# Trojan



## mister_d (Nov 25, 2011)

Our home computer has been acting up recently and of course no one is admitting to downloading something or causing it. Firefox has been locking up, my system tray is here today but gone tomorrow in terms of my AV, firewall, and superantispyware showing. I've had to reboot the computer several times because of Windows locking up. Even task manager has refused to open.

I tried switching from pc tools firewall to zonealarm at first because I thought it was the problem but I'm still having issues. I've run Dr Web CureIt, Superantispyware, Avira, ComboFix, and followed the sticky directions. Please let me know what I should do next. Th file Iad5hide.dll or something like it keeps showing up in the programs I've run to try and help. Dr. WebCureIt found a trojan but I can't find the log from it to list the exact one here.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, x86 Family 15 Model 75 Stepping 2
Processor Count: 2
RAM: 958 Mb
Graphics Card: NVIDIA GeForce 6150 LE, 256 Mb
Hard Drives: C: Total - 147793 MB, Free - 22240 MB;
Motherboard: Dell Inc, 0CT103
Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:38:55 PM, on 11/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164855826162
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211778946000
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: Google Update Service (gupdate1cc0203774f64a8) (gupdate1cc0203774f64a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 11510 bytes
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Kaunelis at 20:51:11 on 2011-11-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.478 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
svchost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
dRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164855826162
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211778946000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F80434DD-6130-4C63-ACE2-4DDCB1A21A93} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kaunelis\application data\mozilla\firefox\profiles\bpp3g2ph.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111028&q=
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kaunelis\application data\mozilla\firefox\profiles\bpp3g2ph.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\kaunelis\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-15 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-9 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-15 74640]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-11-19 87368]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-6-5 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2010-1-24 38656]
.
=============== Created Last 30 ================
.
2011-11-24 17:06:00 -------- d-----w- C:\ComboFix
2011-11-24 14:30:21 -------- dc-h--w- c:\windows\ie8
2011-11-24 09:40:42 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40:40 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39:42 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11:44 -------- d-----w- c:\windows\system32\NtmsData
2011-11-24 04:03:57 -------- d-sha-r- C:\cmdcons
2011-11-24 04:01:30 98816 ----a-w- c:\windows\sed.exe
2011-11-24 04:01:30 518144 ----a-w- c:\windows\SWREG.exe
2011-11-24 04:01:30 256000 ----a-w- c:\windows\PEV.exe
2011-11-24 04:01:30 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 22:22:49 -------- d-----w- c:\documents and settings\kaunelis\application data\CheckPoint
2011-11-22 22:21:45 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-22 22:17:56 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03:29 388096 ----a-r- c:\documents and settings\kaunelis\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-22 20:56:47 -------- d-----w- C:\Binaries
2011-11-22 20:56:29 -------- d-----w- c:\program files\Motorola Media Link
2011-11-16 02:35:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-16 02:35:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-16 02:35:52 -------- d-----w- c:\program files\Avira
2011-11-16 02:13:17 -------- d-----w- c:\documents and settings\kaunelis\application data\MotoCast
2011-11-16 02:12:09 -------- d-----w- c:\program files\Motorola Mobility
2011-11-16 02:10:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-15 22:40:26 -------- d-----w- c:\documents and settings\all users\application data\Motorola Media Link
2011-11-15 22:38:13 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Downloaded Installations
2011-11-14 23:29:41 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:17:18 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-10 20:14:54 -------- d-----w- c:\documents and settings\kaunelis\.gstreamer-0.10
2011-11-10 20:13:49 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Motorola
2011-11-10 20:13:11 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-11-10 20:13:08 -------- d-----w- c:\documents and settings\all users\application data\Motorola
2011-11-10 20:12:48 25856 ----a-w- c:\windows\system32\drivers\motoandroid.sys
2011-11-10 20:12:48 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-10 20:12:19 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-10 20:11:53 -------- d-----w- c:\program files\Motorola
2011-11-10 20:11:53 -------- d-----w- c:\documents and settings\kaunelis\application data\Motorola
2011-11-06 13:49:29 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\WBFSManager
2011-11-06 13:47:05 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39:54 -------- d-----w- c:\documents and settings\kaunelis\application data\AnvSoft
2011-11-05 15:39:25 -------- d-----w- c:\program files\AnvSoft
2011-10-28 00:01:25 -------- d-----w- c:\documents and settings\all users\application data\Premium
2011-10-28 00:00:47 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-04 20:48:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:52:51.07 ===============

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2006 8:48:57 PM
System Uptime: 11/24/2011 12:41:48 PM (8 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 1803/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 21.718 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP351: 11/6/2011 11:15:59 AM - System Checkpoint
RP352: 11/7/2011 12:02:30 PM - System Checkpoint
RP353: 11/8/2011 1:02:29 PM - System Checkpoint
RP354: 11/9/2011 2:17:55 PM - System Checkpoint
RP355: 11/10/2011 2:18:54 PM - System Checkpoint
RP356: 11/10/2011 3:11:35 PM - Installed MotoCast
RP357: 11/10/2011 3:16:59 PM - Installed MotoCast
RP358: 11/11/2011 4:34:05 PM - System Checkpoint
RP359: 11/12/2011 5:35:45 PM - System Checkpoint
RP360: 11/13/2011 6:07:07 PM - System Checkpoint
RP361: 11/13/2011 7:30:12 PM - Installed MotoCast
RP362: 11/14/2011 5:41:28 PM - Installed MotoCast
RP363: 11/14/2011 6:29:41 PM - Installed Windows XP Wdf01007.
RP364: 11/15/2011 4:56:56 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP365: 11/15/2011 5:36:00 PM - Removed MotoCast
RP366: 11/15/2011 5:39:32 PM - Installed MOTOROLA MEDIA LINK.
RP367: 11/15/2011 5:49:18 PM - Removed Java(TM) 6 Update 13
RP368: 11/15/2011 5:50:44 PM - Removed MOTOROLA MEDIA LINK.
RP369: 11/15/2011 5:52:21 PM - Removed Java(TM) 6 Update 12
RP370: 11/15/2011 5:56:12 PM - Removed Java(TM) 6 Update 7
RP371: 11/15/2011 6:19:15 PM - Removed Java(TM) 6 Update 4
RP372: 11/15/2011 6:42:22 PM - Installed Java(TM) 6 Update 25
RP373: 11/15/2011 6:43:15 PM - Installed MotoCast
RP374: 11/15/2011 6:48:37 PM - Removed MotoCast
RP375: 11/15/2011 6:52:04 PM - Removed Java(TM) 6 Update 25
RP376: 11/15/2011 7:07:39 PM - Installed Java(TM) 6 Update 25
RP377: 11/15/2011 7:08:36 PM - Installed MotoCast
RP378: 11/15/2011 7:27:08 PM - Installed Java(TM) 6 Update 29
RP379: 11/15/2011 7:30:15 PM - Installed MotoCast
RP380: 11/15/2011 7:34:56 PM - Removed MotoCast
RP381: 11/15/2011 7:42:38 PM - Removed Java(TM) 6 Update 25
RP382: 11/15/2011 7:55:00 PM - Installed Java(TM) 6 Update 29
RP383: 11/15/2011 8:03:39 PM - Installed MotoCast
RP384: 11/15/2011 8:51:20 PM - Removed Java(TM) 6 Update 29
RP385: 11/15/2011 8:52:44 PM - Removed MotoCast
RP386: 11/15/2011 9:10:24 PM - Installed Java(TM) 6 Update 25
RP387: 11/15/2011 9:11:29 PM - Installed MotoCast
RP388: 11/15/2011 9:49:03 PM - Installed Java(TM) 6 Update 29
RP389: 11/15/2011 9:52:26 PM - Installed MotoCast
RP390: 11/16/2011 3:01:30 PM - Installed MotoCast
RP391: 11/17/2011 11:17:58 PM - System Checkpoint
RP392: 11/18/2011 11:23:26 PM - System Checkpoint
RP393: 11/20/2011 12:18:13 AM - System Checkpoint
RP394: 11/20/2011 8:28:50 PM - Installed Windows XP KB915865.
RP395: 11/20/2011 8:30:04 PM - Installed Windows NLSDownlevelMapping.
RP396: 11/20/2011 8:30:32 PM - Installed Windows IDNMitigationAPIs.
RP397: 11/20/2011 8:31:02 PM - Installed Windows Internet Explorer 7.
RP398: 11/22/2011 6:58:53 AM - System Checkpoint
RP399: 11/22/2011 3:53:21 PM - Installed MotoCast
RP400: 11/22/2011 4:03:26 PM - Installed HiJackThis
RP401: 11/23/2011 7:24:37 PM - System Checkpoint
RP402: 11/24/2011 3:00:36 AM - Software Distribution Service 3.0
RP403: 11/24/2011 8:59:16 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3D Groove Playback Engine
3DVIA player 5.0
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Any Video Converter 3.3.0
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CloneCD
CloneDVD2
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DellConnect
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Flick 1.3.0.7
Facebook Plug-In
Games, Music, & Photos Launcher
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB954550-v5)
ImageMixer for Sony
ImgBurn
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Junior Plugin
LeapFrog Tag Plugin
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Office Sounds
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Works
MicroStaff WINASPI
Miro
MobileMe Control Panel
Modem Diagnostic Tool
Monopoly by Parker Brothers
MotoCast
MotoHelper 2.1.26 Driver 5.3.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.3.0
Move Networks Media Player for Internet Explorer
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 3.0
Otto
Photo Viewer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony USB Driver
SUPERAntiSpyware Free Edition
swMSM
Tux Paint 0.9.20b
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC 9.0 Runtime
VirtualCloneDrive
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 beta 3 (32-bit)
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/24/2011 12:45:01 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2011 12:45:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
11/24/2011 12:45:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
11/23/2011 10:51:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/23/2011 10:23:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avipbb avkmgr ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip Vsdatant
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
11/21/2011 7:17:21 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
11/21/2011 1:47:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
11/21/2011 1:47:05 PM, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 1:47:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/20/2011 9:10:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avipbb avkmgr ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid pctgntdi RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
11/20/2011 9:10:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2011 9:10:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2011 9:10:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2011 9:10:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2011 9:10:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2011 8:54:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
11/20/2011 8:52:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2011 8:51:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/20/2011 8:47:08 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/20/2011 8:46:54 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2011 8:46:19 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-25 11:03:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD160JJ/P rev.ZM100-34
Running: 91e11gni.exe; Driver: C:\DOCUME~1\Kaunelis\LOCALS~1\Temp\pxdyypoc.sys

---- System - GMER 1.0.15 ----

SSDT F7AF1E74 ZwClose
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF38432F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF383D5CA]
SSDT F7AF1E2E ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF3843A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF3856E4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF385723C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF38606F6]
SSDT F7AF1E24 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF3843BB6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF383E1E0]
SSDT F7AF1E33 ZwDeleteKey
SSDT F7AF1E3D ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF3855D8A]
SSDT F7AF1E42 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF385E99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF383DDF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF3859160]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF3858D8A]
SSDT F7AF1E97 ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF385F72A]
SSDT F7AF1E4C ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF3842EC4]
SSDT F7AF1E47 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF384359C]
SSDT F7AF1E83 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF383E5A4]
SSDT F7AF1E8D ZwSetSecurityObject
SSDT F7AF1E38 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF3857EA4]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF36FA640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [80, 3A, 84, F3, 4E, 6E, 85, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6983360, 0x2456AE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\stsystra.exe[280] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtAccessCheckByType  7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[300] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209F37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] ADVAPI32.dll!ImpersonateNamedPipeClient  77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[480] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[508] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[520] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Digital Line Detect\DLG.exe[640] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[676] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[708] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe[868] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[964] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSetInformationProcess  7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehRecvr.exe[1140] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1144] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe[1356] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehSched.exe[1544] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1936] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1936] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2044] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2184] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2284] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] ntdll.dll!NtImpersonateClientOfPort  7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\eHome\ehmsas.exe[2328] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[2340] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2380] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\mcrdsvc.exe[2512] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2640] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[2808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3012] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text  C:\WINDOWS\system32\rundll32.exe[3052] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\rundll32.exe[3052] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3200] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[3276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] ADVAPI32.DLL!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] ADVAPI32.DLL!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe[3464] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] USER32.dll!FindWindowW  7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\ehome\ehtray.exe[3512] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\Brother\BrStMonW.exe[3536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] ntdll.dll!NtSetInformationProcess  7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3552] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[3612] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] USER32.dll!FindWindowA  7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Browny02\BrYNSvc.exe[3820] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4028] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iTunes\iTunesHelper.exe[4064] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4068] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\Kaunelis\Desktop\91e11gni.exe[5308] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat B46B3D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]  1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

Can you be more specific about the problem instead of just saying "our home computer has been acting up recently"?

---------------------------------------------------------

If that 144 GB hard drive has only 21 GB of free space, it needs some de-cluttering.

Right-click RECYCLE BIN, then click Properties, then move the slider from 10% to 3%, then click Apply - OK.

Right-click MY COMPUTER, then click Properties - System Restore, then move the slider from 12% to 3%, then click Apply - OK.

After that's done, restart the computer.

That should reclaim some free space.

---------------------------------------------------------

*Adobe Flash Player 10 ActiveX* needs to be updated to *11.1.102.55*

*Adobe Reader 9.4.6* needs to be updated to *10.1.1*

*CCleaner* needs to be uninstalled, unless you REALLY know how to use it safely.

*Logitech Desktop Messenger* needs to be uninstalled, unless you really need and use it.

*Mozilla Firefox 8.0* needs to be updated to *8.0.1*

---------------------------------------------------------

A gold/blue shield malware removal expert will need to assist you with the DDS log because I'm not trained and qualified to do that.

This section is very busy, so you may need to wait 24 - 48 hours for a reply from one.

---------------------------------------------------------


----------



## mister_d (Nov 25, 2011)

Thanks! I went through and did all of that. I'm looking into getting an extrenal HD for all of our pictures and music which is a very large portion of the space being taken up.

The new FF is still acting up. For example, in this forum, the text bleeds into the ads on the right side of the page. IE seems to work just fine.

Did you see the other symptoms I listed? I'm concerned with the antivirus and firewall stopping/disappearing.


----------



## kevinf80 (Mar 21, 2006)

OK do the following.....

*Step 1*

Download aswMBR from *Here*


 Save aswMBR.exe to your Desktop
 Double click aswMBR.exe to run it
 Click the Scan button to start the scan as illustrated below










Note: Do not take action against any ***Rootkit*** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.










Copy and paste the contents of aswMBR.txt back here for review
You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

*Step 2*

Download







*OTL* from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*
*Link 4*

 Double click on the icon







to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
 When the window appears, underneath *Output* at the top, make sure *Stadard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Under the Custom Scan box paste this in:


```
[B]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
```

 Click the







button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the following in your reply :-

 aswMBR log
 OTL scan log
 Extras log
 Attach the MBR.zip file

Kevin


----------



## mister_d (Nov 25, 2011)

Ok, thanks Kevin. I'm starting on those directions now and will post the results when finished.


----------



## mister_d (Nov 25, 2011)

aswMBR asked to download the AVAST AV definitions which I agreed to. It wasn't in your instructions so I hope that was ok.

Before I started the aswMBR I forgot to stop my anti-virus and firewall. During the scan Avira said it found unp.209025680.tmp as a TR/CRYPT.XPACK.GEN. After the scan I disabled both the AV and FW and scanned again which is the log I posted below.

I'll be home late tonight and all day Sunday to check back here but no rush. Thanks for doing this!
----------------------------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 09:13:04
-----------------------------
09:13:04.244 OS Version: Windows 5.1.2600 Service Pack 3
09:13:04.244 Number of processors: 2 586 0x4B02
09:13:04.244 ComputerName: HOMECOMPUTER UserName: Kaunelis
09:13:05.166 Initialize success
09:13:12.947 AVAST engine defs: 11112600
09:13:19.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:13:19.026 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
09:13:21.057 Disk 0 MBR read successfully
09:13:21.057 Disk 0 MBR scan
09:13:21.088 Disk 0 unknown MBR code
09:13:21.104 Disk 0 scanning sectors +312496380
09:13:21.197 Disk 0 scanning C:\WINDOWS\system32\drivers
09:13:41.104 Service scanning
09:13:42.104 Modules scanning
09:13:50.260 Disk 0 trace - called modules:
09:13:50.276 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
09:13:50.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86119ab8]
09:13:50.276 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8618ff18]
09:13:50.276 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8613f940]
09:13:51.104 AVAST engine scan C:\WINDOWS
09:14:02.213 AVAST engine scan C:\WINDOWS\system32
09:16:41.588 AVAST engine scan C:\WINDOWS\system32\drivers
09:17:16.369 AVAST engine scan C:\Documents and Settings\Kaunelis
10:07:44.072 AVAST engine scan C:\Documents and Settings\All Users
10:12:10.026 Scan finished successfully
10:15:44.619 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kaunelis\Desktop\MBR.dat"
10:15:44.619 The log file has been saved successfully to "C:\Documents and Settings\Kaunelis\Desktop\aswMBR.txt"

--------------------------------------------------------------------------------------------

OTL logfile created on: 11/26/2011 8:59:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kaunelis\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 476.93 Mb Available Physical Memory | 49.76% Memory free
2.26 Gb Paging File | 1.48 Gb Available in Paging File | 65.34% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 40.18 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: HOMECOMPUTER | User Name: Kaunelis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 08:46:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaunelis\Desktop\OTL.exe
PRC - [2011/11/19 13:45:50 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/11/14 14:45:40 | 000,788,336 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/11/14 14:44:08 | 000,218,992 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/11/11 15:36:23 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 09:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/11/02 17:28:30 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
PRC - [2011/11/02 17:28:30 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
PRC - [2011/10/11 10:17:41 | 005,389,944 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/08/17 13:42:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/15 03:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/25 21:43:57 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Local Settings\temp\ZumoLocalGateway.dll8680952081472915713.lib
MOD - [2011/11/25 21:43:51 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Local Settings\temp\WindowsFolderWatcher.dll6167991271852285521.lib
MOD - [2011/11/25 21:43:05 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Local Settings\temp\WindowsAPI.dll2166788459092317776.lib
MOD - [2011/11/25 21:43:04 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/25 21:43:04 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/24 12:44:29 | 000,509,440 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Local Settings\temp\sqlite-3.6.20-sqlitejdbc.dll
MOD - [2011/11/21 07:08:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/19 13:46:42 | 000,465,632 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2011/11/19 13:45:24 | 000,034,128 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2011/11/19 13:45:12 | 000,045,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2011/11/19 13:44:54 | 000,128,336 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2011/11/19 13:44:28 | 000,023,872 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2011/11/14 14:45:40 | 000,788,336 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/11/14 14:44:08 | 000,218,992 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/11/02 17:28:30 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2011/11/02 17:28:30 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2011/11/02 17:28:30 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
MOD - [2011/11/02 17:28:30 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
MOD - [2011/11/02 17:28:30 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll
MOD - [2011/11/02 17:28:30 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
MOD - [2011/11/02 17:28:30 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
MOD - [2011/11/02 17:28:30 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2011/11/02 17:28:30 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2011/11/02 17:28:30 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
MOD - [2011/11/02 17:28:30 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
MOD - [2011/11/02 17:28:30 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2011/11/02 17:28:30 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
MOD - [2011/11/02 17:28:30 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
MOD - [2011/11/02 17:28:30 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll
MOD - [2011/11/02 17:28:30 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2011/11/02 17:28:30 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
MOD - [2011/11/02 17:28:30 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
MOD - [2011/11/02 17:28:30 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
MOD - [2011/11/02 17:28:30 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2011/11/02 17:28:30 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll
MOD - [2011/11/02 17:28:30 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
MOD - [2011/11/02 17:28:30 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2011/11/02 17:28:30 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2011/11/02 17:28:30 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
MOD - [2011/11/02 17:28:30 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2011/11/02 17:28:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll
MOD - [2011/11/02 17:28:30 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2011/11/02 17:28:30 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
MOD - [2011/11/02 17:28:30 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll
MOD - [2011/11/02 17:28:30 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2011/11/02 17:28:30 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2011/11/02 17:28:30 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
MOD - [2011/11/02 17:28:30 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2011/11/02 17:28:30 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
MOD - [2011/11/02 17:28:30 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
MOD - [2011/11/02 17:28:30 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
MOD - [2011/11/02 17:28:30 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
MOD - [2011/11/02 17:28:30 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2011/11/02 17:28:30 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
MOD - [2011/11/02 17:28:30 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
MOD - [2011/11/02 17:28:30 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
MOD - [2011/11/02 17:28:30 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
MOD - [2011/11/02 17:28:30 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
MOD - [2011/11/02 17:28:30 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
MOD - [2011/11/02 17:28:30 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2011/11/02 17:28:30 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
MOD - [2011/11/02 17:28:30 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2011/11/02 17:28:30 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
MOD - [2011/11/02 17:28:30 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
MOD - [2011/11/02 17:28:30 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2011/11/02 17:28:30 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll
MOD - [2011/11/02 17:28:30 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
MOD - [2011/11/02 17:28:30 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
MOD - [2011/11/02 17:28:30 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
MOD - [2011/11/02 17:28:30 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
MOD - [2011/11/02 17:28:30 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2011/11/02 17:28:30 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
MOD - [2011/11/02 17:28:30 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
MOD - [2011/11/02 17:28:30 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
MOD - [2011/11/02 17:28:30 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
MOD - [2011/11/02 17:28:30 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
MOD - [2011/11/02 17:28:30 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
MOD - [2011/11/02 17:28:30 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
MOD - [2011/11/02 17:28:30 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
MOD - [2011/11/02 17:28:30 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2011/11/02 17:28:30 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
MOD - [2011/11/02 17:28:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
MOD - [2011/11/02 17:28:30 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll
MOD - [2011/11/02 17:28:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
MOD - [2011/11/02 17:28:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
MOD - [2011/11/02 17:28:30 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
MOD - [2011/11/02 17:28:30 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
MOD - [2011/11/02 17:28:30 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
MOD - [2011/11/02 17:28:30 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2011/11/02 17:28:30 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
MOD - [2011/11/02 17:28:30 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
MOD - [2011/11/02 17:28:30 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
MOD - [2011/11/02 17:28:30 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
MOD - [2011/11/02 17:28:30 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
MOD - [2011/11/02 17:28:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2011/11/02 17:28:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2011/11/02 17:28:30 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
MOD - [2011/11/02 17:28:30 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2011/11/02 17:28:30 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll
MOD - [2011/11/02 17:28:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/14 12:39:23 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/12/28 12:28:09 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/23 12:12:44 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/08/23 12:12:42 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/08/23 12:12:38 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/19 13:45:50 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/11/14 14:44:08 | 000,218,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/17 13:42:32 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 09:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/19 10:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/14 12:35:49 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/14 12:35:49 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/27 10:00:06 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/03/25 21:19:20 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/03/25 21:19:20 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/11/25 12:39:04 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/02/21 10:08:54 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9052.sys -- (SQTECH9052)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/08/15 03:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/07/22 22:41:18 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061127
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061127
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.93
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111028&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Kaunelis\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Kaunelis\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/22 17:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 14:24:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/25 21:30:15 | 000,000,000 | ---D | M]

[2009/06/17 13:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Extensions
[2011/10/27 19:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions
[2011/08/30 17:37:36 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 17:46:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/29 15:23:06 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/16 10:45:47 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\[email protected]
[2010/10/31 12:16:17 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\[email protected]
[2011/04/10 10:29:17 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\searchplugins\askcom.xml
[2011/11/25 14:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/15 21:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/22 17:22:40 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2011/11/15 21:10:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/22 10:12:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/11/22 10:12:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGACDF&install_date=20111028
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s,
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\15.0.874.81\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\15.0.874.81\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\15.0.874.81\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Kaunelis\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Kaunelis\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Play Pickle = C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\

O1 HOSTS File: ([2011/11/24 12:42:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-18..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O7 - HKU\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164855826162 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211778946000 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F80434DD-6130-4C63-ACE2-4DDCB1A21A93}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 08:46:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kaunelis\Desktop\OTL.exe
[2011/11/26 08:44:55 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kaunelis\Desktop\aswMBR.exe
[2011/11/25 23:07:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kaunelis\Recent
[2011/11/25 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/11/25 21:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/11/25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/25 12:32:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/24 12:06:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/24 09:30:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/11/24 04:40:42 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/11/24 04:40:40 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/11/24 04:39:42 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/11/24 00:11:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/23 23:03:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/23 23:01:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/23 23:01:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/23 23:01:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/23 23:01:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/23 23:00:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 17:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\My Documents\ForceField Shared Files
[2011/11/22 17:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Application Data\CheckPoint
[2011/11/22 17:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/11/22 17:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/11/22 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/22 16:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Start Menu\Programs\HiJackThis
[2011/11/22 15:56:47 | 000,000,000 | ---D | C] -- C:\Binaries
[2011/11/22 15:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Media Link
[2011/11/15 21:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/15 21:49:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/15 21:49:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/15 21:49:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/15 21:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/15 21:35:54 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/15 21:35:54 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/15 21:35:54 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/15 21:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/15 21:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Application Data\MotoCast
[2011/11/15 21:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility
[2011/11/15 21:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola Mobility
[2011/11/15 21:10:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/15 17:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2011/11/15 17:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
[2011/11/14 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 18:29:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/11/10 19:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\My Documents\Podcast
[2011/11/10 15:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\.gstreamer-0.10
[2011/11/10 15:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Motorola
[2011/11/10 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/11/10 15:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/11/10 15:12:48 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2011/11/10 15:12:48 | 000,025,856 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motoandroid.sys
[2011/11/10 15:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/11/10 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/11/10 15:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Application Data\Motorola
[2011/11/09 20:01:38 | 000,525,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/11/06 08:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\WBFSManager
[2011/11/06 08:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\My Documents\WBFS Manager Covers
[2011/11/06 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2011/11/05 10:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\My Documents\Any Video Converter
[2011/11/05 10:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaunelis\Application Data\AnvSoft
[2011/11/05 10:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
[2011/11/05 10:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/10/27 19:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/10/27 19:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/26 08:57:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\MBR.dat
[2011/11/26 08:53:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006UA.job
[2011/11/26 08:46:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaunelis\Desktop\OTL.exe
[2011/11/26 08:45:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kaunelis\Desktop\aswMBR.exe
[2011/11/26 08:39:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 06:39:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 05:53:04 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006Core.job
[2011/11/25 21:42:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/25 21:41:53 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/25 21:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/25 21:40:47 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 21:25:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/25 15:57:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\MotoCast Update.job
[2011/11/25 15:54:04 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/11/25 14:24:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/25 12:30:44 | 000,000,131 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/11/25 11:22:25 | 000,193,009 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\Document.rtf
[2011/11/24 13:57:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/24 12:42:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/24 10:14:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/24 10:08:29 | 000,463,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/24 10:08:29 | 000,080,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/23 23:04:10 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/22 17:30:24 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/22 15:54:34 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/11/22 15:54:34 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/11/20 21:06:13 | 081,831,840 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\3wlm8f49.exe
[2011/11/20 20:34:09 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Kaunelis\.recently-used.xbel
[2011/11/20 20:33:48 | 008,035,709 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/11/20 20:02:55 | 008,688,033 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\Gym Class Heroes - Stereo Hearts (feat. Adam Levine).mp3
[2011/11/19 22:30:49 | 000,064,940 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/17 20:51:03 | 000,003,320 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\calendar(1).pdf
[2011/11/17 20:50:26 | 000,003,312 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\calendar.pdf
[2011/11/15 18:18:40 | 000,001,752 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/11/15 17:10:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/11/14 18:29:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/11/14 18:29:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/11/14 18:29:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/11/14 18:29:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/12 14:49:08 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/11/07 07:34:33 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Kaunelis\Desktop\Toysrus.com Home - The Official ToysRUs Site - Toys, Games, & More.URL
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/26 08:57:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\MBR.dat
[2011/11/25 21:30:15 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/25 09:28:03 | 000,193,009 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\Document.rtf
[2011/11/23 23:01:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/23 23:01:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/23 23:01:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/23 23:01:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/23 23:01:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/23 22:53:45 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/22 17:23:12 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/22 15:54:34 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/11/22 15:54:34 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/11/22 15:54:33 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/11/20 21:02:29 | 081,831,840 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\3wlm8f49.exe
[2011/11/20 20:34:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Kaunelis\.recently-used.xbel
[2011/11/20 20:11:01 | 008,035,709 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/11/20 20:02:16 | 008,688,033 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\Gym Class Heroes - Stereo Hearts (feat. Adam Levine).mp3
[2011/11/17 20:51:03 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\calendar(1).pdf
[2011/11/17 20:50:25 | 000,003,312 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\calendar.pdf
[2011/11/15 21:13:15 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\MotoCast Update.job
[2011/11/15 17:10:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/11/14 18:29:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/11/14 18:29:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/11/14 18:29:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/11/14 18:29:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/13 19:44:17 | 000,237,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/07 07:34:33 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Desktop\Toysrus.com Home - The Official ToysRUs Site - Toys, Games, & More.URL
[2011/06/09 15:43:09 | 000,064,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/05 13:49:12 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/06/05 13:49:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/06/05 13:49:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/03/16 08:59:58 | 000,000,205 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/11/02 16:42:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\housecall.guid.cache
[2009/06/14 11:25:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/04 18:33:47 | 053,703,603 | ---- | C] () -- C:\WINDOWS\System32\ltdcache.dll
[2009/02/16 15:53:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/02/16 14:08:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2008/01/29 16:47:47 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/01/02 20:13:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/30 16:53:24 | 000,000,135 | ---- | C] () -- C:\WINDOWS\imagedit.ini
[2007/08/23 15:59:05 | 000,000,131 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/05 10:22:57 | 000,001,752 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/24 19:32:31 | 000,000,161 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/03/30 18:04:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Application Data\dvd.bmk
[2007/03/24 12:34:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/31 14:29:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/12/07 16:09:21 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/07 16:09:21 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\D57D07B4B9.sys
[2006/12/06 16:16:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/12/04 20:23:24 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/12/04 20:23:24 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/12/04 20:18:50 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/04 19:47:51 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/30 19:16:26 | 000,000,426 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/11/29 20:52:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/29 20:49:09 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\fusioncache.dat
[2006/11/27 08:30:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/27 08:25:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/27 08:20:17 | 000,000,414 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/27 08:16:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/27 07:52:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/11/27 07:52:28 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/11/27 07:52:27 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/27 07:52:27 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/27 07:52:27 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/11/27 07:52:27 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/27 07:52:27 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/27 07:52:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/27 07:52:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/27 07:52:25 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/11/27 07:52:25 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/11/27 07:52:25 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/27 07:51:23 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/13 11:30:10 | 000,668,976 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,463,896 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,080,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/22 06:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCToolsFirewallPlus
[2009/08/07 08:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2011/04/21 08:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/22 17:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/11/10 16:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/16 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/08/23 16:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/10/27 19:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/07/05 08:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/11/10 16:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/10 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/11/15 17:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2011/05/18 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2011/10/27 19:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2009/05/26 17:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SKL
[2010/02/17 22:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2006/11/29 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/04/22 20:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/22 15:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Motorola
[2011/11/05 10:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\AnvSoft
[2010/11/10 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\AVG10
[2011/05/18 20:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Canon
[2010/11/22 10:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Catalina Marketing Corp
[2011/11/22 17:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\CheckPoint
[2011/09/06 15:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\eInstruction
[2010/03/26 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Facebook
[2009/06/17 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Foxit
[2009/05/26 16:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\FrostWire
[2011/04/30 14:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\GARMIN
[2011/11/20 20:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\gtk-2.0
[2007/02/09 01:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\ICAClient
[2010/01/03 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\ImgBurn
[2009/06/26 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\IObit
[2006/12/06 19:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Leadertech
[2011/11/25 21:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\MotoCast
[2011/11/15 21:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Motorola
[2008/10/14 23:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\OpenOffice.org
[2011/01/14 19:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Participatory Culture Foundation
[2011/11/20 20:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\PCF-VLC
[2011/11/22 16:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\PCToolsFirewallPlus
[2011/11/15 20:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\QuickScan
[2008/09/06 16:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\SlySoft
[2007/12/15 17:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Snapfish
[2009/11/23 16:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\TuxPaint
[2009/02/16 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Uniblue
[2009/02/23 18:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kaunelis\Application Data\Viewpoint
[2011/11/25 15:57:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\MotoCast Update.job
[2011/11/22 15:54:34 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/11/25 15:54:04 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/11/22 15:54:34 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 04:21:43 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-25 08:07:03
< End of report >

------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 11/26/2011 8:59:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kaunelis\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 476.93 Mb Available Physical Memory | 49.76% Memory free
2.26 Gb Paging File | 1.48 Gb Available in Paging File | 65.34% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 40.18 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: HOMECOMPUTER | User Name: Kaunelis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2F6CF9E4-91EC-45BB-B5C5-9B31DACC429C}" = Motorola Mobile Drivers Installation 5.3.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E703EE04-8A31-470B-BA16-24D890589917}" = LeapFrog Leapster2 Plugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"3DGroove" = 3D Groove Playback Engine
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.0
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BroadJump Client Foundation" = BroadJump Client Foundation
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Defraggler" = Defraggler
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"IrfanView" = IrfanView (remove only)
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = Miro
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MotoHelper" = MotoHelper 2.1.26 Driver 5.3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Tux Paint_is1" = Tux Paint 0.9.20b
"UPCShell" = LeapFrog Connect
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3302304811-3986175178-2332543431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2011 10:37:26 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:37:26 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:37:46 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:37:46 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:40:08 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:40:08 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:40:08 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:40:08 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:40:12 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

Error - 11/24/2011 10:42:01 PM | Computer Name = HOMECOMPUTER | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 11/24/2011 10:33:34 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/24/2011 10:37:58 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7031
Description = The MotoHelper Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/24/2011 10:40:10 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 11/24/2011 10:43:42 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 11/25/2011 4:24:26 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 11/25/2011 2:09:20 PM | Computer Name = HOMECOMPUTER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 11/25/2011 2:09:52 PM | Computer Name = HOMECOMPUTER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 11/25/2011 2:10:24 PM | Computer Name = HOMECOMPUTER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 11/25/2011 10:06:06 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 11/25/2011 10:41:26 PM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

< End of report >


----------



## mister_d (Nov 25, 2011)

Now IE is locking up when a new tab opens. It happened when I tried posting this response. Did the attachment post right on my reply or is it missing? I was assuming it'd list the title somewhere and you'd have to click it to download the attachment. Let me know if I need to try again.


----------



## flavallee (May 12, 2002)

mister_d said:


> Thanks! I went through and did all of that. I'm looking into getting an extrenal HD for all of our pictures and music which is a very large portion of the space being taken up.


I suspected that you have a lot of personal data in that computer that's consuming hard drive space.

Don't procrastinate and wait too long to back it up. If and when that hard drive dies, you can kiss it all good-bye.

--------------------------------------------------------


----------



## kevinf80 (Mar 21, 2006)

Yep the MBR.zip attachment is missing, also I see you`ve ran Combofix, can I see the log from that scan, should be here:

*C:\Combofix.txt*

Kevin


----------



## mister_d (Nov 25, 2011)

I think this is the ComboFix log?

MBR created a .dat file instead of a zip. I'm running it again now to see if maybe I missed an option.

ComboFix 11-11-23.03 - Kaunelis 11/24/2011 12:17:59.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.602 [GMT -5:00]
Running from: C:\Documents and Settings\Kaunelis\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Kaunelis\LOCALS~1\Temp\IadHide5.dll
C:\Documents and Settings\Kaunelis\Local Settings\temp\IadHide5.dll

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

2011-11-24 14:30:21 . 2011-11-24 14:34:37 -------- dc-h--w- C:\WINDOWS\ie8
2011-11-24 09:40:42 . 2011-06-24 14:10:36 139656 ------w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2011-11-24 09:40:40 . 2011-04-21 13:37:43 105472 ------w- C:\WINDOWS\system32\dllcache\mup.sys
2011-11-24 09:39:42 . 2011-07-08 14:02:00 10496 ------w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2011-11-24 05:11:44 . 2011-11-24 06:54:03 -------- d-----w- C:\WINDOWS\system32\NtmsData
2011-11-22 22:22:49 . 2011-11-22 22:22:49 -------- d-----w- C:\Documents and Settings\Kaunelis\Application Data\CheckPoint
2011-11-22 22:21:45 . 2011-11-22 22:21:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CheckPoint
2011-11-22 22:17:56 . 2011-11-22 22:22:14 -------- d-----w- C:\Program Files\CheckPoint
2011-11-22 21:03:29 . 2011-11-22 21:03:29 388096 ----a-r- C:\Documents and Settings\Kaunelis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 20:58:02 . 2011-11-22 20:58:02 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\.gstreamer-0.10
2011-11-22 20:57:40 . 2011-11-22 21:12:15 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\MotoCast
2011-11-22 20:56:47 . 2011-11-22 20:56:47 -------- d-----w- C:\Binaries
2011-11-22 20:56:29 . 2011-11-22 20:56:29 -------- d-----w- C:\Program Files\Motorola Media Link
2011-11-22 11:11:38 . 2011-11-22 11:11:38 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\PCToolsFirewallPlus
2011-11-16 02:50:11 . 2011-11-16 02:50:11 -------- d-----w- C:\Program Files\Common Files\Java
2011-11-16 02:35:54 . 2011-09-18 13:39:27 134344 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-11-16 02:35:54 . 2011-09-16 04:55:04 36000 ----a-w- C:\WINDOWS\system32\drivers\avkmgr.sys
2011-11-16 02:35:54 . 2011-09-16 04:55:03 74640 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-11-16 02:35:52 . 2011-11-16 02:35:52 -------- d-----w- C:\Program Files\Avira
2011-11-16 02:13:17 . 2011-11-24 17:46:41 -------- d-----w- C:\Documents and Settings\Kaunelis\Application Data\MotoCast
2011-11-16 02:12:09 . 2011-11-16 02:12:09 -------- d-----w- C:\Program Files\Motorola Mobility
2011-11-16 02:10:57 . 2011-10-03 07:37:52 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-11-15 22:40:26 . 2011-11-15 22:40:26 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
2011-11-15 22:38:13 . 2011-11-15 22:38:13 -------- d-----w- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
2011-11-14 23:29:41 . 2008-03-21 18:57:18 14640 ------w- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-11-10 20:17:18 . 2011-11-22 20:54:25 5 ----a-w- C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-10 20:14:54 . 2011-11-24 17:46:40 -------- d-----w- C:\Documents and Settings\Kaunelis\.gstreamer-0.10
2011-11-10 20:13:49 . 2011-11-15 23:45:08 -------- d-----w- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\Motorola
2011-11-10 20:13:11 . 2011-11-22 20:56:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Nero
2011-11-10 20:13:08 . 2011-11-10 20:13:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Motorola
2011-11-10 20:12:48 . 2009-07-10 18:01:06 25856 ----a-w- C:\WINDOWS\system32\drivers\motoandroid.sys
2011-11-10 20:12:48 . 2008-03-27 22:49:38 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2011-11-10 20:12:19 . 2011-11-10 20:12:19 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-11-10 20:11:53 . 2011-11-16 02:12:03 -------- d-----w- C:\Program Files\Motorola
2011-11-10 20:11:53 . 2011-11-16 02:11:42 -------- d-----w- C:\Documents and Settings\Kaunelis\Application Data\Motorola
2011-11-06 13:49:29 . 2011-11-06 13:49:29 -------- d-----w- C:\Documents and Settings\Kaunelis\Local Settings\Application Data\WBFSManager
2011-11-06 13:47:05 . 2011-11-15 23:18:07 -------- d-----w- C:\Program Files\WBFS
2011-11-05 15:39:54 . 2011-11-05 15:39:54 -------- d-----w- C:\Documents and Settings\Kaunelis\Application Data\AnvSoft
2011-11-05 15:39:25 . 2011-11-05 15:39:25 -------- d-----w- C:\Program Files\AnvSoft
2011-10-28 00:01:25 . 2011-10-28 00:01:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Premium
2011-10-28 00:00:47 . 2011-10-28 00:04:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\InstallMate
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


----------



## mister_d (Nov 25, 2011)

**edit** I read the directions this time and zipped it(;


----------



## kevinf80 (Mar 21, 2006)

The Combofix log is not complete, can you post again please.....


----------



## mister_d (Nov 25, 2011)

That's all that's listed in the Combofix text document. Should I run it again? I'm assuming that you need to know what it did last time): Could the file be located anywhere else?

Last night my Avira did it's daily scan and found the temp file I listed above as a virus. I had it put the file in quarantine.


----------



## kevinf80 (Mar 21, 2006)

Delete Combofix from your Desktop if still present, download a fresh copy from either of the following links and save to Desktop again.

*Link 1*
*Link 2*

Run as you did previously and post the produced log...

Kevin


----------



## mister_d (Nov 25, 2011)

Ok I've downloaded it from both links and tried running it 3 or 4 times but it's not working as it did previously. I'm getting a black and green screen but not the blue and white where it goes up to step 50. I have my AV and FW turned off. I tried getting the log from the folder but there is only one file in it this time and it's not a text file.


----------



## mister_d (Nov 25, 2011)

Ok. I found directions to uninstall combofix and did that. I reran it and it did just fine like previously. After it was done running an IE shortcut icon appeared on my desktop... I don't care but it's just weird.

ComboFix 11-11-27.02 - Kaunelis 11/27/2011 12:14:59.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00]
Running from: c:\documents and settings\Kaunelis\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Kaunelis\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Kaunelis\Local Settings\temp\IadHide5.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-26 02:31 . 2011-11-26 02:32 -------- d-----w- c:\program files\Defraggler
2011-11-26 02:28 . 2011-11-26 02:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-24 14:30 . 2011-11-24 14:34 -------- dc-h--w- c:\windows\ie8
2011-11-24 09:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11 . 2011-11-27 06:30 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 22:22 . 2011-11-22 22:22 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\CheckPoint
2011-11-22 22:21 . 2011-11-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-22 22:17 . 2011-11-22 22:22 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03 . 2011-11-22 21:03 388096 ----a-r- c:\documents and settings\Kaunelis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 20:58 . 2011-11-22 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\.gstreamer-0.10
2011-11-22 20:57 . 2011-11-22 21:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MotoCast
2011-11-22 20:56 . 2011-11-22 20:56 -------- d-----w- C:\Binaries
2011-11-22 20:56 . 2011-11-22 20:56 -------- d-----w- c:\program files\Motorola Media Link
2011-11-22 11:11 . 2011-11-22 11:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
2011-11-16 02:50 . 2011-11-16 02:50 -------- d-----w- c:\program files\Common Files\Java
2011-11-16 02:35 . 2011-09-18 13:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-16 02:35 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-16 02:35 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-16 02:35 . 2011-11-16 02:35 -------- d-----w- c:\program files\Avira
2011-11-16 02:13 . 2011-11-27 17:12 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\MotoCast
2011-11-16 02:12 . 2011-11-16 02:12 -------- d-----w- c:\program files\Motorola Mobility
2011-11-16 02:10 . 2011-10-03 07:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-15 22:40 . 2011-11-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Motorola Media Link
2011-11-15 22:38 . 2011-11-15 22:38 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
2011-11-14 23:29 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:17 . 2011-11-22 20:54 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-10 20:14 . 2011-11-27 17:12 -------- d-----w- c:\documents and settings\Kaunelis\.gstreamer-0.10
2011-11-10 20:13 . 2011-11-15 23:45 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Motorola
2011-11-10 20:13 . 2011-11-22 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-11-10 20:13 . 2011-11-10 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Motorola
2011-11-10 20:12 . 2009-07-10 18:01 25856 ----a-w- c:\windows\system32\drivers\motoandroid.sys
2011-11-10 20:12 . 2008-03-27 22:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-10 20:12 . 2011-11-10 20:12 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-11-10 20:11 . 2011-11-16 02:12 -------- d-----w- c:\program files\Motorola
2011-11-10 20:11 . 2011-11-16 02:11 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\Motorola
2011-11-06 13:49 . 2011-11-06 13:49 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\WBFSManager
2011-11-06 13:47 . 2011-11-15 23:18 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\AnvSoft
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\program files\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 02:25 . 2011-07-28 04:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-05-06 00:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2005-08-16 09:18 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2009-06-11 01:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 04:04 . 2011-06-23 14:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_04.48.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-11-27 17:08 . 2011-11-27 17:08 16384 c:\windows\TEMP\Perflib_Perfdata_b4.dat
- 2011-02-20 04:03 . 2011-02-20 04:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\system32\vcomp100.dll
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2005-08-17 02:06 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2005-08-17 02:06 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
- 2006-11-30 04:11 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2006-11-30 04:11 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
+ 2005-08-16 09:18 . 2011-11-24 15:08 80046 c:\windows\system32\perfc009.dat
- 2005-08-16 09:18 . 2011-11-24 04:34 80046 c:\windows\system32\perfc009.dat
+ 2006-06-29 13:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 13:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 22:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 22:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
- 2005-08-16 09:18 . 2007-08-13 22:01 48128 c:\windows\system32\mshtmler.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
- 2005-08-16 09:18 . 2007-08-13 22:32 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 16:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 02:03 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\system32\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\system32\mfc100rus.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\system32\mfc100chs.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 43520 c:\windows\system32\licmgr10.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 08:26 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2005-08-16 09:18 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2005-08-16 09:18 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 13:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 16:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2005-08-16 09:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2009-06-10 23:29 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-10 23:29 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-11-27 13:08 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-09-26 16:41 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2006-10-17 16:28 . 2007-08-13 22:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-10-17 16:28 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-11-27 13:08 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 16:56 . 2007-08-13 22:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-10-17 16:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-08 23:53 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 17:05 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-27 13:08 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 16:57 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2007-05-08 23:53 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-08 23:53 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 08:26 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-11-07 08:26 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-10-17 16:44 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2007-08-13 23:42 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-11-07 08:26 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2005-08-16 09:18 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2005-08-16 09:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2005-08-16 09:18 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
+ 2005-08-16 09:18 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2005-08-16 09:38 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2005-08-16 09:38 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 09:38 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 09:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 09:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-08-16 09:38 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-04-15 07:10 . 2011-04-15 07:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-11-24 14:58 . 2011-11-24 14:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-04 11:05 . 2011-11-24 15:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 11:05 . 2011-02-15 08:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-11-24 14:35 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-11-24 14:35 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
+ 2011-11-24 14:35 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
+ 2011-11-24 14:35 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-11-24 14:35 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-11-24 14:36 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-11-24 14:36 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-11-25 08:06 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2011-11-25 08:06 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2011-11-24 14:33 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 44544 c:\windows\ie8\pngfilt.dll
+ 2011-11-24 14:30 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
+ 2011-11-24 14:30 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
+ 2011-11-24 14:30 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-11-24 14:30 . 2011-08-17 21:32 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-11-24 14:30 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 27648 c:\windows\ie8\jsproxy.dll
+ 2011-11-24 14:30 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
+ 2011-11-24 14:30 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
+ 2011-11-24 14:30 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 44544 c:\windows\ie8\iernonce.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 78336 c:\windows\ie8\ieencode.dll
+ 2011-11-24 14:30 . 2011-08-17 12:21 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-11-24 14:30 . 2011-08-17 21:32 63488 c:\windows\ie8\icardie.dll
+ 2011-11-24 14:30 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 17408 c:\windows\ie8\corpol.dll
+ 2011-11-24 14:30 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll
+ 2011-11-24 14:07 . 2007-08-13 23:39 13312 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe
+ 2011-11-24 14:07 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll
+ 2011-11-24 14:07 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe
+ 2011-11-24 14:07 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll
+ 2011-11-24 14:07 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB2586448-IE7\corpol.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3916f409\System.Drawing.Design.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0817238e\CustomMarshalers.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_c5e4272f\System.Drawing.Design.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_3f6c70c8\CustomMarshalers.dll
+ 2011-11-24 14:59 . 2011-11-24 14:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e945a5f391364545485d15af876ab830\UIAutomationProvider.ni.dll
+ 2011-11-24 15:12 . 2011-11-24 15:12 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
+ 2011-11-24 15:34 . 2011-11-24 15:34 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-11-24 15:34 . 2011-11-24 15:34 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2011-11-24 15:09 . 2011-11-24 15:09 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-11-24 15:30 . 2011-11-24 15:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-08 07:03 . 2010-10-08 07:03 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-19 05:16 . 2011-08-16 10:45 6144 c:\windows\system32\dllcache\iecompat.dll
+ 2005-08-16 09:38 . 2011-07-12 23:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2005-08-16 09:38 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-11-24 14:37 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-16 10:49 . 2011-04-16 10:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-16 10:49 . 2011-04-16 10:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2006-11-30 03:25 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
- 2006-11-30 03:25 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
- 2005-08-16 09:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 09:18 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 916480 c:\windows\system32\wininet.dll
+ 2006-10-17 17:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2005-08-16 09:18 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2005-08-16 09:18 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
- 2005-08-16 09:18 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
- 2005-08-16 09:18 . 2011-11-24 04:34 463896 c:\windows\system32\perfh009.dat
+ 2005-08-16 09:18 . 2011-11-24 15:08 463896 c:\windows\system32\perfh009.dat
- 2005-08-16 09:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 09:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
- 2011-02-19 05:40 . 2011-02-19 05:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\system32\msvcr100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 421200 c:\windows\system32\msvcp100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\system32\msvcp100.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2005-08-16 09:18 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
- 2005-08-16 09:18 . 2007-08-13 22:54 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 02:03 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2008-08-05 21:55 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
- 2008-08-05 21:55 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2011-11-26 02:25 . 2011-11-26 02:25 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-26 02:25 . 2011-11-26 02:25 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2005-08-16 09:18 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2006-11-08 02:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2005-08-16 09:18 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2005-08-16 09:18 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2005-08-16 09:18 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2005-08-16 09:18 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2011-11-27 17:08 . 2011-11-27 17:08 307600 c:\windows\system32\FNTCACHE.DAT
- 2011-11-24 03:53 . 2011-11-24 03:53 307600 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:18 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll
- 2005-08-16 09:18 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2005-08-16 09:18 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
- 2005-08-16 09:37 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2005-08-16 09:37 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2005-08-16 09:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2005-08-16 09:18 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2005-08-16 09:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2005-08-16 09:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 02:03 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2005-08-16 09:18 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
- 2005-08-16 09:18 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2005-08-16 09:18 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2005-08-16 09:18 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2011-09-26 16:41 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2006-10-17 17:04 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-11-27 13:08 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-11-27 13:08 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2006-11-08 02:03 . 2007-08-13 22:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2006-11-08 02:03 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-08 23:53 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-13 04:11 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2005-08-16 09:18 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-08-14 21:32 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-14 21:32 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-10-17 17:04 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-10 23:29 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 23:29 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-11-27 13:08 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 10:13 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-09 10:13 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 08:27 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-08 23:53 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 08:25 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 08:26 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-27 13:08 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-11-27 13:08 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-11-27 13:08 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-11-27 13:08 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2005-08-16 09:18 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-11-07 08:26 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 138056 c:\windows\system32\atl100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\system32\atl100.dll
+ 2005-08-16 09:18 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2005-08-16 09:38 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2005-08-16 09:38 . 2011-07-05 20:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2005-08-16 09:38 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2005-08-16 09:38 . 2011-07-06 14:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2011-11-24 08:01 . 2011-11-24 08:01 223232 c:\windows\Installer\c20c4a.msi
+ 2011-11-24 14:38 . 2011-11-24 14:38 223744 c:\windows\Installer\22e1da4.msi
+ 2011-11-24 14:12 . 2011-11-24 14:12 467456 c:\windows\Installer\20ac340.msi
- 2006-11-27 13:24 . 2011-04-16 10:53 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-11-27 13:24 . 2011-11-24 14:56 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-11-27 13:24 . 2011-04-16 10:53 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-11-30 03:50 . 2011-04-16 10:52 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-11-30 03:50 . 2011-11-24 14:55 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-11-24 14:35 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-11-24 14:35 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2011-11-24 14:35 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
+ 2011-11-24 14:35 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-11-24 14:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-11-24 14:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
+ 2011-11-24 14:35 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-11-24 14:35 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-11-24 14:35 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-11-24 14:35 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-11-24 14:35 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-11-24 14:35 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-11-24 14:35 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-11-24 14:35 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-11-24 14:37 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2011-11-24 14:37 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2011-11-24 14:36 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-11-24 14:36 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-11-24 14:36 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-11-24 14:36 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-11-24 14:36 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-11-24 14:36 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-11-25 08:04 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-11-25 08:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-11-25 08:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-11-25 08:06 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-11-25 08:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2011-11-25 08:06 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2011-11-25 08:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-11-25 08:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-11-25 08:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2011-11-25 08:06 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 832512 c:\windows\ie8\wininet.dll
+ 2011-11-24 14:30 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-11-24 14:30 . 2011-08-17 21:32 233472 c:\windows\ie8\webcheck.dll
+ 2011-11-24 14:30 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2011-11-24 14:30 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 106496 c:\windows\ie8\url.dll
+ 2011-11-24 14:33 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-11-24 14:33 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-11-24 14:30 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-11-24 14:30 . 2011-08-17 21:32 102912 c:\windows\ie8\occache.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 671232 c:\windows\ie8\mstime.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 193024 c:\windows\ie8\msrating.dll
+ 2011-11-24 14:30 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 478720 c:\windows\ie8\mshtmled.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 468480 c:\windows\ie8\msfeeds.dll
+ 2011-11-24 14:30 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-11-24 14:30 . 2011-08-17 11:01 634632 c:\windows\ie8\iexplore.exe
+ 2011-11-24 14:30 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 268288 c:\windows\ie8\iertutil.dll
+ 2011-11-24 14:30 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 192512 c:\windows\ie8\iepeers.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 384512 c:\windows\ie8\iedkcs32.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-11-24 14:30 . 2011-08-17 11:00 161792 c:\windows\ie8\ieakui.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 230400 c:\windows\ie8\ieaksie.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 153088 c:\windows\ie8\ieakeng.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 214528 c:\windows\ie8\dxtrans.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 124928 c:\windows\ie8\advpack.dll
+ 2011-11-24 14:07 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB2586448-IE7\wininet.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB2586448-IE7\url.dll
+ 2011-11-24 14:07 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll
+ 2011-11-24 14:07 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe
+ 2011-11-24 14:07 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll
+ 2011-11-24 14:07 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe
+ 2011-11-24 14:07 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll
+ 2011-11-24 14:07 . 2007-08-13 22:54 191488 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll
+ 2011-11-24 14:07 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll
+ 2011-11-24 14:43 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-11-24 14:43 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2008-11-13 04:11 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-11-24 14:02 . 2011-11-24 14:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_293cf9eb\System.Drawing.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_04007fb5\System.Drawing.Design.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9e008b2a\CustomMarshalers.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_bd910821\System.Drawing.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-11-24 15:19 . 2011-11-24 15:19 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2011-11-24 15:12 . 2011-11-24 15:12 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2011-11-24 14:59 . 2011-11-24 14:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9da95d4a319b7271d1f05f61f4b744d6\UIAutomationTypes.ni.dll
+ 2011-11-24 15:12 . 2011-11-24 15:12 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2011-11-24 15:31 . 2011-11-24 15:31 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2011-11-24 15:31 . 2011-11-24 15:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
+ 2011-11-24 15:34 . 2011-11-24 15:34 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2011-11-24 15:34 . 2011-11-24 15:34 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-11-24 15:32 . 2011-11-24 15:32 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
+ 2011-11-24 15:06 . 2011-11-24 15:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f9eb3c7eebb63be5bd4b6350c037c9df\PresentationFramework.Classic.ni.dll
+ 2011-11-24 15:06 . 2011-11-24 15:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d4bf068c76bea484af0a8c596f5aeaa5\PresentationFramework.Aero.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2011-11-24 15:06 . 2011-11-24 15:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8ee8c616242ded2ac2f66a5505ef79de\PresentationFramework.Royale.ni.dll
+ 2011-11-24 15:06 . 2011-11-24 15:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6ca13ff0ee3c41c0485e6060df8b9c12\PresentationFramework.Luna.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-11-24 15:32 . 2011-11-24 15:32 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2011-11-24 15:30 . 2011-11-24 15:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 15:59 . 2011-01-11 15:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2005-08-16 09:18 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\system32\mfc100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4397384 c:\windows\system32\mfc100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\system32\mfc100.dll
+ 2006-10-17 16:57 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2006-09-06 04:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-10-14 18:29 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2005-08-16 09:18 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-11-27 13:08 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-08 23:53 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-08 23:53 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-04-29 02:50 . 2011-04-29 02:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 1232896  c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2005-08-16 09:38 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 09:38 . 2011-07-12 23:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 09:38 . 2011-07-05 20:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2005-08-16 09:38 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2005-08-16 09:38 . 2011-07-05 20:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2005-08-16 09:38 . 2011-07-12 23:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2005-08-16 09:38 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-05-02 05:06 . 2011-05-02 05:06 2705920 c:\windows\Installer\22e1e18.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\22e1e07.msp
+ 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\22e1dc0.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\22e1dab.msp
+ 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\22d5843.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\20ac3d3.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\20ac3ae.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\20ac399.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\20ac381.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\20ac36c.msp
+ 2011-11-03 18:31 . 2011-11-03 18:31 5525504 c:\windows\Installer\20ac354.msp
+ 2011-04-29 17:30 . 2011-04-29 17:30 1197056 c:\windows\Installer\20ac333.msp
+ 2011-11-26 02:30 . 2011-11-26 02:30 2295808 c:\windows\Installer\143246.msi
+ 2007-04-19 18:09 . 2007-04-19 18:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-11-24 14:35 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-11-24 14:35 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-11-24 14:35 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 1168896 c:\windows\ie8\urlmon.dll
+ 2011-11-24 14:30 . 2011-09-05 07:48 3615744 c:\windows\ie8\mshtml.dll
+ 2011-11-24 14:30 . 2011-08-17 21:32 6076416 c:\windows\ie8\ieframe.dll
+ 2011-11-24 14:30 . 2010-07-05 20:32 2452872 c:\windows\ie8\ieapfltr.dat
+ 2011-11-24 14:07 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
+ 2011-11-24 14:07 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll
+ 2011-11-24 14:07 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dat
+ 2011-11-24 14:01 . 2011-11-24 14:01 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fa97eb34\System.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2c168aa2\System.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_86fc19fd\System.Xml.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_67cf783f\System.Xml.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_67934666\System.Windows.Forms.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0ec5b384\System.Windows.Forms.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6bc48f74\System.Drawing.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e7d0d62e\System.Design.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a77831b0\System.Design.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f48117b8\mscorlib.dll
+ 2011-11-24 14:02 . 2011-11-24 14:02 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8a70ff5f\mscorlib.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_fa1a9ef8\System.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_cb7b79f7\System.Xml.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_b9f1e4d4\System.Windows.Forms.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_e38ffbc1\System.Design.dll
+ 2011-11-24 14:09 . 2011-11-24 14:09 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_26b06fec\mscorlib.dll
+ 2011-11-24 15:09 . 2011-11-24 15:09 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2011-11-24 15:12 . 2011-11-24 15:12 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2011-11-24 15:09 . 2011-11-24 15:09 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2011-11-24 15:12 . 2011-11-24 15:12 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
+ 2011-11-24 15:38 . 2011-11-24 15:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-11-24 15:37 . 2011-11-24 15:37 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
+ 2011-11-24 15:31 . 2011-11-24 15:31 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2011-11-24 15:30 . 2011-11-24 15:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2011-11-24 15:35 . 2011-11-24 15:35 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2011-11-24 15:09 . 2011-11-24 15:09 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
+ 2011-11-24 15:34 . 2011-11-24 15:34 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-11-24 15:33 . 2011-11-24 15:33 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-16 10:50 . 2011-04-16 10:50 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-24 15:08 . 2011-11-24 15:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-16 10:49 . 2011-04-16 10:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-24 15:07 . 2011-11-24 15:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-08 07:03 . 2010-10-08 07:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-11-24 14:01 . 2011-11-24 14:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-08 07:03 . 2010-10-08 07:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 20:18 . 2009-10-16 20:18 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-11-24 14:08 . 2011-11-24 14:08 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-11-30 03:22 . 2011-10-28 03:04 50295240 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll
+ 2007-05-08 23:53 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-13 03:49 . 2011-07-13 03:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\22e1e20.msp
+ 2011-11-24 14:59 . 2011-11-24 14:59 20333568 c:\windows\Installer\22e1e12.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\22e1def.msp
+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\22e1dda.msp
+ 2011-07-12 20:50 . 2011-07-12 20:50 17555968 c:\windows\Installer\20ac32c.msp
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\143247.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-11-24 14:35 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-11-24 14:36 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2011-11-24 15:36 . 2011-11-24 15:36 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
+ 2011-11-24 15:32 . 2011-11-24 15:32 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
+ 2011-11-24 15:11 . 2011-11-24 15:11 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2011-11-24 15:10 . 2011-11-24 15:10 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2011-11-24 15:09 . 2011-11-24 15:09 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-11-24 14:53 . 2011-11-24 14:53 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-11-22 1704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-11 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"ISW"="" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-11-22 1704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-27 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-04 04:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/15/2011 9:35 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/9/2010 12:21 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/15/2011 9:35 PM 86224]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [11/19/2011 1:45 PM 87368]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [11/14/2011 2:44 PM 218992]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [6/5/2011 1:49 PM 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 11:39 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/10/2011 3:12 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [1/24/2010 12:31 PM 38656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006Core.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006UA.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-11-26 c:\windows\Tasks\MotoCast Update.job
- c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2011-11-16 18:42]
.
2011-11-22 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-11-14 19:44]
.
2011-11-26 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-11-14 19:44]
.
2011-11-22 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-11-14 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111028&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(824)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-27 12:35:04
ComboFix-quarantined-files.txt 2011-11-27 17:34
ComboFix2.txt 2011-11-24 04:56
.
Pre-Run: 47,041,613,824 bytes free
Post-Run: 47,025,823,744 bytes free
.
- - End Of File - - AFF9414FE928D1E7C8319CDA713E61D3


----------



## kevinf80 (Mar 21, 2006)

Run the following ;-

*Step 1*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*Step 2*

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see those two logs, also give update on current issues/concerns...

Kevin


----------



## mister_d (Nov 25, 2011)

> Let me see those two logs, also give update on current issues/concerns...
> 
> Kevin


Well, over the last 24hrs or so it seems like the computer is better but the browsers IE and FF aren't. Specifically, one example is that they are having trouble opening multiple tabs. When I went to go the ESET site (using IE), the window popped open but the info wasn't loading in it. I had to close them all and reload the webpages. It happens less with IE than FF but it still happens quite often. Also, when using FF to view these forums, our conversation text is bleeding into the ads on the right side of the page. Lastly, FF is continuously being made my secondary browser instead of the default. I've made the choice and/or clicked the box to have FF be the default several times now but just like my wife it refuses to listen(;

I already had MBAM on the computer but I went ahead and updated it before running the scan. Before heading to this site for assistance I had run the program and had it take care of (quarantine?) the problems it found. Not sure if that was important info you would need or not but wanted to make sure you had all the cards on the table.

Thanks for all of your help, Kevin. I wanted to make sure you know that I appreciate you taking the time out of your day to do this I'll be able to check back in tomorrow afternoon/evening to see if you had a chance to look at this stuff.

------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8254
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/27/2011 8:05:28 PM
mbam-log-2011-11-27 (20-05-28).txt
Scan type: Quick scan
Objects scanned: 184342
Time elapsed: 15 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

--------------------------------------------------------------------
eset log

C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pptextlinks.jar Win32/Adware.Gamevance.Gen application


----------



## kevinf80 (Mar 21, 2006)

Anytime you run Combofix it will make IE your default browser.

OK run this please;

Please download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2* 
Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator

*Copy* the text between the dotted lines below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):

-------------------------------------------------------------------
* 
:Files
ipconfig /flushdns /c
C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pptextlinks.jar
:Commands
[emptyjava]
[emptyflash]
[EmptyTemp]
[Reboot]
*
---------------------------------------------------------------------

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Make FireFox your default browser again, Run FF select "Help" above the tool bar, select the option to "restart with addons disabled" how does FF respond now, any change/improvement?

Let me see the log from OTM, tell me if FF improved with addons disabled...

Regarding the text bleeding into the adverts here at TSG, i`m unsure about that, lets see if it changes...

Kevin.


----------



## mister_d (Nov 25, 2011)

Firefox is still freezing when trying to open a second tab however it may have been a little faster. After running the program I went back to this thread and tried opening the OTL link but FF froze and I had to close it. IE will open another tab but it has the bleeding effect also. I've attached a screen shot.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Kaunelis\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kaunelis\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pptextlinks.jar moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kaunelis
->Java cache emptied: 1459761 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: Kaunelis
->Flash cache emptied: 42107 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2945761 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Kaunelis
->Temp folder emptied: 7277414 bytes
->Temporary Internet Files folder emptied: 3615081 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32847355 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 990648 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 992632 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3265921 bytes
%systemroot%\System32 .tmp files removed: 2582 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1118268 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 11282011_164002
Files moved on Reboot...
C:\Documents and Settings\Kaunelis\Local Settings\Temporary Internet Files\Content.IE5\RHGBFPB6\google_com[1].htm moved successfully.
C:\Documents and Settings\Kaunelis\Local Settings\Temporary Internet Files\Content.IE5\HO8QE84R\1028394-trojan-2[1].html moved successfully.
C:\Documents and Settings\Kaunelis\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\ZLT062d3.TMP not found!
Registry entries deleted on Reboot...


----------



## mister_d (Nov 25, 2011)

oops .. here


----------



## mister_d (Nov 25, 2011)

screen shot of the forum using FF


----------



## kevinf80 (Mar 21, 2006)

I`m unsure what the bleed effect is or how it happens, that must be a techniccal issue. Leave that for now. Can you Uninstall Zonealarm Firewall and see if that cures FF freezing


----------



## mister_d (Nov 25, 2011)

I uninstalled zonealarm but I'm still getting the same problem. When I restarted the computer I had a Microsoft yellow shield in the system tray that usually indicates an update but then it disappeared suddenly... maybe it's nothing but I figured I'd mention it since it's out of the ordinary.


----------



## kevinf80 (Mar 21, 2006)

Did you start FireFox with all addons disabled?


----------



## mister_d (Nov 25, 2011)

I'm at work but wanted to respond... yes I had them disabled and I also clicked a couple other boxes but can't recall what exactly they said. Evert time Firefox starts I get the beginner welcome to Firefox tabs.


----------



## kevinf80 (Mar 21, 2006)

Run DDS again please :-


Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*

Kevin


----------



## mister_d (Nov 25, 2011)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Kaunelis at 16:30:46 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.551 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164855826162
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211778946000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kaunelis\application data\mozilla\firefox\profiles\bpp3g2ph.default\
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kaunelis\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-15 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-9 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-15 74640]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-11-19 87368]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-11-14 218992]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-6-5 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2010-1-24 38656]
.
=============== Created Last 30 ================
.
2011-11-28 21:40:02 -------- d-----w- C:\_OTM
2011-11-28 01:15:06 -------- d-----w- c:\program files\ESET
2011-11-26 02:31:54 -------- d-----w- c:\program files\Defraggler
2011-11-24 14:30:21 -------- dc-h--w- c:\windows\ie8
2011-11-24 09:40:42 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40:40 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39:42 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11:44 -------- d-----w- c:\windows\system32\NtmsData
2011-11-24 04:03:57 -------- d-sha-r- C:\cmdcons
2011-11-24 04:01:30 98816 ----a-w- c:\windows\sed.exe
2011-11-24 04:01:30 518144 ----a-w- c:\windows\SWREG.exe
2011-11-24 04:01:30 256000 ----a-w- c:\windows\PEV.exe
2011-11-24 04:01:30 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 22:22:49 -------- d-----w- c:\documents and settings\kaunelis\application data\CheckPoint
2011-11-22 22:21:45 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-22 22:17:56 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03:29 388096 ----a-r- c:\documents and settings\kaunelis\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-22 20:56:47 -------- d-----w- C:\Binaries
2011-11-22 20:56:29 -------- d-----w- c:\program files\Motorola Media Link
2011-11-16 02:35:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-16 02:35:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-16 02:35:52 -------- d-----w- c:\program files\Avira
2011-11-16 02:13:17 -------- d-----w- c:\documents and settings\kaunelis\application data\MotoCast
2011-11-16 02:12:09 -------- d-----w- c:\program files\Motorola Mobility
2011-11-16 02:10:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-15 22:40:26 -------- d-----w- c:\documents and settings\all users\application data\Motorola Media Link
2011-11-15 22:38:13 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Downloaded Installations
2011-11-14 23:29:41 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:14:54 -------- d-----w- c:\documents and settings\kaunelis\.gstreamer-0.10
2011-11-10 20:13:49 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Motorola
2011-11-10 20:13:11 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-11-10 20:13:08 -------- d-----w- c:\documents and settings\all users\application data\Motorola
2011-11-10 20:12:48 25856 ----a-w- c:\windows\system32\drivers\motoandroid.sys
2011-11-10 20:12:48 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-10 20:12:19 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-10 20:11:53 -------- d-----w- c:\program files\Motorola
2011-11-10 20:11:53 -------- d-----w- c:\documents and settings\kaunelis\application data\Motorola
2011-11-06 13:49:29 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\WBFSManager
2011-11-06 13:47:05 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39:54 -------- d-----w- c:\documents and settings\kaunelis\application data\AnvSoft
2011-11-05 15:39:25 -------- d-----w- c:\program files\AnvSoft
.
==================== Find3M ====================
.
2011-11-26 02:25:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:33:14.90 ===============

-------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2006 8:48:57 PM
System Uptime: 11/28/2011 8:47:45 PM (20 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 43.633 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01ED1028&REV_02\4&DC268A3&0&3880
Service: bcm4sbxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\82D2ECE9D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\82D2ECE9D100
Service: NIC1394
.
==== System Restore Points ===================
.
RP390: 11/16/2011 3:01:30 PM - Installed MotoCast
RP391: 11/17/2011 11:17:58 PM - System Checkpoint
RP392: 11/18/2011 11:23:26 PM - System Checkpoint
RP393: 11/20/2011 12:18:13 AM - System Checkpoint
RP394: 11/20/2011 8:28:50 PM - Installed Windows XP KB915865.
RP395: 11/20/2011 8:30:04 PM - Installed Windows NLSDownlevelMapping.
RP396: 11/20/2011 8:30:32 PM - Installed Windows IDNMitigationAPIs.
RP397: 11/20/2011 8:31:02 PM - Installed Windows Internet Explorer 7.
RP398: 11/22/2011 6:58:53 AM - System Checkpoint
RP399: 11/22/2011 3:53:21 PM - Installed MotoCast
RP400: 11/22/2011 4:03:26 PM - Installed HiJackThis
RP401: 11/23/2011 7:24:37 PM - System Checkpoint
RP402: 11/24/2011 3:00:36 AM - Software Distribution Service 3.0
RP403: 11/24/2011 8:59:16 AM - Software Distribution Service 3.0
RP404: 11/25/2011 3:00:20 AM - Software Distribution Service 3.0
RP405: 11/25/2011 9:18:46 PM - Removed Logitech Desktop Messenger
RP406: 11/25/2011 9:27:51 PM - Removed Adobe Reader 9.4.6.
RP407: 11/25/2011 9:28:55 PM - Installed Adobe Reader X (10.1.1).
RP408: 11/26/2011 9:03:33 AM - OTL Restore Point - 11/26/2011 9:03:25 AM
RP409: 11/27/2011 2:03:02 PM - System Checkpoint
RP410: 11/28/2011 2:07:50 PM - System Checkpoint
RP411: 11/29/2011 2:52:14 PM - System Checkpoint
.
==== Installed Programs ======================
.
3D Groove Playback Engine
3DVIA player 5.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Any Video Converter 3.3.0
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CloneCD
CloneDVD2
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Defraggler
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DellConnect
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Flick 1.3.0.7
ESET Online Scanner v3
Facebook Plug-In
Games, Music, & Photos Launcher
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB954550-v5)
ImageMixer for Sony
ImgBurn
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Junior Plugin
LeapFrog Tag Plugin
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Office Sounds
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Works
MicroStaff WINASPI
Miro
MobileMe Control Panel
Modem Diagnostic Tool
Monopoly by Parker Brothers
MotoCast
MotoHelper 2.1.26 Driver 5.3.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.3.0
Move Networks Media Player for Internet Explorer
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 3.0
Otto
Photo Viewer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony USB Driver
SUPERAntiSpyware Free Edition
swMSM
Tux Paint 0.9.20b
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC 9.0 Runtime
VirtualCloneDrive
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/28/2011 4:40:08 PM, error: Service Control Manager [7034] - The DeviceMonitorService service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:08 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:07 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/28/2011 4:40:06 PM, error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:06 PM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/27/2011 11:32:38 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BRI-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F80434DD-6130-4C6. The master browser is stopping or an election is being forced.
11/24/2011 9:40:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/24/2011 9:33:34 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2011 9:33:29 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/24/2011 9:33:21 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2011 12:45:01 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2011 12:45:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
11/24/2011 12:45:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
11/23/2011 10:51:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/23/2011 10:23:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avipbb avkmgr ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip Vsdatant
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 1:45:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
11/23/2011 1:08:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
11/22/2011 6:12:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2011 6:11:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

I`m not seeing any malware in your logs, you say IE works OK tab wise, is that correct. Firefox has the issue with the tabs and freezes if you open more than one, is that correct.
The bleeding issue you mention I have no idea what is happening there, but think that is something we can take up after we get FF sorted out.

Was there any software installed or any changes made prior to the issue with FF. If not can you UNinstall then reinstall FF and see if we see an improvement.

Kevin


----------



## mister_d (Nov 25, 2011)

The most recent software was MotoCast from Motorola. It's software for my new Droid Razr which allows me to access info on my home computer from the cell phone. We had trouble getting the software loaded so I uninstalled IE 8 and loaded 7 instead. Everything was working great for what seemed like awhile .. maybe a week?

I'll uninstall that program, IE, and FF, reinstall each and then let you know what's up.


----------



## kevinf80 (Mar 21, 2006)

Yes do that please, uninstall the application first, then try your browsers. If you still have issues re-run DDS and post the DDS.txt and i`ll see if there are any remnants from the suspect application still running...
I`m still at a loss with the bleeding issue, lets get the tab problem done first..

Thanks,

Kevin


----------



## mister_d (Nov 25, 2011)

OK .. Firefox is locking up when I'm trying to save bookmarks even. Maybe its because I went to their new version. Hopefully ie has them too.


----------



## kevinf80 (Mar 21, 2006)

When you uninstall firefox i`m sure it asks if you want to clear profile, bookmarks etc. just say no.


----------



## mister_d (Nov 25, 2011)

yup so it saved them all ... however it's still locking up

I uninstalled MotoCast and Firefox, reinstalled FF and a quick test showed no change): I'm going to uninstall IE now.


----------



## kevinf80 (Mar 21, 2006)

Re-run DDS and post DDS.txt, there maybe remnants of Motocast still running after the uninstall...


----------



## mister_d (Nov 25, 2011)

Reinstalled IE, shut it down, and Firefox is still sucking):

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Kaunelis at 20:10:17 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.502 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164855826162
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211778946000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F80434DD-6130-4C63-ACE2-4DDCB1A21A93} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kaunelis\application data\mozilla\firefox\profiles\bpp3g2ph.default\
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\kaunelis\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kaunelis\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-15 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-9 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-15 74640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-6-5 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2010-1-24 38656]
.
=============== Created Last 30 ================
.
2011-11-30 00:38:10 -------- dc-h--w- c:\windows\ie8
2011-11-29 23:18:20 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-28 21:40:02 -------- d-----w- C:\_OTM
2011-11-28 01:15:06 -------- d-----w- c:\program files\ESET
2011-11-26 02:31:54 -------- d-----w- c:\program files\Defraggler
2011-11-24 09:40:42 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40:40 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39:42 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11:44 -------- d-----w- c:\windows\system32\NtmsData
2011-11-24 04:03:57 -------- d-sha-r- C:\cmdcons
2011-11-24 04:01:30 98816 ----a-w- c:\windows\sed.exe
2011-11-24 04:01:30 518144 ----a-w- c:\windows\SWREG.exe
2011-11-24 04:01:30 256000 ----a-w- c:\windows\PEV.exe
2011-11-24 04:01:30 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 22:22:49 -------- d-----w- c:\documents and settings\kaunelis\application data\CheckPoint
2011-11-22 22:21:45 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-22 22:17:56 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03:29 388096 ----a-r- c:\documents and settings\kaunelis\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-16 02:35:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-16 02:35:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-16 02:35:52 -------- d-----w- c:\program files\Avira
2011-11-16 02:10:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-15 22:40:26 -------- d-----w- c:\documents and settings\all users\application data\Motorola Media Link
2011-11-15 22:38:13 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Downloaded Installations
2011-11-14 23:29:41 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:14:54 -------- d-----w- c:\documents and settings\kaunelis\.gstreamer-0.10
2011-11-10 20:13:49 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\Motorola
2011-11-10 20:13:11 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-11-10 20:13:08 -------- d-----w- c:\documents and settings\all users\application data\Motorola
2011-11-10 20:12:48 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-10 20:12:19 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-10 20:11:53 -------- d-----w- c:\program files\Motorola
2011-11-10 20:11:53 -------- d-----w- c:\documents and settings\kaunelis\application data\Motorola
2011-11-06 13:49:29 -------- d-----w- c:\documents and settings\kaunelis\local settings\application data\WBFSManager
2011-11-06 13:47:05 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39:54 -------- d-----w- c:\documents and settings\kaunelis\application data\AnvSoft
2011-11-05 15:39:25 -------- d-----w- c:\program files\AnvSoft
.
==================== Find3M ====================
.
2011-11-26 02:25:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:12:51.12 ===============

----------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2006 8:48:57 PM
System Uptime: 11/29/2011 7:55:00 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 43.503 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP396: 11/20/2011 8:30:32 PM - Installed Windows IDNMitigationAPIs.
RP397: 11/20/2011 8:31:02 PM - Installed Windows Internet Explorer 7.
RP398: 11/22/2011 6:58:53 AM - System Checkpoint
RP399: 11/22/2011 3:53:21 PM - Installed MotoCast
RP400: 11/22/2011 4:03:26 PM - Installed HiJackThis
RP401: 11/23/2011 7:24:37 PM - System Checkpoint
RP402: 11/24/2011 3:00:36 AM - Software Distribution Service 3.0
RP403: 11/24/2011 8:59:16 AM - Software Distribution Service 3.0
RP404: 11/25/2011 3:00:20 AM - Software Distribution Service 3.0
RP405: 11/25/2011 9:18:46 PM - Removed Logitech Desktop Messenger
RP406: 11/25/2011 9:27:51 PM - Removed Adobe Reader 9.4.6.
RP407: 11/25/2011 9:28:55 PM - Installed Adobe Reader X (10.1.1).
RP408: 11/26/2011 9:03:33 AM - OTL Restore Point - 11/26/2011 9:03:25 AM
RP409: 11/27/2011 2:03:02 PM - System Checkpoint
RP410: 11/28/2011 2:07:50 PM - System Checkpoint
RP411: 11/29/2011 2:52:14 PM - System Checkpoint
RP412: 11/29/2011 6:17:41 PM - Removed MotoCast
RP413: 11/29/2011 7:14:51 PM - Removed LeapFrog Leapster2 Plugin
RP414: 11/29/2011 7:40:21 PM - Installed Windows Internet Explorer 8.
RP415: 11/29/2011 7:41:47 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3D Groove Playback Engine
3DVIA player 5.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Any Video Converter 3.3.0
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CloneCD
CloneDVD2
CloneDVDmobile
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Defraggler
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
DellConnect
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Flick 1.3.0.7
ESET Online Scanner v3
Facebook Plug-In
Games, Music, & Photos Launcher
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
ImageMixer for Sony
ImgBurn
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LeapFrog Connect
LeapFrog Tag Junior Plugin
LeapFrog Tag Plugin
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Office Sounds
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Works
MicroStaff WINASPI
Miro
MobileMe Control Panel
Modem Diagnostic Tool
Monopoly by Parker Brothers
MotoHelper MergeModules
Move Networks Media Player for Internet Explorer
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 3.0
Otto
Photo Viewer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony USB Driver
SUPERAntiSpyware Free Edition
swMSM
Tux Paint 0.9.20b
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Media Player 10 (KB910393)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VC 9.0 Runtime
VirtualCloneDrive
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7034] - The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:15 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/28/2011 4:40:08 PM, error: Service Control Manager [7034] - The DeviceMonitorService service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:08 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:07 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/28/2011 4:40:06 PM, error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 4:40:06 PM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/27/2011 11:32:38 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BRI-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F80434DD-6130-4C6. The master browser is stopping or an election is being forced.
11/24/2011 9:40:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/24/2011 9:33:34 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/24/2011 9:33:29 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/24/2011 9:33:21 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/24/2011 12:45:01 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/24/2011 12:45:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
11/24/2011 12:45:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
11/23/2011 11:30:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
11/23/2011 10:52:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/23/2011 10:52:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/23/2011 10:51:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/23/2011 10:23:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avipbb avkmgr ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip Vsdatant
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 10:23:55 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/23/2011 1:45:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
.
==== End Of File ===========================


----------



## mister_d (Nov 25, 2011)

I was playing around with firefox and noticed that a new tab will open alright if it's just another site. However, if the new tab is being opened to download something FF is freezing.


----------



## kevinf80 (Mar 21, 2006)

OK remove the remnants of motorola and see if that helps;

Please download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2* 
Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator

*Copy* the text between the dotted lines below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):

-------------------------------------------------------------------
* 
:Services
motccgp
motccgpfl
motusbdevice
:Files
c:\program files\motorola mobility
c:\windows\system32\drivers\motccgp.sys
c:\windows\system32\drivers\motccgpfl.sys
c:\windows\system32\drivers\motusbdevice.sys
c:\documents and settings\all users\application data\Motorola Media Link
c:\documents and settings\kaunelis\local settings\application data\Motorola
c:\documents and settings\all users\application data\Motorola
c:\program files\common files\Motorola Shared
c:\program files\Motorola
c:\documents and settings\kaunelis\application data\Motorola
:Reg
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"=-
:commands
[EmptyTemp]
*
---------------------------------------------------------------------

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.


----------



## mister_d (Nov 25, 2011)

ugh ... it's still not working correctly

I tried running FF normally and by disabling the add-ons and it locked up both times. My test was to click the OTL download link you had on the second page of this thread. Instantly after clicking the link the tab opens and closes and then I get (not responding) listed at the top next to the Firefox label.

All processes killed
========== SERVICES/DRIVERS ==========
Service motccgp stopped successfully!
Service motccgp deleted successfully!
Service motccgpfl stopped successfully!
Service motccgpfl deleted successfully!
Service motusbdevice stopped successfully!
Service motusbdevice deleted successfully!
========== FILES ==========
File/Folder c:\program files\motorola mobility not found.
File/Folder c:\windows\system32\drivers\motccgp.sys not found.
File/Folder c:\windows\system32\drivers\motccgpfl.sys not found.
File/Folder c:\windows\system32\drivers\motusbdevice.sys not found.
c:\documents and settings\all users\application data\Motorola Media Link\Launch folder moved successfully.
c:\documents and settings\all users\application data\Motorola Media Link folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\ThumbCache folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Temp folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\SyncData folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Video\1 folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Video folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Podcast\1 folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Podcast folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Photo\1 folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Photo folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Music\1 folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018\Music folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist\20111116164018 folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Playlist folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Media folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Log folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Database folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite\Artwork folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola\Motorola Media Link Lite folder moved successfully.
c:\documents and settings\kaunelis\local settings\application data\Motorola folder moved successfully.
c:\documents and settings\all users\application data\Motorola\SUE\ServerLog folder moved successfully.
c:\documents and settings\all users\application data\Motorola\SUE\Firmwares folder moved successfully.
c:\documents and settings\all users\application data\Motorola\SUE\DeviceList folder moved successfully.
c:\documents and settings\all users\application data\Motorola\SUE folder moved successfully.
c:\documents and settings\all users\application data\Motorola\Nero\PCLite\Update folder moved successfully.
c:\documents and settings\all users\application data\Motorola\Nero\PCLite\DeviceList folder moved successfully.
c:\documents and settings\all users\application data\Motorola\Nero\PCLite folder moved successfully.
c:\documents and settings\all users\application data\Motorola\Nero folder moved successfully.
c:\documents and settings\all users\application data\Motorola\Motorola Media Link folder moved successfully.
c:\documents and settings\all users\application data\Motorola folder moved successfully.
c:\program files\common files\Motorola Shared\Mobile Drivers folder moved successfully.
c:\program files\common files\Motorola Shared folder moved successfully.
c:\program files\Motorola\MOTOACTV folder moved successfully.
c:\program files\Motorola folder moved successfully.
c:\documents and settings\kaunelis\application data\Motorola\Nero\motorola media link\Update folder moved successfully.
c:\documents and settings\kaunelis\application data\Motorola\Nero\motorola media link folder moved successfully.
c:\documents and settings\kaunelis\application data\Motorola\Nero folder moved successfully.
c:\documents and settings\kaunelis\application data\Motorola\MotoHelper folder moved successfully.
c:\documents and settings\kaunelis\application data\Motorola folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MotoCast deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kaunelis
->Temp folder emptied: 1476832 bytes
->Temporary Internet Files folder emptied: 3380714 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32795698 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 991432 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 992632 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16883056 bytes

Total Files Cleaned = 54.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 11292011_213008
Files moved on Reboot...
Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Is that the only link FF locks up on, OTM appears to have come in OK. Can you tell what issues remain now.

IE, does this open and run OK, can you use multiple tabs

FF, does this open and run OK, can you use multiple tabs,try to download the following:

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*


----------



## mister_d (Nov 25, 2011)

Alright, Kevin, I tried both links with both browsers.

IE opens both just fine however, safe mode or not, FF wouldn't open either.


----------



## kevinf80 (Mar 21, 2006)

OK, TFC is from the same developer, url links are similar so maybe thst is the only issue we have. OK lets try d/l some thing else through FF and see if it comes in.

See if *CCleaner* installer will d/l with FF

Can you confirm Internet explorer is behaving normally..

Kevin


----------



## mister_d (Nov 25, 2011)

Internet Explorer seems to be working great if not even better than it used to. I switched over to using firefox full time because IE was always so slow.

FF on the other hand isn't working any better even with trying a different developer's software download. I followed the CCleaner in new tabs all the way to the point on filehippo's site "download newest version" which is where it froze. So opening new tabs isn't the problem if I'm just going site to site, but if the new tab is choosing to d/l then it freezes.


----------



## mister_d (Nov 25, 2011)

I should add that when I click on "tools" and then "options" FF is also locking up. I just noticed that this morning. I was trying to go in and change it so that FF deletes all history everytime it closes but I can't get in to do so. Unless I choose to run in "safe mode" FF wants to try and "restore" my last session.


----------



## mister_d (Nov 25, 2011)

I tried downloading the last version of FF that they are still supporting but it's still locking up both normally and in safe mode):


----------



## kevinf80 (Mar 21, 2006)

OK, run the following:

Please download* GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista & Win 7).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Let me see that log,


----------



## mister_d (Nov 25, 2011)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:48 on 30/11/2011 (Kaunelis)
Firefox version 3.6.24 (en-US)
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [18:13 30/11/2011]
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [02:50 16/11/2011]
C:\Documents and Settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\bpp3g2ph.default\extensions\
[email protected] [15:45 16/01/2011]
[email protected] [17:16 31/10/2010]
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [22:37 30/08/2011]
{20a82645-c095-46ed-80e3-08825760534b} [22:46 27/04/2010]
{e001c731-5e37-4538-a5cb-8168736a2360} [20:23 29/07/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:06 21/08/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:10 16/11/2011]
-=E.O.F=-


----------



## kevinf80 (Mar 21, 2006)

There is nothing in that log to explain the issue you currently have with FF. If Internet Explorer has all bookmarks similar to Firefox SAVED, do a clean install of Firefox.
Uninstall FireFox again, when it asks if you want to save anything, bookmarks etc say No. Then re-install. You can copy the bookmarks back over from IE....
See how it responds...


----------



## mister_d (Nov 25, 2011)

I uninstalled FF, rebooted the computer, ran CCleaner, rebooted the computer again, installed the newest version of FF, rebooted the computer and then tried to open the goored link you posted and once again the browser locked up (sand timer appears and never goes away and the title at the top says "not responding").


----------



## mister_d (Nov 25, 2011)

I forgot I had Chrome installed on this computer too... I tried it and it did fine.

I was searching around and came across this page. It sounds very similar to my issue but they might as well be speaking Chinese because it doesn't make any sense to me.
http://support.mozilla.com/en-US/questions/886206#answer-260611


----------



## kevinf80 (Mar 21, 2006)

Basically the link you gave is blaming system security app Trusteer Rapport, that appears to be the reason for one person. Do you have that application installed?
I do not believe your problem is malware related, it must be either a software clash or a security issue such as above or even your own AV program.
Boot into Safe Mode with Networking, Re-boot and continuously Tap the F8 key, when you see the Windows Advanced Menu select "Safe Mode with Networking"

Try FF and see how it responds, if it still freezes turn off your AV program and try to d/l CCleaner, Turn security straight back on.

Doe that make any difference?

Kevin


----------



## mister_d (Nov 25, 2011)

Last night I uninstalled Miro and Java .. two programs that had been recently updated or added but in the end nothing changed.

Followed your advice right before I left for work this am. In safe mode Avira didn't turn on in the tray and when I went to it in programs it was turned off already. Either way, FF acted the same as before


----------



## kevinf80 (Mar 21, 2006)

OK, do the folowing:

Go to ADD/Remove Programs and remove/uninstall *Mozilla Firefox* Next,

Navaigate to C:\Program Files > Delete *Mozilla Firefox* folder. Next,

Select > Start > Run > In the open box type *regedit* then tap enter. The registry Editor will open, expand the following:
HKey_ Current User > Software > Right click on *Mozilla* folder and select *delete* Collapse that branch.

Expand the following:
HKey_Local_Machine > Software > Rightclick on each *Mozilla* folder and select *delete* Collapse that branch and close Registry Editor.

Download the following through IE or Chrome, your choice.

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run*

Once you are that far reply back and let me know how your system is responding, do not install FF yet.

Kevin


----------



## mister_d (Nov 25, 2011)

Everything seems to be as it should except IE isn't behaving 100% when clicking on links. If I right click the link and choose to "open in new tab" the tab opens sometimes and other times it doesn't. Also, a few occassions, a whole new window opened and went to my home page (google). However, unlike previously with FF, IE has no problems with downloading.


----------



## mister_d (Nov 25, 2011)

I was going to kill some time by going to "games" but the folder is empty... guess that would qualify as the system isn't ok like I thought, lol.

Guess I rushed my response... my laser printer is showing as "offline" in my system tray whereas it is always normally on. However, it prints just fine.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the feedback, I want to be absolutely sure we are not dealing with any Malware issues. Do you have access to a known clean PC. if so do the following:

The process is very simple and easy to follow. One stipulation that must be followed. The CD must be created on a known clean PC, from the same PC print off the instruction, they really are very easy to follow. All you need is a blank writable CD, everything else is included in the tutorial. Obviously the PC must have a burner.
All instructions are available here *Avira Rescue System* Read through the instructions a couple of times to familiarize yourself with them, create the CD and print off the instruction. It will be to your advantage to have the instructions available during the process.

When complete post back to this thread in the forum and let me know the outcome, If you cannot do that I have another procedure to try but that will mean a change of security application.

Kevin


----------



## mister_d (Nov 25, 2011)

Windows Media Player has also disappeared): I'll be over here in the corner playing on the phone instead.


----------



## mister_d (Nov 25, 2011)

kevinf80 said:


> Thanks for the feedback, I want to be absolutely sure we are not dealing with any Malware issues. Do you have access to a known clean PC. if so do the following:
> 
> The process is very simple and easy to follow. One stipulation that must be followed. The CD must be created on a known clean PC, from the same PC print off the instruction, they really are very easy to follow. All you need is a blank writable CD, everything else is included in the tutorial. Obviously the PC must have a burner.
> All instructions are available here *Avira Rescue System* Read through the instructions a couple of times to familiarize yourself with them, create the CD and print off the instruction. It will be to your advantage to have the instructions available during the process.
> ...


I have 2 laptops and I'm almost positive they're clean. I haven't had any issues with them and nothing has ever given me a reason to think they're not ok. I'll post back when done.


----------



## kevinf80 (Mar 21, 2006)

You`ve lost me off with that reply about playing with your phone


----------



## mister_d (Nov 25, 2011)

sorry - I was joking about how I kept finding things wrong - I sarcastically meant that if I don't look for more problems then they won't exist - ignorance is bliss

I checking this site now using the laptop. I wanted to make sure the FF on this computer is acting ok which it appears to be.


----------



## kevinf80 (Mar 21, 2006)

OK, maybe we should both play with our phones lol...


----------



## mister_d (Nov 25, 2011)

I'm downloading the recovery tool now. It seems like it's taking forever. I'm at 60% and it says that it has 16 minutes remaining. The file is only 239MB.. isn't that fairly small to be taking so long? I'm at about 80ish kb/sec.


----------



## mister_d (Nov 25, 2011)

I'm running the tool now and it's working well. So far it's found several alerts and one detection which looks to be a trojan that has renamed itself to appear like an Avira AV file. I'll post the log when it's done.


----------



## kevinf80 (Mar 21, 2006)

OK, I`m in the UK, its midnight local time for me so i`ll have to pick this up later. I`ve had a few late ones recently. If Avira is infected you will have to uninstall it, When complete run the tool available *Here* scroll to avira, read the info and use the tool.

If you do have to remove Avira do the following:

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go *Here* and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know if MSE finds anything, you`ll not get a log as such but can check the history tab from the main interface...

Gudnite zzzzzzzzzzzzzzzz


----------



## mister_d (Nov 25, 2011)

Thanks for hanging and helping even this late, Kevin. I'll look forward to hearing from you tomorrow


----------



## mister_d (Nov 25, 2011)

Ok, after the CD boot scan, I ran the uninstaller and then I ran the extra download. I then installed the MS Security Essentials which then ran it's scan. In the History folder, the scan didn't find anything.

I was thinkng that everything was great so I downloaded FF... same exact problems):


----------



## kevinf80 (Mar 21, 2006)

SIGH, did you save the scan report from Avira recue scan, can you post it.... Are there any issues with IE or Chrome


----------



## mister_d (Nov 25, 2011)

Yeah, my thoughts exactly.

I saved the log from Avira on "/Computer" which was one of two choices. The other was "/Media" and that didn't sound right. When I booted back to windows I couldn't find the .log file though. I ran a search but it came up empty. I assumed that it wasn't a file they wanted me messing with if they hid it that well. Now that Avira was removed from the system will booting from the CD do any good - like if I tried to run it again?

Last night I had MS Security Essentials run it's nightly full scan. It found a file that looked suspicious but wasn't classified as being harmful (can't remember the exact words) so it was sending it on to Microsoft. I didn't pay much attention to it because I thought it would show in the "History" tab but it's not showing up.


----------



## mister_d (Nov 25, 2011)

I forgot to mention that IE and Chrome seem to be fine but I've only quickly checked.


----------



## kevinf80 (Mar 21, 2006)

OK, lets give Combofix another whirl, I want to be absolutely certain this is not a Malware issue...

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...


----------



## mister_d (Nov 25, 2011)

MS Security Essentials isn't happy with the file below. It's not showing up in the "history" tab but this came up as a warning or said that it was sending it to Microsoft for evaluation I believe.
C:\32788R22FWJFW\iexplorer.exe

ComboFix 11-12-02.02 - Kaunelis 12/02/2011 17:35:55.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.370 [GMT -5:00]
Running from: c:\documents and settings\Kaunelis\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 06:45 . 2011-12-02 06:45 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E38BA29-FC05-4CC9-A087-BD21047616F0}\MpKsl0cc3475c.sys
2011-12-02 06:45 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-02 06:44 . 2011-12-02 06:44 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E38BA29-FC05-4CC9-A087-BD21047616F0}\offreg.dll
2011-12-02 06:44 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E38BA29-FC05-4CC9-A087-BD21047616F0}\mpengine.dll
2011-12-02 01:38 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-02 01:35 . 2011-12-02 01:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-30 00:38 . 2011-11-30 00:41 -------- dc-h--w- c:\windows\ie8
2011-11-28 21:40 . 2011-11-28 21:40 -------- d-----w- C:\_OTM
2011-11-28 01:15 . 2011-11-28 01:15 -------- d-----w- c:\program files\ESET
2011-11-26 02:31 . 2011-11-26 02:32 -------- d-----w- c:\program files\Defraggler
2011-11-26 02:28 . 2011-11-26 02:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-24 09:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11 . 2011-11-30 06:31 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 22:22 . 2011-11-22 22:22 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\CheckPoint
2011-11-22 22:21 . 2011-11-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-22 22:17 . 2011-11-29 01:48 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03 . 2011-11-22 21:03 388096 ----a-r- c:\documents and settings\Kaunelis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 20:58 . 2011-11-22 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\.gstreamer-0.10
2011-11-22 20:57 . 2011-11-22 21:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MotoCast
2011-11-22 11:11 . 2011-11-22 11:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
2011-11-15 22:38 . 2011-11-15 22:38 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
2011-11-14 23:29 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:14 . 2011-11-29 01:50 -------- d-----w- c:\documents and settings\Kaunelis\.gstreamer-0.10
2011-11-10 20:13 . 2011-11-29 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-11-10 20:12 . 2008-03-27 22:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-06 13:49 . 2011-11-06 13:49 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\WBFSManager
2011-11-06 13:47 . 2011-11-15 23:18 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\AnvSoft
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\program files\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 02:25 . 2011-07-28 04:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-05-06 00:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2005-08-16 09:18 1858944 ------w- c:\windows\system32\win32k.sys
2011-11-21 04:04 . 2011-12-02 02:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-27_17.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-16 09:18 . 2011-11-30 00:18 80100 c:\windows\system32\perfc009.dat
+ 2011-12-02 22:24 . 2011-12-02 22:24 19968 c:\windows\Installer\41fcb76.msi
- 2011-11-24 14:35 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-11-30 00:46 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-11-30 00:46 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
- 2011-11-24 14:35 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
+ 2011-11-30 00:46 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
- 2011-11-24 14:35 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
+ 2011-11-30 00:46 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
- 2011-11-24 14:35 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
- 2011-11-24 14:35 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-11-30 00:46 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-11-30 00:48 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2598845-IE8\spmsg.dll
+ 2011-11-30 00:48 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2598845-IE8\spcustom.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-11-30 00:47 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2586448-IE8\spmsg.dll
+ 2011-11-30 00:47 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2586448-IE8\spcustom.dll
- 2011-11-24 14:36 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-11-30 00:47 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
- 2011-11-24 14:36 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-11-30 00:47 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
- 2011-11-25 08:06 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
- 2011-11-25 08:06 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
- 2011-11-24 14:33 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-11-30 00:40 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 44544 c:\windows\ie8\pngfilt.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 44544 c:\windows\ie8\pngfilt.dll
+ 2011-11-30 00:38 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
- 2011-11-24 14:30 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
+ 2011-11-30 00:38 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
- 2011-11-24 14:30 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
+ 2011-11-30 00:38 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
- 2011-11-24 14:30 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
- 2011-11-24 14:30 . 2011-08-17 21:32 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-11-30 00:38 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
- 2011-11-24 14:30 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 27648 c:\windows\ie8\jsproxy.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 27648 c:\windows\ie8\jsproxy.dll
+ 2011-11-30 00:38 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
- 2011-11-24 14:30 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
+ 2011-11-30 00:38 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
- 2011-11-24 14:30 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
- 2011-11-24 14:30 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
+ 2011-11-30 00:38 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 44544 c:\windows\ie8\iernonce.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 44544 c:\windows\ie8\iernonce.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 78336 c:\windows\ie8\ieencode.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 78336 c:\windows\ie8\ieencode.dll
+ 2011-11-30 00:38 . 2011-08-17 12:21 70656 c:\windows\ie8\ie4uinit.exe
- 2011-11-24 14:30 . 2011-08-17 12:21 70656 c:\windows\ie8\ie4uinit.exe
- 2011-11-24 14:30 . 2011-08-17 21:32 63488 c:\windows\ie8\icardie.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 63488 c:\windows\ie8\icardie.dll
+ 2011-11-30 00:38 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
- 2011-11-24 14:30 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 17408 c:\windows\ie8\corpol.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 17408 c:\windows\ie8\corpol.dll
+ 2011-11-30 00:38 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
- 2011-11-24 14:30 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
- 2011-11-24 14:37 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2011-11-30 00:48 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2005-08-16 09:18 . 2011-11-30 00:18 463950 c:\windows\system32\perfh009.dat
- 2011-11-27 17:08 . 2011-11-27 17:08 307600 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-02 03:11 . 2011-12-02 03:11 307600 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-18 18:18 . 2011-04-18 18:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-12-02 01:35 . 2011-12-02 01:35 785920 c:\windows\Installer\6cba1.msi
+ 2011-12-02 01:35 . 2011-12-02 01:35 483840 c:\windows\Installer\6cb9b.msi
+ 2011-12-02 01:35 . 2011-12-02 01:35 301056 c:\windows\Installer\6cb96.msi
- 2011-11-24 14:35 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-11-30 00:46 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
- 2011-11-24 14:35 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2011-11-30 00:46 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2011-11-30 00:46 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
- 2011-11-24 14:35 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
+ 2011-11-30 00:46 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
- 2011-11-24 14:35 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-11-30 00:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
- 2011-11-24 14:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
- 2011-11-24 14:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
+ 2011-11-30 00:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
+ 2011-11-30 00:46 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
- 2011-11-24 14:35 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-11-30 00:46 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
- 2011-11-24 14:35 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-11-30 00:46 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
- 2011-11-24 14:35 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
- 2011-11-24 14:35 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-11-30 00:46 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
- 2011-11-24 14:35 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-11-30 00:46 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-11-30 00:46 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
- 2011-11-24 14:35 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-11-30 00:46 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
- 2011-11-24 14:35 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
- 2011-11-24 14:35 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-11-30 00:46 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-11-30 00:48 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\updspapi.dll
+ 2011-11-30 00:48 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2598845-IE8\update.exe
- 2011-11-24 14:37 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2011-11-30 00:48 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2011-11-30 00:48 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
- 2011-11-24 14:37 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2011-11-30 00:48 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst.exe
- 2011-11-24 14:36 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-11-30 00:47 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
- 2011-11-24 14:36 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-11-30 00:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\updspapi.dll
+ 2011-11-30 00:47 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2586448-IE8\update.exe
- 2011-11-24 14:36 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-11-30 00:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-11-30 00:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
- 2011-11-24 14:36 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-11-30 00:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst.exe
+ 2011-11-30 00:47 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-11-30 00:47 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
- 2011-11-24 14:36 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
- 2011-11-25 08:04 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-11-30 23:14 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-11-30 23:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
- 2011-11-25 08:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-11-30 23:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
- 2011-11-25 08:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-11-30 23:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-11-30 23:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
+ 2011-11-30 23:14 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
- 2011-11-25 08:06 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-11-30 23:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
- 2011-11-25 08:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
- 2011-11-25 08:06 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2011-11-30 23:14 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2011-11-30 23:14 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
- 2011-11-25 08:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-11-30 23:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
- 2011-11-25 08:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-11-30 23:14 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
- 2011-11-25 08:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
- 2011-11-25 08:06 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-11-30 23:14 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 832512 c:\windows\ie8\wininet.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 832512 c:\windows\ie8\wininet.dll
- 2011-11-24 14:30 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-11-30 00:38 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-11-30 00:38 . 2011-08-17 21:32 233472 c:\windows\ie8\webcheck.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 233472 c:\windows\ie8\webcheck.dll
+ 2011-11-30 00:38 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
- 2011-11-24 14:30 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
- 2011-11-24 14:30 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-11-30 00:38 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 106496 c:\windows\ie8\url.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 106496 c:\windows\ie8\url.dll
+ 2011-11-30 00:40 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2011-11-24 14:33 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2011-11-24 14:33 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-11-30 00:40 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2011-11-24 14:30 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-11-30 00:38 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
- 2011-11-24 14:30 . 2011-08-17 21:32 102912 c:\windows\ie8\occache.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 102912 c:\windows\ie8\occache.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 671232 c:\windows\ie8\mstime.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 671232 c:\windows\ie8\mstime.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 193024 c:\windows\ie8\msrating.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 193024 c:\windows\ie8\msrating.dll
- 2011-11-24 14:30 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2011-11-30 00:38 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 478720 c:\windows\ie8\mshtmled.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 478720 c:\windows\ie8\mshtmled.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 468480 c:\windows\ie8\msfeeds.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 468480 c:\windows\ie8\msfeeds.dll
+ 2011-11-30 00:38 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
- 2011-11-24 14:30 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-11-30 00:38 . 2011-08-17 11:01 634632 c:\windows\ie8\iexplore.exe
- 2011-11-24 14:30 . 2011-08-17 11:01 634632 c:\windows\ie8\iexplore.exe
- 2011-11-24 14:30 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
+ 2011-11-30 00:38 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 268288 c:\windows\ie8\iertutil.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 268288 c:\windows\ie8\iertutil.dll
+ 2011-11-30 00:38 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
- 2011-11-24 14:30 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 192512 c:\windows\ie8\iepeers.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 192512 c:\windows\ie8\iepeers.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 384512 c:\windows\ie8\iedkcs32.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 384512 c:\windows\ie8\iedkcs32.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-11-30 00:38 . 2011-08-17 11:00 161792 c:\windows\ie8\ieakui.dll
- 2011-11-24 14:30 . 2011-08-17 11:00 161792 c:\windows\ie8\ieakui.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 230400 c:\windows\ie8\ieaksie.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 230400 c:\windows\ie8\ieaksie.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 153088 c:\windows\ie8\ieakeng.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 153088 c:\windows\ie8\ieakeng.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 214528 c:\windows\ie8\dxtrans.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 214528 c:\windows\ie8\dxtrans.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 347136 c:\windows\ie8\dxtmsft.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 124928 c:\windows\ie8\advpack.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 124928 c:\windows\ie8\advpack.dll
- 2011-11-24 14:35 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-11-30 00:46 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-11-30 00:46 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
- 2011-11-24 14:35 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
- 2011-11-24 14:35 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-11-30 00:46 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 1168896 c:\windows\ie8\urlmon.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 1168896 c:\windows\ie8\urlmon.dll
- 2011-11-24 14:30 . 2011-09-05 07:48 3615744 c:\windows\ie8\mshtml.dll
+ 2011-11-30 00:38 . 2011-09-05 07:48 3615744 c:\windows\ie8\mshtml.dll
- 2011-11-24 14:30 . 2011-08-17 21:32 6076416 c:\windows\ie8\ieframe.dll
+ 2011-11-30 00:38 . 2011-08-17 21:32 6076416 c:\windows\ie8\ieframe.dll
+ 2011-11-30 00:38 . 2010-07-05 20:32 2452872 c:\windows\ie8\ieapfltr.dat
- 2011-11-24 14:30 . 2010-07-05 20:32 2452872 c:\windows\ie8\ieapfltr.dat
- 2011-11-24 14:35 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-11-30 00:46 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
- 2011-11-24 14:36 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-11-30 00:47 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-11 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-27 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-04 04:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 MpKsl0cc3475c;MpKsl0cc3475c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E38BA29-FC05-4CC9-A087-BD21047616F0}\MpKsl0cc3475c.sys [12/2/2011 1:45 AM 29904]
R1 MpKsl15d565ed;MpKsl15d565ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF8F1C30-6EE5-4111-B4A6-B3D601408B1C}\MpKsl15d565ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF8F1C30-6EE5-4111-B4A6-B3D601408B1C}\MpKsl15d565ed.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/9/2010 12:21 AM 116608]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [6/5/2011 1:49 PM 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 11:39 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [1/24/2010 12:31 PM 38656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0CC3475C
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006Core.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006UA.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-12-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\smymmmoa.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 17:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1028)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-02 17:46:49
ComboFix-quarantined-files.txt 2011-12-02 22:46
ComboFix2.txt 2011-11-27 17:35
ComboFix3.txt 2011-11-24 04:56
.
Pre-Run: 47,065,718,784 bytes free
Post-Run: 47,049,175,040 bytes free
.
- - End Of File - - 82E91964BA1370F56A151949F54DFF22


----------



## kevinf80 (Mar 21, 2006)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
Folder::
c:\windows\system32\config\systemprofile\Application Data\MotoCast
c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
DirLook::
c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,

Run Malwarebytes, ensure to update then select "quick scan" remove anything it finds. Post that log.

Post those two logs please,

Kevin


----------



## mister_d (Nov 25, 2011)

looks like "notepad" has disappeared also ... can I use OpenOffice.org's Writer or Word instead?


----------



## kevinf80 (Mar 21, 2006)

Select windows key and R key together, type or copy/paste *notepad* in open run box and tap enter, does notepad open/


----------



## mister_d (Nov 25, 2011)

ComboFix 11-12-02.02 - Kaunelis 12/02/2011 19:36:59.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.359 [GMT -5:00]
Running from: c:\documents and settings\Kaunelis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kaunelis\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus\FirewallGUI.txt
c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus\FWPlugin.txt
c:\windows\system32\config\systemprofile\Application Data\MotoCast
c:\windows\system32\config\systemprofile\Application Data\MotoCast\db\data\MotoCast.db
c:\windows\system32\config\systemprofile\Application Data\MotoCast\keystore
c:\windows\system32\config\systemprofile\Application Data\MotoCast\MotoCast.lock
c:\windows\system32\config\systemprofile\Application Data\MotoCast\MotoCast.pid
c:\windows\system32\config\systemprofile\Application Data\MotoCast\MotoCast0.log
c:\windows\system32\config\systemprofile\Application Data\MotoCast\MotoCast0.log.lck
c:\windows\system32\config\systemprofile\Application Data\MotoCast\MotoCastWatcher.log
c:\windows\system32\config\systemprofile\Application Data\MotoCast\thumb_port
c:\windows\system32\config\systemprofile\Application Data\MotoCast\user
c:\windows\system32\config\systemprofile\Application Data\MotoCast\version
c:\windows\system32\config\systemprofile\Application Data\MotoCast\zfs0.log
c:\windows\system32\config\systemprofile\Application Data\MotoCast\zfs0.log.lck
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 00:46 . 2011-12-03 00:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADF46565-84C0-4A3A-A5D5-3C2E90C77964}\offreg.dll
2011-12-02 23:37 . 2011-12-02 23:37 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADF46565-84C0-4A3A-A5D5-3C2E90C77964}\MpKsla08a901f.sys
2011-12-02 22:47 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADF46565-84C0-4A3A-A5D5-3C2E90C77964}\mpengine.dll
2011-12-02 06:45 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-02 01:38 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-02 01:35 . 2011-12-02 01:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-30 00:38 . 2011-11-30 00:41 -------- dc-h--w- c:\windows\ie8
2011-11-28 21:40 . 2011-11-28 21:40 -------- d-----w- C:\_OTM
2011-11-28 01:15 . 2011-11-28 01:15 -------- d-----w- c:\program files\ESET
2011-11-26 02:31 . 2011-11-26 02:32 -------- d-----w- c:\program files\Defraggler
2011-11-26 02:28 . 2011-11-26 02:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-24 09:40 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-24 09:40 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-24 09:39 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-24 05:11 . 2011-11-30 06:31 -------- d-----w- c:\windows\system32\NtmsData
2011-11-22 22:22 . 2011-11-22 22:22 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\CheckPoint
2011-11-22 22:21 . 2011-11-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-22 22:17 . 2011-11-29 01:48 -------- d-----w- c:\program files\CheckPoint
2011-11-22 21:03 . 2011-11-22 21:03 388096 ----a-r- c:\documents and settings\Kaunelis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 20:58 . 2011-11-22 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\.gstreamer-0.10
2011-11-15 22:38 . 2011-11-15 22:38 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations
2011-11-14 23:29 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-10 20:14 . 2011-11-29 01:50 -------- d-----w- c:\documents and settings\Kaunelis\.gstreamer-0.10
2011-11-10 20:13 . 2011-11-29 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-11-10 20:12 . 2008-03-27 22:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-06 13:49 . 2011-11-06 13:49 -------- d-----w- c:\documents and settings\Kaunelis\Local Settings\Application Data\WBFSManager
2011-11-06 13:47 . 2011-11-15 23:18 -------- d-----w- c:\program files\WBFS
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\documents and settings\Kaunelis\Application Data\AnvSoft
2011-11-05 15:39 . 2011-11-05 15:39 -------- d-----w- c:\program files\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 02:25 . 2011-07-28 04:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-05-06 00:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2005-08-16 09:18 1858944 ------w- c:\windows\system32\win32k.sys
2011-11-21 04:04 . 2011-12-02 02:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations ----
.
2011-11-15 22:38 . 2011-11-15 22:38 3584 ----a-w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations\{5B56116C-E83D-48AE-A8CB-185491A2AF5A}\1033.MST
2011-11-15 22:38 . 2011-11-15 22:38 35723264 ----a-w- c:\documents and settings\Kaunelis\Local Settings\Application Data\Downloaded Installations\{5B56116C-E83D-48AE-A8CB-185491A2AF5A}\MOTOROLA MEDIA LINK.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-11 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-04 196608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-27 24576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-04 04:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 MpKsla08a901f;MpKsla08a901f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADF46565-84C0-4A3A-A5D5-3C2E90C77964}\MpKsla08a901f.sys [12/2/2011 6:37 PM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 9:05 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 9:05 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/9/2010 12:21 AM 116608]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [6/5/2011 1:49 PM 245760]
S2 gupdate1cc0203774f64a8;Google Update Service (gupdate1cc0203774f64a8);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 11:39 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 8:03 PM 136176]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 9:05 AM 12872]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [1/24/2010 12:31 PM 38656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006Core.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302304811-3986175178-2332543431-1006UA.job
- c:\documents and settings\Kaunelis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-06 05:18]
.
2011-12-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Kaunelis\Application Data\Mozilla\Firefox\Profiles\smymmmoa.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-02 19:53:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 00:52
ComboFix2.txt 2011-12-02 22:46
ComboFix3.txt 2011-11-27 17:35
ComboFix4.txt 2011-11-24 04:56
.
Pre-Run: 47,054,893,056 bytes free
Post-Run: 47,038,906,368 bytes free
.
- - End Of File - - C9E35056ACB16619DCBAA48B872D6421


----------



## mister_d (Nov 25, 2011)

I found some site that restored notepad but it put it on my desktop instead ... your way works but I don't know if it's because of what I did or not


----------



## mister_d (Nov 25, 2011)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8254
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/2/2011 8:02:57 PM
mbam-log-2011-12-02 (20-02-57).txt
Scan type: Quick scan
Objects scanned: 182398
Time elapsed: 4 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## kevinf80 (Mar 21, 2006)

How is FF responding, any change. The file you mentioned that MSE did not like is OK, it is from something I asked you to run..


----------



## mister_d (Nov 25, 2011)

It's not any better):


----------



## kevinf80 (Mar 21, 2006)

Please save this *File* to your desktop.

Click on Start > Run, and copy-paste the following command (the bolded text) into the open run box, then click OK.
*"%userprofile%\desktop\win32kdiag.exe" -f -r*
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.


----------



## mister_d (Nov 25, 2011)

I get an error message that says somethign along the lines of windows can't find C:\documentsandsettings\kaunelis\desktop\win32kdiag.exe

I wanted to take a screen shot to post it but I now notice that Paint has disappeared too.

**edit** oops I forgot to download the "file" no wonder it couldn't find it however now the link is dead


----------



## mister_d (Nov 25, 2011)

ok I did a google search and found some site with a similar link 
http://ad13.geekstogo.com/Win32kDiag.exe

Running from: C:\Documents and Settings\Kaunelis\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Kaunelis\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Finished!


----------



## kevinf80 (Mar 21, 2006)

That link you found is the one I gave you initially, ad13 is the guy who created the tool. If paint is also missing it would appear your accessories folder may be empty, is that true. If so run AccRestore at the following *Link*


----------



## mister_d (Nov 25, 2011)

sort of true ... some other stuff is empty like "accessability" but other stuff like system tools are there


----------



## mister_d (Nov 25, 2011)

I ran the tool and it's all good now


----------



## mister_d (Nov 25, 2011)

You don't know of one to restore the games do you?


----------



## kevinf80 (Mar 21, 2006)

What games were in the folder, just windows default ones or others


----------



## mister_d (Nov 25, 2011)

just the basics ... checkers solitaire ect.


----------



## kevinf80 (Mar 21, 2006)

This is MS fix for Games folder, http://support.microsoft.com/kb/307768 We are being sidetracked, what issues remain with your system


----------



## mister_d (Nov 25, 2011)

Thanks - I'll work on getting that back.

I know it's another sidetrack but Windows Media Player is still gone - I'm guessing I can just d/l it but I wanted to make sure you knew about it just in case it helped the cause. All of these things that have come up missing did so either when the virus (or whatever it is) showed up or since we've tried to fix it.

Firefox still doesn't behave right and I've since been using Internet Explorer. There are times that I click a link and for some reason a random IE window opens up to my home page (google).

I like the TFC program you recommended but when I run it the MS Security Essentials program doesn't appear to be running or at least it disappears from the system tray. CCleaner seems to be a similar program and it doesn't cause that problem.... is it similar?


----------



## kevinf80 (Mar 21, 2006)

TFC is specifically a temorary file cleaner, because certain temp files are not movable when the system is active TFC closes all open application Windows, you`ll note the Desktop disappears. After a run MSE will still be active and realtime protection is live, but tray icon is gone.
I know that can be a bit scary, that is why I always ask that you re-boot after a scan even if TFC does not prompt for one. That way all tray icons are returned.

CCleaner is OK but does have a registry cleaner function, no one worth there salt recommends any registry cleaner, there is no proven benefit from that function. Some of the more aggressive registry cleaners have been known to leave systems unbootable. 

Regarding WMP can you navigate Start > My computer > C:\Program Files, scroll down is Windows Media Player in that folder?


----------



## mister_d (Nov 25, 2011)

your explanation was perfect - thanks

WMP is in that folder and I noticed a setup file so I'll go from there

That just leaves Firefox as my only (currently noticable) problem.


----------



## kevinf80 (Mar 21, 2006)

Can I go and play with my phone, lol. I`m going to read back over the thread, i`ll get back to you shortly...

In the interim run the following:

Please download *MiniToolBox* and save it to your desktop.

Double click the







icon to run the tool.

You will now see the following Control Panel.










Checkmark following check-boxes and select *GO:*

* Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP Configuration
List Winsock Entries
List last 10 EventViewer Entries
*

Post the result (Result.txt) that pops up. A copy of result.txt will be save in the same directory the tool is saved.


----------



## mister_d (Nov 25, 2011)

lol!

I know it's getting late on your end - thank you very much for doing this

MiniToolBox by Farbar 
Ran by Kaunelis (administrator) on 03-12-2011 at 18:16:56
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ============================== 
"network.proxy.no_proxies_on", "*.local,192.168.*.*"
"network.proxy.type", 0
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : HomeComputer
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-13-72-3A-A6-8E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Saturday, December 03, 2011 8:29:09 AM
Lease Expires . . . . . . . . . . : Sunday, December 04, 2011 8:29:09 AM
Server: home
Address: 192.168.1.254
Name: google.com
Addresses: 74.125.225.49, 74.125.225.50, 74.125.225.51, 74.125.225.52
74.125.225.48

Pinging google.com [74.125.225.83] with 32 bytes of data:

Reply from 74.125.225.83: bytes=32 time=30ms TTL=54
Reply from 74.125.225.83: bytes=32 time=30ms TTL=54

Ping statistics for 74.125.225.83:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 30ms, Average = 30ms
Server: home
Address: 192.168.1.254
Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=97ms TTL=54
Reply from 98.137.149.56: bytes=32 time=135ms TTL=54

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 135ms, Average = 116ms
Server: home
Address: 192.168.1.254
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 3a a6 8e ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.64 192.168.1.64 20
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/03/2011 02:29:51 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - leaving recovery code.
Error: (12/03/2011 02:29:51 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: SEVERE nView Mutex Error - NOT recoverable. NView (and Mutexes) have been disabled for the time being while process 4e8 is active.
Error: (12/03/2011 02:27:51 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled.
Error: (12/03/2011 02:27:50 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - mutex still stuck - PID:4e8 now has a back count of:1.
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - after 5 seconds, mutex still stuck. NView (and Mutexes) are now disabled.
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (thread 0xbe8) (cmdName:SUPERAntiSpyware.exe) WindowManager.cpp 3329
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (thread 0xbe8) (cmdName:SUPERAntiSpyware.exe) WindowManager.cpp 3329
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0xbe8) (pid: 0x4e8)
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0xbe8) (pid: 0x4e8)
Error: (12/03/2011 02:27:30 PM) (Source: nview_info) (User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT: (process 0x250) (thread 0xf18) (wait 0x5) (pwait 0x1)

System errors:
=============
Error: (12/02/2011 08:29:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
nvatabus
nvraid
Error: (12/02/2011 08:23:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
nvatabus
nvraid
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (12/02/2011 08:22:26 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (12/03/2011 02:29:51 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - leaving recovery code.
Error: (12/03/2011 02:29:51 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: SEVERE nView Mutex Error - NOT recoverable. NView (and Mutexes) have been disabled for the time being while process 4e8 is active.
Error: (12/03/2011 02:27:51 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled.
Error: (12/03/2011 02:27:50 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - mutex still stuck - PID:4e8 now has a back count of:1.
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: Mutex Recovery Code - after 5 seconds, mutex still stuck. NView (and Mutexes) are now disabled.
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (thread 0xbe8) (cmdName:SUPERAntiSpyware.exe) WindowManager.cpp 3329
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (thread 0xbe8) (cmdName:SUPERAntiSpyware.exe) WindowManager.cpp 3329
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0xbe8) (pid: 0x4e8)
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0xbe8) (pid: 0x4e8)
Error: (12/03/2011 02:27:30 PM) (Source: nview_info)(User: )
Description: NVIEW : SUPERAntiSpyware: WAIT_TIMEOUT: (process 0x250) (thread 0xf18) (wait 0x5) (pwait 0x1)

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

OK, I`m still not seeing anything obvious that will give the isssue with FireFox. Lets clean up the tools we`ve used, then I`d like you to re-install FF again...

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.
*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*
Keep TFC







This an excellet tool for removing temporary files etc from you system. Always remember to re-boot after a run.

If any of the following remain on your Desktop either delete them or drag to the recycle bin:

*aswMBR
GooredFix
DDS
GMER*

*Step 3*

We need to remove ESET Online Scanner.


 Click Start, click Run, type *control appwiz.cpl* in the Open box, and then press ENTER.
 Click to select *ESET Online Scanner* from the application list, and then click Remove. Only re-boot if prompted

*Step 4*

Run TFC, make sure to re-boot, even if not prompted.

Uninstall FF, when asked if you want to save any settings etc say NO. Reboot system.

*Step 5*

Re-install FF from this *Link* do not run it yet.

Re-boot to SafeMode with Networking, does FF respond OK? Re-boot to Normal Mode, does it respond OK...

Kevin


----------



## mister_d (Nov 25, 2011)

ok .. I'm starting to work on that now

I removed combofix from my desktop earlier and have since run CCleaner (not the registry) and TFC ... I have also restarted a few times since then also. Long story short, the uninstall thing isn't working because of it.


----------



## kevinf80 (Mar 21, 2006)

OTC will remove any files/folders related to CF, the only function outstanding would be system restore flush and make new restore point, Continue from and including OTC.
After step 4 do this:

We now need to reset your system restore points and create a new clean one. To do this "Turn off" System restore > Left click start > Right click My Computer > Left click Properties > Select System restore tab > put tick in Turn off System Restore box > apply > ok. To reverse as previous but remove the tick from Turn off System Restore > apply ok.


Create the new restore point > Start > all programs > accessories > system tools > system restore > create a restore point > In the Restore point description box give it a name for reference eg. Clean 1. The time and date are added automatically > then select create and follow the wizard out.

Then do step 5...

Getting late for me, will have to pick this back up later..

Kevin


----------



## mister_d (Nov 25, 2011)

Well I did everything top to bottom and firefox is still problematic no matter what. Specifically I cannot click "options" or download anything.

A couple of questions...
If I went into the registry and deleted the Mozilla folders (that you described earlier) and I uninstalled the program plus I then ran CCleaner and TFC and then rebooted, how the heck does FF ask me if I want to restore my last session after I go back and do a "clean" install? Wouldn't those previous pages be deleted and long been forgotten?

When loading into Windows, a black screen with white writing always appears. At one point it asks me to choose between the options: MS Windows Recovery Console, do not select this [debugger enabled], and WindowsXP Media Center Edition. WinXP MCE is always choosen but the other two seem new(er). Are those normal?

When going into safe mode with networking, I am to choose between Administrator and Kaunelis. I have been choosing Administrator all along. Is that right?

Have I mentioned that Google Chrome is sounding better and better(;


----------



## kevinf80 (Mar 21, 2006)

OK, one last try at doing a clean install of FireFox. If the Application Data folder is hidden go *Here* for instructions on how to show it (unhide)


 Uninstall Firefox browser through Add/Remove Programs

 Remove bookmarks and other settings of Firefox by deleting the folder Firefox from the folders C:\Documents and Settings\[username]\Application Data\Mozilla (remove Mozilla if you have no other products)

 Delete the folder C:\Program Files\Mozilla Firefox

 The final step is to remove all registry entries of Firefox with the help of Regedit application. Launch Regedit (Start > Run Type or copy/paste *regedit* into the open box, tap enter or select OK) Search for all the entries containing the text Firefox or Mozilla and delete them. The entries which I was able to locate my registry:

[HKEY_CLASSES_ROOT\FirefoxHTML] <<----- We missed that one first time round.

[HKEY_CURRENT_USER\Software\Mozilla]

[HKEY_CURRENT_USER\Software\MozillaPlugins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]

If you are using any other Mozilla applications make sure to uninstall only Firefox related entries from Windows registry and installation folders, otherwise remove anything Mozilla related.

Next,

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
*firefox
firefox*
*firefox*
*mozilla
mozilla*
*mozilla*
:folderfind
*firefox
firefox*
*firefox*
*mozilla
mozilla*
*mozilla*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

IF SystemLook finds any entries we`ve missed, remove them.

Next,

Run TFC when complete and re-boot. Use the link I gave earlier to re-install FF

The other issue you mention about the extra entries at boot, those were put there by Combofix, they are tools to help in case of future problems. We can remove them if you wish, I`d recommend you keep them.

When you go to Safe Mode with NW, go in through your user name...

Kevin


----------



## mister_d (Nov 25, 2011)

Alright, I ran that and deleted all the enries except the 2 listed below which don't appear even though I have the ability to see hidden files.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\55LLIPQK\kb.mozillazine[1].xml --a---- 13 bytes [03:48 04/12/2011] [03:48 04/12/2011] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\L1SP1GQT\support.mozilla[1].xml --a---- 13 bytes [03:42 04/12/2011] [03:42 04/12/2011] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

These didn't exist:
[HKEY_CLASSES_ROOT\FirefoxHTML] <<----- We missed that one first time round.

[HKEY_CURRENT_USER\Software\Mozilla]


----------



## mister_d (Nov 25, 2011)

Another problem is that Microsoft Security Essentials isn't loading in the system tray. The process is appearing when I go into the control panel though so I'm thinking it's working in the background.

**edit** nevermind ... I uninstalled and reinstalled and now it's fine


----------



## kevinf80 (Mar 21, 2006)

Ignore those files and try FF install again... the creation date is today and they are in the Administarator account..


----------



## mister_d (Nov 25, 2011)

It didn't work):

How come I get to choose between Admin and Kaunelis when going to Safe Networking but not when I'm loading normally?


----------



## kevinf80 (Mar 21, 2006)

The Administrator account is hidden by Default in Normal boot, In Safe mode or Safe Mode with Networking it shows by default plus any other Active User accounts. Those are XP default settings

Have you re-installed FireFox, if so what issues remain...Also how is your system in general..


----------



## mister_d (Nov 25, 2011)

Thanks for explaining it. I'm trying to at least partially understand the whole situation and you've been very helpful.

Oops, I meant Firefox didn't work again. FF locks up every time I click on "Tools --> Options" or try to download anything.


----------



## kevinf80 (Mar 21, 2006)

I`ve asked for a second opinion on our private Forum, I`ll get back to you when I get any replies. This one has got me beat for sure......

Kevin..


----------



## mister_d (Nov 25, 2011)

Thanks Kevin. I'll keep checking back to see if you were able to get an answer.


----------



## kevinf80 (Mar 21, 2006)

OK, only feedback I get from private forum is to advise you to ask at the mozilla forum http://forums.mozillazine.org/ There is nothing in your logs to show why FF will not run, you have no infection.

Thats the best I can do,

Kevin


----------



## mister_d (Nov 25, 2011)

Kevin, thanks a million for taking the time and for all of your help. I really appreciate this site and everyone here that makes it work so well. I will head over to that forum to see what they have to say.
Merry Christmas!


----------



## kevinf80 (Mar 21, 2006)

Comeback and let me know how you get on, I`m very curious why FF will not work for you..

Kevin...


----------



## mister_d (Nov 25, 2011)

For sure!

If anyone happens to read this and have a clue about how to help, please drop in and post so at the link below
http://forums.mozillazine.org/viewtopic.php?f=38&t=2382953


----------



## mister_d (Nov 25, 2011)

Ok, no one at those Mozilla Forums had a clue why it wasn't working either. I was having sporadic problems with IE too and other little problems were popping up with programs. I finally gave up, found a good deal on an external HD, and reloaded WinXP last night. Everything is good now. Thanks for helping and hanging for so long! I guess sometimes it's just better to start fresh


----------



## kevinf80 (Mar 21, 2006)

Thank you for coming back with the update, I guess there was a problem within windows if a fresh install fixed the issue...


----------

