepage.URL.mpsc.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 139 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Gatekey Lending UK.URL.maxp.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Jason Manford Concert Tickets - O2 Apollo Manchester Manchester,United Kingdom.URL.qanc.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 164 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-BBC - CBeebies - Big and Small House.URL.umgn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 115 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Math is Fun - Maths Resources.URL.ujws.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 126 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-MOBSTERS ADDS 200 FREE ENERGY EMAIL QUICK ADDS STATS INFO.URL.ebwl.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Apple (United Kingdom) - iTunes - Affiliates - Download iTunes.URL.mrxr.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 151 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Free iTunes Voucher Codes FreebieJeebies - Free Gadgets.URL.hgtc.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-iTunes voucher codes, iTunes discount vouchers, iTunes discount codes, iTunes promotional codes, iTunes money off vouchers, iTunes coupon codes.URL.ccuj.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 143 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-iTunes GB Discount Codes, Voucher Codes & Printable Discount Vouchers!.URL.ubwv.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Find iTunes voucher codes, iTunes cashback, iTunes discount codes & iTunes promotional codes at Quidco.URL.uxyh.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-iTunes Voucher Codes,iTunes Promotional Codes and Discount Codes - CouponSnapshot UK.URL.tgrf.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 140 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Laptop Covers skins UK - Laptop Covers vinyl covers - Laptop Covers vinyl stickers UK.URL.vscu.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 127 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Sourz cocktails - cocktail recipes from Sourz Sourz.URL.iaxb.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:48 112 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Sourz shots, cocktails and flavours Sourz.URL.mfup.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 113 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Dr Foot- For all your foot pain needs.URL.komr.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 116 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Home Phil Collins.URL.eebw.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-drfoot.co.uk has been registered.URL.ooyi.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 164 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-aha - SupaPrice.co.uk.URL.htgn.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:46 136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Arch Pain - Arch Pain Products.URL.jrzy.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 119 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Film and movie quotes.URL.fgng.vir
2011-01-12 16:55:02 . 2012-05-09 21:24:47 172 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-J2 Bar Nightclb Bolton Tickets.URL.dyif.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 158 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Friends Reunited.URL.maxp.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 155 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop (From Firefox).URL.qdez.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 170 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-bonprix.co.uk My Personal Account.URL.vqkl.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:49 191 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Weight Loss surgery - BMI Healthcare.URL.yqaf.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 146 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Eminem's family « Eminemisgod.URL.vcuj.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48  137 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Rebus Puzzles (Pictogram Puzzles).URL.vxbw.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Buy a Business.URL.oanp.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 123 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Full Halloween.URL.caxy.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-BSmart! Home.URL.vscu.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 117 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Children Charity Donate Barnardo's Believe In Children Campaign Commission Children Services.URL.ldvs.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Collections Advisor jobs in Farnworth with Irwin Mitchell Solicitors.URL.hqan.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 126 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-HM Revenue & Customs Childcare vouchers and tax credits - better off calculator.URL.fmhq.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 123 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop.URL.rmgn.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 145 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Company information, credit checks and Companies House documents on UK businesses - TY Listing - Page Number 1.URL.aolr.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Boxes and Packaging Online.URL.zzpp.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 131 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Find a local Business in your area.URL.sful.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 156 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Intuit® Website Building Software & Website Design.URL.qcnj.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Small Business UK Guides & tips for small business start ups and small companies.URL.tkia.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 115 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Business for Sale - Buy Sell Commercial Businesses FREE - RightBiz UK.URL.iyin.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:49 158 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-WELL ESTABLISHED NAIL AND BEAUTY BUSINESS FOR SALE FOR SALE.URL.mdhm.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 161 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Choosing a Business Name - Help & ideas for new company names.URL.raqk.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 207 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Domain Name Suggestions.URL.faly.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 148 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-All About Weight Consultants.URL.dhtg.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 158 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Digital Printing - Digital Printing Services, Digital Print UK, Digital Print Blackburn.URL.dfkl.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Browse our list of 456 fantastic freebies sourced from the best UK web sites.URL.ztgr.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:49 118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Welcome to BrightHouse.URL.vmru.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 149 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Coloring Pages - Free Coloring Book Pages for Children - Coloring Printouts - Free Printable Coloring Pages to Print Out Coloring Pages.URL.dgtc.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Free Kids Crafts - More Halloween Crafts.URL.ebwl.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-101 Halloween Ideas.URL.froy.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 127 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Spooky Halloween Site.URL.bnpz.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 159 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Free Halloween Backgrounds - Free Clipart.URL.drzy.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Ben & Jerry's - Halloween Crafts.URL.vtps.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 147 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-distribution CD-Rom ISO download page.URL.stps.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Manchester's 106.6 - Home.URL.rdws.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 114 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-http www.medavia.co.uk .URL.bbdv.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 150 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Events and What's On.URL.gfkl.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 126 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Home - All About You Features - Sell Your Story To Women's Magazines.URL.ulkl.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:49 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Willow Wellbeing Torquay Beauty Counselling Massage Stress Depression.URL.miax.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 137 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Nouvatan Spray Tan Solutions, Spray Tanning Retail Products, Spray Tanning Equipment and nationwide Spray Tanning Training - 07932 508084 - Training & Info.URL.pdvm.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 127 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-The Beauty Biz - Categories.URL.cney.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-FlyingShare - Flying Share.URL.adws.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 123 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Home - Toys R Us - Britain's greatest toy store.URL.ulyv.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 109 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-O2 Mobile Phones, Broadband & Sims From The UK's Leading Provider.URL.bpti.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 131 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Tea Tree Oil - Travel - Recreation.URL.bpti.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 113 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-TrialPay Online Payment and Promotions Platform for Leading Software and Social Apps Publishers.URL.rujz.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 138 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Sexy MySpace layouts & backgrounds created by CoolChasers - CoolChaser.URL.fnpd.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 135 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Mobsters 2 Vendetta on Facebook - Online Item Equipment Manager - Location Selection.URL.lqvi.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:46 120 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-cybermentors.URL.boli.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:48 135 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-pogo.URL.kxrw.vir
2011-01-12 16:55:01 . 2012-05-09 21:24:47 137 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Lovefilmbook.URL.ezyl.vir
2010-12-10 20:53:28 . 2010-12-10 20:53:28 738 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\KGB Employee Monitor\Help topics.lnk.vir
2010-12-10 20:53:28 . 2010-12-10 20:53:28 611 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\KGB Employee Monitor\Uninstall KGB Employee Monitor.lnk.vir
2010-12-10 20:53:28 . 2010-12-10 20:53:28 47 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor on the Web.url.vir
2010-12-10 20:53:28 . 2010-12-10 20:53:28 62 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\KGB Employee Monitor\Order now!.url.vir
2010-12-10 20:53:27 . 2010-12-10 20:53:28 588 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor.lnk.vir
2010-11-25 00:44:03 . 2012-05-09 21:24:48 298 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Thank you for downloading Opera.url.dhmf.vir
2010-11-21 19:24:53 . 2012-05-09 21:24:48 303 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Oriflame - Natural Swedish Cosmetics.url.nedh.vir
2010-11-21 19:24:46 . 2012-05-09 21:24:48 306 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Oriflame Consultant Registration Form.url.npdv.vir
2010-11-12 20:34:43 . 2012-05-09 21:24:48 208 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-News 6 Daily - Work at home mum makes £4,397-month working part-time from home.url.mruj.vir
2010-11-05 09:16:33 . 2012-03-20 23:44:02 82 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Iconix\SYSTEM.usr.vir
2010-11-02 15:17:36 . 2012-05-09 21:24:47 234 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-iPhone 4 now available on Orange.url.jwsw.vir
2010-10-31 18:59:59 . 2010-12-17 15:58:34 669,696 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\mpk.db.vir
2010-09-18 23:28:13 . 2008-11-19 14:09:54 3,209 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\MPK\S0000.vir
2010-08-28 21:45:14 . 2011-12-10 18:20:19 375 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.ics.vir
2010-08-22 21:59:54 . 2010-08-22 21:59:54 74 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Iconix\John.usr.vir
2010-04-26 20:17:14 . 2012-05-09 21:24:48 239 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-OpenOffice.org.url.uxbw.vir
2010-04-26 18:55:50 . 2012-05-09 21:24:48 257 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John\Favorites\locked-Radio Station Guide.url.yxbw.vir


----------



## kevinf80 (Mar 21, 2006)

Apologies for late replies, extremely busy. OK navigate to the following:

C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-jswtrayutil.reg.dat

Remove the .dat extension, then double click on the file, agree the merge. Re-boot and check your connection


----------



## jam1980uk (May 11, 2012)

please dont apologise i very greatful for all your doing tryng it now m8


----------



## jam1980uk (May 11, 2012)

sorry not quite sure do you mean delete the whole file 
MSConfigStartUp-jswtrayutil.reg.dat


----------



## jam1980uk (May 11, 2012)

or rename it without .dat on the end


----------



## kevinf80 (Mar 21, 2006)

Re-name without the .dat on the end, then double click the file and agree the merge. If you have problems re-install the related software...

Regarding the locked files, we need to know what has locked them. See if you can do the following:

Go here http://lockhunter.com/downloadnow.htm?instKind=32bit Download and install Lock Hunter.

Lock Hunter will be intergrated to the context menu.

Go to any of the locked files, Right click on the file and select "What is locking this file"

A new window should open, do not select any of the options. Instead select the following three keys together:

*Ctrl - Alt - PrtSc SysRq*

That will take a screen shot of the active window, now select Start > All Programs > Accessories > Paint > Right click in the work space and select "Paste"

Save that image as a Jpeg, not BitMap, attach to next reply...

Kevin


----------



## jam1980uk (May 11, 2012)

sorry but when i rename it the .dat aint there thill i press enter it just says MSConfigStartUp-jswtrayutil.reg


----------



## jam1980uk (May 11, 2012)

paint software ant there it says missing shortcut and then trys to find but cant ill try pasting another way


----------



## kevinf80 (Mar 21, 2006)

Your Accessories folder being empty is one of the pitfalls related to the infection you had, it can be fixed...

Go here http://www.raymond.cc/blog/restore-or-fix-missing-accessories-shortcuts-in-start-menu/ Download and run AccRestore.

That should fix Accessories folder etc...

Do you have the software for your dongle that is not working?


----------



## jam1980uk (May 11, 2012)

not sure but i can download it if i have to


----------



## jam1980uk (May 11, 2012)

should be here


----------



## jam1980uk (May 11, 2012)

think is here


----------



## kevinf80 (Mar 21, 2006)

Right click on that same file that shows as locked, select "Properties" then "Security tab" take a screen shot and post that please...


----------



## jam1980uk (May 11, 2012)

my internet dougle here is how to fix plz advise

Posts: 123
Registered: 11-05-2011

*Re: WNDA3200 not installing​.*

Options 

Mark as New
Bookmark this message
Subscribe to this message

Subscribe to this message's RSS feed
Highlight this message
Print this message
Email this message to a friend

Flag for a moderator

on 08-06-2011 18:47 
I did all that but did not solve it.

But have now solved it

I had to go into regedit and remove some reg files etc I just looked for anything with Netgear or WNDA3200 and deleted it.

Working like a charm now.


----------



## jam1980uk (May 11, 2012)

there is no sercity tab mate just general and summary tab


----------



## jam1980uk (May 11, 2012)

is auto run disabled


----------



## kevinf80 (Mar 21, 2006)

Yes Autorun is disabled by Combofix, it is a massive vulnerability and should not be enabled. I can give link for fix if you wish to have enabled.. let me know.

To show security tab in files etc go here http://www.mydigitallife.info/enable-and-display-security-tab-in-windows-xp-home-edition/ and follow the instructions... let me know if it works..

What is the status of your system at the moment, what issues/concerns remain


----------



## jam1980uk (May 11, 2012)

well only problem i think is the locked files there is no sign of virus and i wont be able to get on nternet till autorun is enabled so i can reinstall the wireless adpter so whats next mate. as i aint fussed about internet at min as i wont be using comp till you give me all clear so how you want me to procide


----------



## jam1980uk (May 11, 2012)

think is asking me to download service pack 4 shall i put it on my usb and transfer it to sick pc


----------



## jam1980uk (May 11, 2012)

it says choose director for extracted files


----------



## kevinf80 (Mar 21, 2006)

There is no SP4 for XP that i`m aware of...

To fix Autorun go here http://support.microsoft.com/kb/967715 scroll down to Fixit, there is one to enable and one to disable.

Can you do fix from MyDigitalLife to get Security tab to show in files etc, I need to see that...


----------



## jam1980uk (May 11, 2012)

ill do the auto fixnow 2 mins m8


----------



## jam1980uk (May 11, 2012)

problem i have is this laptop is winows 7 so when i go to downlaod it wont let me says not right version


----------



## jam1980uk (May 11, 2012)

its ok doing it now


----------



## jam1980uk (May 11, 2012)

here m8 hope this is right


----------



## kevinf80 (Mar 21, 2006)

That looks normal and LockHunter did not indicate a lock, that is very strange. OK, if you have internet we will run Combofix again.

Delete any versions that are on the Desktop, download a fresh version from either of the following links:

*Link 1*
*Link 2*

Save to Desktop again, turn off security then run as before and post the log....

Kevin...


----------



## jam1980uk (May 11, 2012)

do i have internet now shall i try to install dongle now


----------



## jam1980uk (May 11, 2012)

it wont install did we start auto run again


----------



## kevinf80 (Mar 21, 2006)

I gave you the link in reply #94 to run the fixit, did you scroll down and find the 2 Auto fixits one to enable and one to disable Autorun.

Will look like this


----------



## jam1980uk (May 11, 2012)

im sorry might just be me but that was for the secriuty tab not the auto run am i wrong ?


----------



## kevinf80 (Mar 21, 2006)

Yep I got it wrong, was reply #98


----------



## jam1980uk (May 11, 2012)

oh sorry i do it now


----------



## jam1980uk (May 11, 2012)

i connected wireless dongle and got this screen

shall i downdoad and put on usb again


----------



## kevinf80 (Mar 21, 2006)

Have you re-installed the software for the dongle,


----------



## jam1980uk (May 11, 2012)

it a strange 1 the software is ment to be installed on dongle. i found this but still dont know what to do
http://35506-18-thinks-netgear-wnda3200-storage-device-drive


----------



## kevinf80 (Mar 21, 2006)

The software is on the Dongle but you will have to install it to your PC, I have a 3 dongle that I use when away from home, the software came on the Dongle but I had to install it on my Laptop, its called 3 connect.

The screenshot you show in reply #110 only means you`ve clicked on the USB icon in the tray, you are then given an option as shown. 

As Autorun is diabled you will have to open the Dongle manually. Start > My Computer > look for the Dongle may be named as Drive E:\ or F:\ then install from the application exe....


----------



## jam1980uk (May 11, 2012)

ok ll try now mate can you gve me a list of what you want me to do then please thanks


----------



## jam1980uk (May 11, 2012)

works a treat installing now so sorry god how thick am i


----------



## jam1980uk (May 11, 2012)

ok sick comp now has internet but i no anti virus or any thing whats next step now mate


----------



## jam1980uk (May 11, 2012)

just running combofix m8


----------



## jam1980uk (May 11, 2012)

here is combofix report m8

ComboFix 12-05-21.05 - John 21/05/2012 19:39:56.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2464 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 18:02 . 2007-12-14 03:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2012-05-21 18:02 . 2012-05-21 18:02 -------- d-----w- c:\program files\Atheros
2012-05-21 17:41 . 2012-05-21 18:02 -------- d-----w- c:\windows\LastGood
2012-05-21 17:41 . 2008-10-28 18:27 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2012-05-21 17:41 . 2008-09-25 18:07 57440 ----a-w- c:\windows\system32\jswscimd.sys
2012-05-21 17:41 . 2008-09-25 18:07 57440 ----a-w- c:\windows\system32\drivers\jswscimd.sys
2012-05-20 19:12 . 1998-09-30 11:26 49936 ----a-w- c:\windows\system32\SeCEdit.exe
2012-05-20 19:12 . 1998-09-30 11:24 242448 ----a-w- c:\windows\system32\scedll.dll
2012-05-20 19:12 . 1998-03-31 15:37 29968 ----a-w- c:\windows\system32\Rshx32_5.dll
2012-05-20 19:12 . 1998-10-09 13:17 384784 ----a-w- c:\windows\system32\wsecedit.dll
2012-05-20 16:49 . 2012-05-20 16:49 -------- d-----w- c:\documents and settings\John\Application Data\LockHunter
2012-05-20 16:48 . 2012-05-20 16:48 -------- d-----w- c:\program files\LockHunter
2012-05-19 00:27 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-05-19 00:27 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-05-17 03:10 . 2012-05-17 03:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-06 13:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-06 13:21 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-06 13:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-06 13:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-06 13:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-06 13:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles
2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8
2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This
2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-04-11 13:12 . 2010-04-26 19:18 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2010-04-26 19:18 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2010-04-26 19:18 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_13.34.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-19 13:28 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll
- 2012-05-19 13:28 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll
+ 2012-05-21 18:02 . 2007-12-14 03:31 57408 c:\windows\LastGood\system32\DRIVERS\wsimd.sys
+ 2010-10-06 19:56 . 2012-05-19 18:22 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2010-10-06 19:56 . 2011-09-15 13:13 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-11-03 03:03 . 2012-05-19 18:19 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-11-03 03:03 . 2012-04-15 14:15 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\ff0e98a47a1aaa29100976e9e2cc430a\WindowsLiveWriter.ni.exe
+ 2012-05-19 19:15 . 2012-05-19 19:15 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5d4d60e3cb7f6b19d1dc6452e735a360\WindowsLive.Writer.Api.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\e16d25a68afefcb714b8508812583b4c\UIXControls.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-19 18:32 . 2012-05-19 18:32 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-19 18:31 . 2012-05-19 18:31 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c8fc74b6f19de1a403f0e557a11aa9ca\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3056b7bb6c5f44fd998e89d397f6fc79\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0a5d8c3e21d8683958868496373bb435\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-19 19:14 . 2012-05-19 19:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\WNDA3100_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2012-05-21 18:02 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\WNDA3100_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut9_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut9_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut8_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut8_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut7_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2012-05-21 18:02 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut7_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut6_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut6_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut5_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut5_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut4_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut4_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2012-05-21 18:02 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut3_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut3_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut23_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut23_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut22_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut22_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut2_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut2_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut19_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut19_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut18_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut18_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut17_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut17_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut16_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut16_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut14_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut14_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut13_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut13_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut1_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2010-08-28 21:31 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut1_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-08-28 21:31 . 2010-08-28 21:31 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\ARPPRODUCTICON.exe
+ 2012-05-21 18:02 . 2012-05-21 18:02 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\ARPPRODUCTICON.exe
+ 2012-05-19 18:29 . 2012-05-19 18:29 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-05 15:31 . 2012-05-05 15:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-05 22:13 . 2012-04-05 22:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
- 2004-08-04 12:00 . 2012-05-05 20:19 601714 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-05-20 17:59 601714 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-05-20 17:59 114648 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2012-05-05 20:19 114648 c:\windows\system32\perfc009.dat
- 2008-10-01 15:44 . 2008-10-01 15:44 405582 c:\windows\system32\jswscsup.dll
+ 2008-10-01 15:44 . 2009-11-05 15:08 405582 c:\windows\system32\jswscsup.dll
+ 2010-04-26 19:36 . 2012-05-19 18:35 502624 c:\windows\system32\FNTCACHE.DAT
- 2010-04-26 19:36 . 2012-05-07 08:27 502624 c:\windows\system32\FNTCACHE.DAT
- 2012-05-19 13:28 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe
- 2012-05-19 13:28 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe
+ 2012-04-05 22:52 . 2012-04-05 22:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-01-31 02:38 . 2012-01-31 02:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-22 15:50 . 2011-12-22 15:50 256000 c:\windows\Installer\1a804b.msp
+ 2012-02-02 22:56 . 2012-02-02 22:56 963584 c:\windows\Installer\1a8035.msp
+ 2010-10-06 19:56 . 2012-05-19 18:22 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-10-06 19:56 . 2011-09-15 13:13 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-05-19 19:14 . 2012-05-19 19:14 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-19 19:15 . 2012-05-19 19:15 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\218b4362202a2f432bb3714221ff2aa4\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fb438f62f426ff28b4a9949d699051b8\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccc14b04d082666155d2c355ef1f6563\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c954ba830b50bd4a6cf0ee094e2ea928\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c627e81fcd97ecd7c70b7eedf7928713\WindowsLive.Writer.Localization.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bdeb63577afc142cf5b377b9e2565660\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\baacfa565b2f46f4501cd89b067a8a47\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab181ae110294c0c572059dea0a4332c\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\809bd32a5211d9cd4115fba88f370a74\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6d9c4d236bacb711597c5aca6c04200e\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\678f35b523dbb63a4f247c1ffdf359cd\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\313958002b6415baf438056e452f23c3\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29e8f27943707613416f76a0357c8f41\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\228e3d0a57dc24f37a2b2259104749c1\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b316a40898d5a62af81ed70a3b708d0\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\130bc8fe5ff6eb69e4c7f0ba24fba59a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\d74a2a15b12d1d7c33eb64df4879cf7e\WindowsLive.Client.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\565bc89beb2fb404b1612721a9d56d3a\System.Management.Automation.resources.ni.dll
+ 2012-05-19 19:13 . 2012-05-19 19:13 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-19 19:14 . 2012-05-19 19:14 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-19 18:37 . 2012-05-19 18:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-19 18:37 . 2012-05-19 18:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-19 18:37 . 2012-05-19 18:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-19 18:37 . 2012-05-19 18:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-19 19:14 . 2012-05-19 19:14 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4375675fc5879a48c22dc8d7c80e841\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b0ec75b69d7a18a98de94e7b635d5b44\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\937d2550dddbd2e5995ec8f93083f357\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\15b7846d6acc551a7afdf5cc3de7547b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 830464 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\9153c43bd0284904060b36b54a98efc5\Interop.WMPLib.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-19 19:14 . 2012-05-19 19:14 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-26 11:56 . 2010-06-26 11:56 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-19 18:32 . 2012-05-19 18:32 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-19 18:22 . 2012-05-19 18:22 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 749568  c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-26 11:55 . 2010-06-26 11:55 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-19 18:22 . 2012-05-19 18:22 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-19 13:11 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2010-05-02 05:22 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2010-04-26 19:32 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-04-26 19:32 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 18:02 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-04-26 19:32 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-12-25 02:50 . 2011-12-25 02:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-03-25 05:15 . 2011-03-25 05:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 02:39 . 2011-10-26 02:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-07-07 04:18 . 2011-07-07 04:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-04 21:38 . 2012-04-04 21:38 2831360 c:\windows\Installer\1a8081.msp
+ 2012-04-28 20:44 . 2012-04-28 20:44 9101824 c:\windows\Installer\1a806a.msp
+ 2012-04-28 20:44 . 2012-04-28 20:44 9586176 c:\windows\Installer\1a802d.msp
+ 2012-04-30 13:38 . 2012-04-30 13:38 5011456 c:\windows\Installer\1a8014.msp
+ 2012-04-04 21:38 . 2012-04-04 21:38 3620864 c:\windows\Installer\1a7ffd.msp
+ 2012-03-19 21:02 . 2012-03-19 21:02 6695936 c:\windows\Installer\1a7fd9.msp
+ 2012-03-15 01:24 . 2012-03-15 01:24 1795584 c:\windows\Installer\1a7fcf.msp
+ 2012-04-28 20:43 . 2012-04-28 20:43 8459264 c:\windows\Installer\1a7fb8.msp
+ 2012-02-17 07:45 . 2012-02-17 07:45 2299392 c:\windows\Installer\1a7fa1.msp
+ 2012-05-21 18:02 . 2012-05-21 18:02 4632576 c:\windows\Installer\14a57a.msi
- 2011-12-01 22:07 . 2012-05-05 19:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-12-01 22:07 . 2012-05-19 18:33 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-12-01 22:07 . 2012-05-05 19:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 16:57 . 2009-04-03 16:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-02-05 10:36 . 2009-02-05 10:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-04-02 20:44 . 2009-04-02 20:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2010-04-26 19:32 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-26 19:32 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 18:02 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-26 19:32 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-19 19:17 . 2012-05-19 19:17 4265984 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\fb7d4fddcc90da95f863d93a66f71128\ZuneShell.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 2511872 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\865d4dfa1333b2fea4e073989c4ae3fb\ZuneDBApi.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed14765fc0f1a92b9211a088455799fc\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\724479ec2aae6cebefd965ac1bacdce6\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5b93d79ffd230432a9448c110a76d6b6\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-19 18:31 . 2012-05-19 18:31 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 4566016 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\a5ba7e19103dff328937318885607664\UIX.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 1831936 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\72543791b6b5c2480ed932b099e9b3f0\UIX.RenderApi.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-19 18:30 . 2012-05-19 18:30 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-19 18:40 . 2012-05-19 18:40 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-19 19:17 . 2012-05-19 19:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-19 19:13 . 2012-05-19 19:13 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\c1b3a38c1e1528e22b8f5531d7b3700c\System.Management.Automation.ni.dll
+ 2012-05-19 19:13 . 2012-05-19 19:13 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 2510336  c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7afb1abdbb8ba32cf578ff8ea4e45d99\System.Data.OracleClient.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-19 19:16 . 2012-05-19 19:16 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-05-19 18:38 . 2012-05-19 18:38 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 2217984 c:\windows\assembly\NativeImages_v2.0.50727_32\Songr\e9195bdf6171ad801b633c53f0380a6f\Songr.ni.exe
+ 2012-05-19 18:38 . 2012-05-19 18:38 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-19 18:38 . 2012-05-19 18:38 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-19 18:31 . 2012-05-19 18:31 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 1033216 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json\599caf7ea79454cd64e03bf3680088b5\Newtonsoft.Json.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-19 19:15 . 2012-05-19 19:15 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
- 2010-06-27 18:32 . 2010-06-27 18:32 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-19 18:22 . 2012-05-19 18:22 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-19 18:22 . 2012-05-19 18:22 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-05 15:32 . 2012-05-05 15:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-19 18:22 . 2012-05-19 18:22 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-05 15:31 . 2012-05-05 15:31 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-19 18:29 . 2012-05-19 18:29 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-26 19:42 . 2012-05-19 18:30 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 01:12 . 2012-04-06 01:12 15709696 c:\windows\Installer\1a8053.msp
+ 2012-01-04 01:25 . 2012-01-04 01:25 17751552 c:\windows\Installer\1a8043.msp
+ 2012-04-06 02:13 . 2012-04-06 02:13 16527872 c:\windows\Installer\1a7fe6.msp
+ 2012-05-19 18:18 . 2012-05-19 18:18 20343808 c:\windows\Installer\1a7f8c.msp
+ 2010-08-28 21:30 . 2012-05-21 18:01 17790464 c:\windows\Downloaded Installations\{BB1F9BC3-F3C9-499B-BDEA-C2A672A4F8D9}\WN111v2.msi
+ 2012-05-19 18:39 . 2012-05-19 18:39 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-19 19:14 . 2012-05-19 19:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-19 18:39 . 2012-05-19 18:39 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-19 18:37 . 2012-05-19 18:37 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-19 18:32 . 2012-05-19 18:32 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-19 18:30 . 2012-05-19 18:30 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-5-21 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect]
2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn]
2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd]
2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [21/05/2012 18:41 167936]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [21/05/2012 18:41 57440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys --> c:\windows\system32\DRIVERS\athuw.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [21/05/2012 18:41 360529]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ACS
*NewlyCreated* - WDCS_WNDA3200
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
S7oppilx
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-21 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22]
.
2012-05-21 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: network.proxy.type - 2
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx
FF - user.js: CT2438727.CTID - CT2438727
FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0
FF - user.js: CT2438727.CurrentServerDate - 15-2-2011
FF - user.js: CT2438727.DialogsAlignMode - LTR
FF - user.js: CT2438727.DownloadReferralCookieData - 
FF - user.js: CT2438727.FirstServerDate - 20-9-2010
FF - user.js: CT2438727.FirstTime - true
FF - user.js: CT2438727.FirstTimeFF3 - true
FF - user.js: CT2438727.FirstTimeSettingsDone - true
FF - user.js: CT2438727.FixPageNotFoundErrors - true
FF - user.js: CT2438727.GroupingInvalidateCache - false
FF - user.js: CT2438727.GroupingLastCheckTime - 0
FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0
FF - user.js: CT2438727.GroupingServerCheckInterval - 1440
FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/
FF - user.js: CT2438727.Initialize - true
FF - user.js: CT2438727.InitializeCommonPrefs - true
FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3
FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time)
FF - user.js: CT2438727.InvalidateCache - false
FF - user.js: CT2438727.IsGrouping - false
FF - user.js: CT2438727.IsMulticommunity - false
FF - user.js: CT2438727.IsOpenThankYouPage - true
FF - user.js: CT2438727.IsOpenUninstallPage - true
FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440
FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx
FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LatestVersion - 2.7.1.3
FF - user.js: CT2438727.Locale - en
FF - user.js: CT2438727.LoginCache - 4
FF - user.js: CT2438727.MCDetectTooltipHeight - 83
FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@[email protected]/rank/tooltip/?version=1
FF - user.js: CT2438727.MCDetectTooltipWidth - 295
FF - user.js: CT2438727.RadioLastCheckTime - 0
FF - user.js: CT2438727.RadioLastUpdateIPServer - 0
FF - user.js: CT2438727.RadioLastUpdateServer - 0
FF - user.js: CT2438727.SHRINK_TOOLBAR - 1
FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1
FF - user.js: CT2438727.SearchFromAddressBarIsInit - true
FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - user.js: CT2438727.SearchInNewTabEnabled - true
FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440
FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SettingsCheckIntervalMin - 120
FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SettingsLastUpdate - 1297721424
FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504
FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578
FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID
FF - user.js: CT2438727.UserID - UN14965108183067577
FF - user.js: CT2438727.ValidationData_Search - 0
FF - user.js: CT2438727.ValidationData_Toolbar - 2
FF - user.js: CT2438727.alertChannelId - 832836
FF - user.js: CT2438727.clientLogIsEnabled - false
FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent
FF - user.js: CT2438727.myStuffEnabled - true
FF - user.js: CT2438727.myStuffPublihserMinWidth - 400
FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID
FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440
FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT
FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation
FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties
FF - user.js: CommunityToolbar.ToolbarsList - CT2438727
FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727
FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440
FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com
FF - user.js: CommunityToolbar.alert.locale - en
FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440
FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234
FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20
FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com
FF - user.js: CommunityToolbar.alert.showTrayIcon - false
FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300
FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8}
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.save_converter_index - 3
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.selectedEngine - Bing
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20111220165912
FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.visited_color - #800080
FF - user.js: dom.disable_open_during_load - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: dom.max_script_run_time - 0
FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT
FF - user.js: extensions.blocklist.pingCountTotal - 237
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\[email protected]\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}]
FF - user.js: extensions.lastAppVersion - 9.0.1
FF - user.js: extensions.lastPlatformVersion - 9.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.zoodles.account_created - true
FF - user.js: extensions.zoodles.toolbar_installed - true
FF - user.js: font.name.serif.x-western - Verdana
FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729)
FF - user.js: general.useragent.extra.zoodles - 
FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1326992866
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15
FF - user.js: lightweightThemes.isThemeSelected - false
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/...26\,\author\:\infectious\,\description\:\etsu meusy's work has been described as "sunny and clean" by giant robot and "nostalgia-tinged 70s and 80s pop cultural pastiches" by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...\author\:\scoobydolittle\,\description\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/...11578\,\author\:\madonna\,\description\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallpaper/335230/\\u000d\\u000a\\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}]
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 2
FF - user.js: places.database.lastMaintenance - 1326992866
FF - user.js: places.history.expiration.transient_current_max_pages - 76949
FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894
FF - user.js: places.last_vacuum - 1301663853
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_printer - HP Deskjet D2600 series
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename - 
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: print_printer - HP Deskjet D2600 series
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_command - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename - 
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.siteSettings - true
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 0
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.enable_ssl2 - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1325869576
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084
FF - user.js: xpinstall.whitelist.add - 
FF - user.js: xpinstall.whitelist.add.36 - 
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-21 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-21 19:52:31
ComboFix-quarantined-files.txt 2012-05-21 18:52
ComboFix2.txt 2012-05-19 17:17
ComboFix3.txt 2012-05-19 13:42
.
Pre-Run: 153,642,328,064 bytes free
Post-Run: 153,663,553,536 bytes free
.
- - End Of File - - 9FB541DA7F68296DB4503D860AD51433


----------



## kevinf80 (Mar 21, 2006)

For a very good AV etc do the following while I check over your CF log,

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go *Here* and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know if it finds anything, you will not get a log as such but can check under the history tab when complete...

Kevin


----------



## jam1980uk (May 11, 2012)

didnt find any thing m8


----------



## kevinf80 (Mar 21, 2006)

Combofix log is clean also, How is your system responding in general, also what issues remain


----------



## jam1980uk (May 11, 2012)

it seems great just worried about them files m8 and all my internet bookmarks are looked ?


----------



## kevinf80 (Mar 21, 2006)

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
*>>> Here <<<*

 Double-click FixPolicies.exe.
 Click the "Install" button on the bottom toolbar of the box that will open.
 The program will create a new Folder called FixPolicies.
 Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
 A black box will briefly appear and then close.

Re-boot and see if anything has changed...


----------



## jam1980uk (May 11, 2012)

ok ill try now mate


----------



## kevinf80 (Mar 21, 2006)

Okey Dokey....


----------



## jam1980uk (May 11, 2012)

no joy when i click on them says cant find program to open but why would my internet bookmarks be locked in the same way


----------



## jam1980uk (May 11, 2012)

see how every file has a different programe underneath it


----------



## jam1980uk (May 11, 2012)

have you dealt with this ransomware i had before m8


----------



## kevinf80 (Mar 21, 2006)

Yes i`ve had several but none a severe as yours, you also had ZeroAccess rootkit infection. Can you go back to reply #78 have a look through CF quarantine, I think you`ll find that CF has removed most of your favorites.

I think the way forward is to completely UNinstall Firefox, including all settings etc. Re-install when complete. 

Regarding the locked files, I cannot see what has them locked, we`ve checked the security settings and used LockHunter and all is normal, we`ve reset Group Policy and that has made no difference.

What is the down side of losing the locked files?


----------



## jam1980uk (May 11, 2012)

all my misses collage files for the last year and half m8 i know i should have backed it all up but i dont know how not very good with things like that but if i was a game on here i could patch and aply crack lol


----------



## jam1980uk (May 11, 2012)

is there no way to unlock favs


----------



## jam1980uk (May 11, 2012)

wot is zero access and how did i get these and you side uninstall firefox i use ie 8 you still want me to get rid of firefox


----------



## kevinf80 (Mar 21, 2006)

Give me a bit of time, I want to go through the Quarantine list in reply #78


----------



## jam1980uk (May 11, 2012)

ok thanks pal and good luck lol


----------



## kevinf80 (Mar 21, 2006)

If you go to reply #78 and have a look at CF `s quarantine folder you`ll see that all of your Favs were classed as malware, moved to quarantine and given the *.vir* extension, that is normal procedure. If you look at the address it should end with *,url* yours have a further extension after *.url* and before *.vir* (which was added by CF) that is similar to the locked files on your Desktop.

Can you right click on any of those files on the Desktop, select "rename" does that option work?


----------



## jam1980uk (May 11, 2012)

its funny you should say that me and misses were looking over files and yes we can rename it but we didnt know what to put


----------



## jam1980uk (May 11, 2012)

i did it with the tatoo pic but says wont open as file is missing or corrupt


----------



## kevinf80 (Mar 21, 2006)

I cannot see how we can salvage any of those files on your Desktop, same goes for your Favorites in Internet Explorer.

When you open Internet Explorer then open your favorites and click on one of the entries, you are actually opening a shortcut that points to

*C:\Documents and Settings\John\Favorites\link address to entry URL*

We know that CF has removed all entries from the Favorites folder because of the odd extension after *.url* I`d assume that extension was added by the infection.

The same thing has happened to the files that are saved on your Desktop, seems to be a trait of the infection......

I had wondered if we removed the extension that the infection has added would the files then become usable, it would seem not as you`ve already tried that.

The only way forward is to accept the files are gone and move on. Can you drag one to the recycle bin and see what happens...


----------



## kevinf80 (Mar 21, 2006)

You asked about ZeroAceess rootkit, have a read here http://nakedsecurity.sophos.com/zeroaccess2/#Dropper there a several pages but well worth reading.

You mentioned patching and applying a crack, mmm those very options when d/l from P2P sites are one of the primary conduits for distributing this type of infection....

We need to remove tools we`ve used etc when you`re ready...


----------



## jam1980uk (May 11, 2012)

hi m8 sorry for long reply ill try the recyle bin in 2 min gotta nip out again is there nothing else we can try before i tell the wife she lost a full year and helf of college work i was looking at things on comp yesterday and 1 of the things i tried was open 1 of her letters in office and it comes up up lots of stupid symbols and tell me to choose 1 of 3 options to make it read better but they all dont make sense could the language pack have been deleted or something like that


----------



## jam1980uk (May 11, 2012)

yes i can bin files i found this is this anything to do with why they could be locked and can you not remotly take over my comp to have a look around


----------



## jam1980uk (May 11, 2012)

what about any of these programs m8


----------



## kevinf80 (Mar 21, 2006)

I honestly cannot see how you can get those files back, the infection has messed them up by adding its own random extension and locking the file. There is no specific icon for any of the files, that is another hint that the file is corrupt.

I think we`ve actually done well to get your system up and running, albeit that many files have been lost. Let this be a warning to you, you must back up important files.

You can buy an external hard drive complete with caddie for buttons on Ebay, a program such as Macrium Reflect can be used to back up important data, or make a full image backup of your HDD should the unforseen happen. It also gives an option to burn a recovery CD incase you end up with HD failure, you can the fit new HD and copy the saved image from your Back up HD.

Also Macrium Reflect for the home user is free...

There is a free program called Recuva that can recover lost files, i`ve not used it or have any experience with it whatsoever. You could try it and see if it helps.

Read about it here http://download.cnet.com/Recuva/3000-2242_4-10753287.html there is also a d/l link...

Let me know your thoughts, how you want to progress. I feel it is time to clean up, remove tools etc.. I wish I could get your files back, imho it is a lost cause....

Kevin.


----------



## jam1980uk (May 11, 2012)

thanks for trying though m8 really appricate it and we do what ever you think next pal


----------



## jam1980uk (May 11, 2012)

just downloaded that recuva i have to try any thing m8 ill keep ya informed


----------



## jam1980uk (May 11, 2012)

so am i virus free now m8 and the scan for the app i just downloaded gonna take 2 hours lol


----------



## jam1980uk (May 11, 2012)

whats all this i here about a infection that gonna kill millions of internet computers in a few weeks m8 whats all that about


----------



## kevinf80 (Mar 21, 2006)

Not sure, what thats all about, I tend to ignore scare mongering. Remember the millenium bug that was going to cripple all computer orientated systems, never happened. The millenium came and went without a hitch....

Just leave all of the tools we`ve used in place until you`ve ran Recuva. When that is complete, let me know and we`ll remove all tools etc...


----------



## jam1980uk (May 11, 2012)

wow there must be ten million files before i proceed is there any chance i will "recover" the virus


----------



## kevinf80 (Mar 21, 2006)

Can you not narrow down the search, file name or date etc... Viri files were not deleted, they are held in quarantine and re-named so should be very safe....

Just a thought, can you check in System restore, see if there any restore points pre infection? it might just be possible to restore the PC to a time pre infection when all files were intact...


----------



## jam1980uk (May 11, 2012)

will that not resore virus


----------



## jam1980uk (May 11, 2012)

i can go back to 10th of may


----------



## kevinf80 (Mar 21, 2006)

When did you first notice the infection? Not just the Ransom ware, any odd erratic behavior. ZA rootkit would have been on system first


----------



## kevinf80 (Mar 21, 2006)

It is possible to go back pre-infection, or maybe pre ransomware, If those files your wife needs are intact we back them up, then check your system for any infection that maybe present... your thoughts?


----------



## jam1980uk (May 11, 2012)

to be honest im not sure shall we give it a go will it do any harm to all the work you have done and can you not connect to my comp to have a look around it m8


----------



## kevinf80 (Mar 21, 2006)

Sorry I do not do remote connections, its your choice whether to try system restore. I guess if the files are very important its worth a try..

I`m not staying up any later than 12:30, i`ve got a real early start tomorrow....let me know what you are going to do...

If you do use system restore and your system is still infected we`ll just start over, its no big deal to me...


----------



## jam1980uk (May 11, 2012)

whats your advise m8 its been ace up to now its your call


----------



## kevinf80 (Mar 21, 2006)

I cannot make that decision for you, it has to be your choice. Rest assured we can clean your system again if necessary.

If the restore point dated the 10th is previous to your infection it is worth trying. The plus is we get those files back, the minus is possible re-infection

Your choice....


----------



## jam1980uk (May 11, 2012)

well it just still doing the restoring scan ill wait for that finish if no joy ill try restore and post files you can resume tommrow m8 sound good to you ill post results of resort thanks again m8


----------



## kevinf80 (Mar 21, 2006)

If system restore is successful i`d copy those files to CD or USB stick, just make sure you get them backed up. After that see how your system is responding. 
Post fresh DDS and GMER logs, tell me if any odd/erratic behavior.... This has been a bit of a journey, I guess we`ve both learnt something...

OK i`m goint to grab a coffee, i`m up until 12:30, maybe 12:45. If system restore completes before that time post back and let me know the result, you can do DDSand GMER later and i`ll see the logs tomorrow. I wont ignore you....


----------



## jam1980uk (May 11, 2012)

thanks so much in a funny way enjoyed this jouney


----------



## jam1980uk (May 11, 2012)

ok did a scan in misses folder it says it resored them i saved to new folder this is what it looks like


----------



## jam1980uk (May 11, 2012)

but when i click on it i get this


Which i think means gone for good dont you


----------



## kevinf80 (Mar 21, 2006)

Can you open and read the files OK, if you can it would be prudent to save them to an external source, CD or USB stick, etc...

How is the system responding in general? more importantly is there an AV program installed...


----------



## jam1980uk (May 11, 2012)

this is a pic of the app recouva


----------



## kevinf80 (Mar 21, 2006)

We cross posted there, can you open and read the files in original place, not the new saved folder


----------



## kevinf80 (Mar 21, 2006)

Ah we are talking of different things here, you are referring to Recuva, I thought you had done System Restore back to the 10th


----------



## jam1980uk (May 11, 2012)

not yet m8 that next lol no anti virus just that windows toool you told me to get m8


----------



## kevinf80 (Mar 21, 2006)

If you are doing System Restore back to the 10th and it is successful make sure you have an AV installed after that completes...


----------



## jam1980uk (May 11, 2012)

what av shall i get


----------



## kevinf80 (Mar 21, 2006)

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go *Here* and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.


----------



## jam1980uk (May 11, 2012)

yea thats the one i got you give me few post ago


----------



## jam1980uk (May 11, 2012)

you go bed m8 we speak tommrow thanks pal


----------



## kevinf80 (Mar 21, 2006)

Okey Dokey..zzzzzzzzzzzzzzzzzz


----------



## jam1980uk (May 11, 2012)

if i took it to a shop and paid can they do anything we cant m8


----------



## kevinf80 (Mar 21, 2006)

I cannot say for sure, maybe ask them, also ask for a price before you commit yourself. I take you do not want to risk using system restore?


----------



## jam1980uk (May 11, 2012)

hi m8 i did restore and it deleted the av we put on i run a scan with superantivirus software it found the 8 threats we got rid of and still counldnt get the files i said to my self this morning i will not be beaten lol...
so i undid the restore to take us back up to date i then realised i had hirans boot cd so i started that open a program called "restoration" any way it found millions of files i in the middle of putting some files on a usb stick.

i found out when i got the virus because it give time stamps and there is loads happing on 5/5/at 8.30pm so thats when i got it now only thing is alot of the files dont know what program to use to open them i have enclosed a pic


----------



## kevinf80 (Mar 21, 2006)

You cannot open those files, they are not data files. The ones in the picture are drivers, program executables and dynamic link library files...


----------



## jam1980uk (May 11, 2012)

all these are from the day after i got virus


----------



## jam1980uk (May 11, 2012)

what should i be looking for m8 aint got a clue


----------



## kevinf80 (Mar 21, 2006)

System Restore snapshot points,


----------



## jam1980uk (May 11, 2012)

when i try to open a file my misses has done on word it say can not convert and in the list of deleted files there are alot of fonts could it have wipes all the fonts thats why cant read them


----------



## kevinf80 (Mar 21, 2006)

If you are sure you got hit on the 5/5 and the furthest back restore point is the 10/5 then you have little hope of restoring the corrupt files..


----------



## jam1980uk (May 11, 2012)

would this program not have found restore point before that how can i locate it


----------



## kevinf80 (Mar 21, 2006)

System restore cache is a given size. When the cache is full it will delete old points as new ones are created, It is difficult to say how far back you can go. If the date 10/5 is listed as the furthest one back, then that is as far back as you can go...

OK, try this. Right click on any of the files in question (created by your wife), Select "Open with" in the new window Select "Choose Default program" In the new window Select "Search the web for software that can open your file" then hit OK, let windows see if it can find anyhting on the web for you..


----------



## jam1980uk (May 11, 2012)

no good m8


----------



## jam1980uk (May 11, 2012)

this will prob be the files i want


----------



## kevinf80 (Mar 21, 2006)

Do you still have the files you recovered with Recuva? do exactly the same on one of those...


----------



## jam1980uk (May 11, 2012)

would that unbuntu not open them


----------



## jam1980uk (May 11, 2012)

that didnt work either m8 is this a resote point its dates 04 09


----------



## kevinf80 (Mar 21, 2006)

Ubuntu is an Operating System, not an application..


----------



## kevinf80 (Mar 21, 2006)

You will have to have a definite restore point, you are looking at snapshot points in your screenshot.

Do this, Select > start > all programs > Accessories > System Tools > System Restore > the "Welcome to System Restore" window will open. Select "Restore my computer to an earlier time" then select "Next"

In the new window you will see "Select a Restore Point" In the date window use the arrows in the header where the month is, see if you can arrow back to a month prior to May....


----------



## jam1980uk (May 11, 2012)

wont go any month down m8 stays in may


----------



## jam1980uk (May 11, 2012)

this is off hirans boot called active file recorery but still wont open


----------



## jam1980uk (May 11, 2012)

i try to open it with word this comes up


shall i just give up m8


----------



## kevinf80 (Mar 21, 2006)

Look as much as I`d like to help you I think we`ve gone as far as possible, probably more than most would have bothered. The infection definitely messed up those files, there was the random extension added and the files were locked, exactly the same happened to you Favorites folder. 

If you really must continue with the crusade to get those files back your only option is to seek professional help. This will be very expensive, PC shops in my area charge £50 upwards for simple malware removal, extra for virii.

Data recovery may go into hundreds as opposed to tens, It really depends on time taken etc..... After a hit like you had I`m surprised we got you back at all....time to move on my friend.....

I`m calling time, I`ve had a long and very busy day... I look back in tomorrow......


----------



## jam1980uk (May 11, 2012)

think your right m8 mate we give up lol if you still willing to help me get a good safe system im more than happy to follow your advise and im sorry i dragged all this on to ya you done a fantastic job getting me as far as you have i couldnt have done it with out ya so thanks so much


----------



## kevinf80 (Mar 21, 2006)

No problem with time issues, a fix takes as long as it take.

I`m not sure what tools ar left after all the work and System restore etc, do the following:

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

If Combofix is no longer on the Desktop, d/l and save to Desktop again. Then run the above...

*Step 2*

We need to remove ESET Online Scanner. (if installed)


 Click Start, click Run, type *control appwiz.cpl* in the Open box, and then press ENTER.
 Click to select *ESET Online Scanner* from the application list, and then click Remove. Only re-boot if prompted

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 4*

Go here http://www.filehippo.com/updatechecker/ run FileHippo Update Checker, update all applications as suggested by theChecker, ignore any *Beta* updates..

*Step 5*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me know if those steps complete OK, also tell what issues/concerns remain...

Thanks,

Kevin


----------



## jam1980uk (May 11, 2012)

says cant find combo fix

doing step 2 now


----------



## jam1980uk (May 11, 2012)

sorry doing 1 again downloading comfix again m8


----------



## jam1980uk (May 11, 2012)

ok still doing updates now i have that microsoft protection on you gave me do i still run superanti spyware all the time or just scan now and then


----------



## jam1980uk (May 11, 2012)

all done but this keeps wanting to install but can`t i click ignor but its come back about 10 times 

Update for Windows XP (KB979306)


----------



## kevinf80 (Mar 21, 2006)

Go *Here* follow instruction to fix that update issue..


----------



## jam1980uk (May 11, 2012)

done that m8 i heard of a programm that hide ip is that a good ider


----------



## kevinf80 (Mar 21, 2006)

Why would you want to hide your IP address? Ok security, yes keep SAS as well as MSE, You also need a software Firewall, *Online Armour Free Firewall* is one of the best available, also go *Here* for an excellent tutorial that will show you how to use it.

Make sure to read the tutorial before you install the Firewall.....

If all is now OK here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## jam1980uk (May 11, 2012)

kevin what can i say apart from your billiant and i thanks you i no i could never repay you in any way but i owe you 1i glad i have this experance and glad you was there to help thanks ever so much again m8 sorry just a few more question lol

i have a laptop running windows 7 can i do the same things i have with this like the same antivirus and firewall and all the info in this tread i will always want to refer back so if i mark as solved will i still be able to view it

thanks again i wish you and your family the very best for the future m8 really glad to have been able to be your student lol


----------



## kevinf80 (Mar 21, 2006)

Thanks for the kind words, that is what makes it all worthwhile for me. Yep it was probably the worst log i`ve ever worked. I think we both learnt something along the way....

I use Windows 7 myself and have this set up for security:

Firewall - Online Armor (free) the best FW available IMHO....

AV, AS. etc - Microsoft Security Essentials.(free) very light on resources, very simple GUI makes it easy to read and set up.

I also have Malwarebytes Pro version, it is about £20 for a lifetime licence. It works very well with the other two, gives auto updates and the all important realtime protection...

If you mark the thread solved it just gives closer to it. You can still come back, read and leave comments or ask questions. After 45 days the log will Auto-close, you can still read but not comment....

Kevin...


----------



## jam1980uk (May 11, 2012)

ok will do and thanks again


----------



## kevinf80 (Mar 21, 2006)

You`re very welcome... :up:


----------

