# software will not update



## Phoenix Rising (Mar 9, 2009)

My software programs will state your version is so many days out of date do you want to update now if I agree it wont update , or I mostly get a message that this is not a win 32 application, or can't connect to the server, or no inter net connection when I know with out a doubt i am connected. I have tried to download all the requested info. Hyjack this log sysinfo, GMER will not open and or download. The dlone has and here is the results:
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by MARK at 10:19:14 on 2012-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.286 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\FrostWire 5\FrostWire.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: EpicPlay: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - EpicPlay
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\copper hispeed\components\NOWImaging.dll
BHO: Prefetch: {a66aa08a-9bf0-4e87-99e6-6972731d6b99} - c:\program files\copper hispeed\Prefetch.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Copper HiSpeed: {8b79ee88-e62d-4aa8-b530-cc357ba112b7} - c:\program files\copper hispeed\Toolband.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316584026390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D} : NameServer = 207.69.188.185 207.69.188.186
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\ekm4ebjz.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\epicplay\npEpicHost.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - 
.
============= SERVICES / DRIVERS ===============
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2011-11-1 4064]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6f9cccc1;MpKsl6f9cccc1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85abc1f4-7d6f-4709-9e2f-8f69b5ee25de}\mpksl6f9cccc1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85abc1f4-7d6f-4709-9e2f-8f69b5ee25de}\MpKsl6f9cccc1.sys [?]
R1 MpKslde2f8012;MpKslde2f8012;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d90f435-d0bc-44bb-b17f-75651393fa6b}\MpKslde2f8012.sys [2012-1-16 29904]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-10-28 14424]
S1 MpKsl12f46096;MpKsl12f46096;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{042eef08-ee32-4af3-9857-cd01b856ea52}\mpksl12f46096.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{042eef08-ee32-4af3-9857-cd01b856ea52}\MpKsl12f46096.sys [?]
S1 MpKsl517303f6;MpKsl517303f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92eff2d4-d5a8-4f3e-90cf-eab9cb28bb07}\mpksl517303f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92eff2d4-d5a8-4f3e-90cf-eab9cb28bb07}\MpKsl517303f6.sys [?]
S1 MpKsl6bf5ac90;MpKsl6bf5ac90;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92eff2d4-d5a8-4f3e-90cf-eab9cb28bb07}\mpksl6bf5ac90.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{92eff2d4-d5a8-4f3e-90cf-eab9cb28bb07}\MpKsl6bf5ac90.sys [?]
S1 MpKsl7effffb1;MpKsl7effffb1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1be6a30a-5fb6-427b-af9e-a0cb25ea6a26}\mpksl7effffb1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1be6a30a-5fb6-427b-af9e-a0cb25ea6a26}\MpKsl7effffb1.sys [?]
S1 MpKsl8ed8c512;MpKsl8ed8c512;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{042eef08-ee32-4af3-9857-cd01b856ea52}\mpksl8ed8c512.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{042eef08-ee32-4af3-9857-cd01b856ea52}\MpKsl8ed8c512.sys [?]
S1 MpKslbb4ff9eb;MpKslbb4ff9eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cdb993a-f059-467a-9335-213b7ee893bb}\mpkslbb4ff9eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cdb993a-f059-467a-9335-213b7ee893bb}\MpKslbb4ff9eb.sys [?]
S1 MpKslc6ad5e6a;MpKslc6ad5e6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cdb993a-f059-467a-9335-213b7ee893bb}\mpkslc6ad5e6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9cdb993a-f059-467a-9335-213b7ee893bb}\MpKslc6ad5e6a.sys [?]
S1 MpKslcad91dfe;MpKslcad91dfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddf5f4e6-2822-4bee-b7a4-33108190495a}\mpkslcad91dfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddf5f4e6-2822-4bee-b7a4-33108190495a}\MpKslcad91dfe.sys [?]
S1 MpKsldfbe05ba;MpKsldfbe05ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a635474-7844-4391-9782-fadd54b2e9d3}\mpksldfbe05ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a635474-7844-4391-9782-fadd54b2e9d3}\MpKsldfbe05ba.sys [?]
S1 MpKslf20dc68d;MpKslf20dc68d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81198a2d-7c40-47f2-a3f7-b2cf88a5b6ef}\mpkslf20dc68d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81198a2d-7c40-47f2-a3f7-b2cf88a5b6ef}\MpKslf20dc68d.sys [?]
S2 agrsm;Agere Modem Driver;c:\windows\system32\agrsmnt.sys [2011-11-22 1269584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-9-23 30192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-16 14:25:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d90f435-d0bc-44bb-b17f-75651393fa6b}\MpKslde2f8012.sys
2012-01-16 14:24:58 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d90f435-d0bc-44bb-b17f-75651393fa6b}\offreg.dll
2012-01-16 14:24:53 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d90f435-d0bc-44bb-b17f-75651393fa6b}\mpengine.dll
2012-01-15 18:58:00 709968 ----a-w- c:\windows\isRS-000.tmp
2012-01-15 15:33:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 23:44:19 -------- d-----w- c:\program files\ltmoh
2012-01-11 05:42:45 -------- d--h--w- c:\windows\PIF
2012-01-06 13:42:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-06 13:42:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-06 13:41:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-01-06 13:37:46 -------- d-----w- c:\windows\system32\URTTEMP
2012-01-06 13:36:19 -------- d-----w- c:\windows\Downloaded Installations
2012-01-05 13:26:35 373104 ----a-w- c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
2012-01-05 13:05:57 139264 ----a-w- c:\windows\system32\igfxres.dll
2012-01-03 05:24:07 -------- dc-h--w- c:\windows\ie8
2012-01-03 00:15:30 19569 ----a-w- c:\windows\000002_.tmp
2012-01-02 23:25:50 -------- d-----w- c:\program files\LSI SoftModem
2011-12-23 16:48:51 61440 ------w- c:\windows\system32\ppcpanel.cpl
2011-12-23 16:48:51 57168 ------w- c:\windows\system32\PPCOUNIN.exe
2011-12-23 16:48:51 40616 ------w- c:\windows\system32\PPCClean.exe
2011-12-23 16:48:51 -------- d-----w- c:\program files\PeoplePC
2011-12-23 16:03:35 -------- d-----w- c:\program files\Dell
.
==================== Find3M ====================
.
2012-01-03 01:43:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-15 20:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20:51 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet(5)(2).dll
2011-10-31 23:43:21 268288 ----a-w- c:\windows\system32\iertutil(2)(3).dll
2011-10-31 23:43:21 1168896 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2011-10-31 23:43:21 106496 ----a-w- c:\windows\system32\url(4)(2).dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-13 15:56:22 5960560 ----a-w- c:\program files\BitTorrent-7.5(1).exe
.
============= FINISH: 10:20:28.42 ===============

Attach:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2011 10:28:52 AM
System Uptime: 1/16/2012 5:47:23 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 18.446 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Service: b57w2k
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01AD1028&REV_01\3&172E68DD&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01AD1028&REV_01\3&172E68DD&0&FB
Service: 
.
==== System Restore Points ===================
.
RP25: 1/11/2012 3:00:23 AM - Software Distribution Service 3.0
RP26: 1/11/2012 11:51:00 AM - Software Distribution Service 3.0
RP27: 1/11/2012 5:28:01 PM - Software Distribution Service 3.0
RP28: 1/12/2012 3:00:31 AM - Software Distribution Service 3.0
RP29: 1/15/2012 11:57:44 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Type Manager 4.0
Agere Systems PCI Soft Modem
B209a-m
Bing Bar Platform
Broadcom Gigabit Integrated Controller
BufferChm
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
CDBurnerXP
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Destinations
DeviceDiscovery
FrostWire 5.2.11
Gadwin PrintScreen
Google Desktop
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
HSP56 MicroModem Drivers
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
JamCam 3.0 Software
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 27
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MovieEdit Task
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Panda USB Vaccine 1.0.1.4
PeerBlock 1.0.0 (r181)
PS_AIO_06_B209a-m_SW_Min
RAW Image Task 1.2
RemoteCapture Task 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
ShareIns
SmartWebPrinting
SolutionCenter
SoundMAX
Status
T-Shirt Creator 32
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.7
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 12:22:48 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/9/2012 12:22:46 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
1/16/2012 1:40:59 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2930.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/15/2012 4:52:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MARK-387473CC81\MARK Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee2 Error description: The operation timed out 
1/15/2012 4:52:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MARK-387473CC81\MARK Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee2 Error description: The operation timed out 
1/15/2012 4:52:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MARK-387473CC81\MARK Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee2 Error description: The operation timed out 
1/15/2012 4:52:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MARK-387473CC81\MARK Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee2 Error description: The operation timed out 
1/15/2012 10:19:46 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
1/15/2012 10:19:46 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
1/15/2012 10:19:46 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
1/15/2012 10:19:46 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
1/15/2012 10:19:42 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/15/2012 10:19:42 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/14/2012 9:56:06 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/14/2012 9:51:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/14/2012 6:56:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/14/2012 6:56:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/14/2012 6:20:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/14/2012 6:20:10 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/13/2012 9:44:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/13/2012 9:44:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/13/2012 10:29:58 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/13/2012 10:29:58 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/13/2012 1:57:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/12/2012 7:39:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/12/2012 4:52:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/12/2012 4:52:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/11/2012 7:05:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/11/2012 7:05:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/11/2012 5:48:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee2 Error description: The operation timed out 
1/11/2012 5:27:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/11/2012 5:27:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/11/2012 10:24:59 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/11/2012 10:15:06 AM, error: Service Control Manager [7000] - The Agere Modem Driver service failed to start due to the following error: No serial device was successfully initialized. The serial driver will unload.
1/11/2012 10:14:30 AM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
1/10/2012 4:17:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/10/2012 4:11:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/10/2012 3:57:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/10/2012 3:57:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/10/2012 11:33:09 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
1/10/2012 11:33:09 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2495.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
.
==== End Of File ===========================


----------



## Phoenix Rising (Mar 9, 2009)

Ok got SysInfo to download here are the results. I will try once more to get HiJack, and Gmer to download and open:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 1014 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 224 Mb
Hard Drives: C: Total - 38138 MB, Free - 18929 MB;
Motherboard: Dell Inc., 0HH807
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled


----------



## Phoenix Rising (Mar 9, 2009)

Here is the Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:53 PM, on 1/16/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FrostWire 5\FrostWire.exe
C:\Documents and Settings\MARK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: EpicPlay - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - (no file)
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Copper HiSpeed\components\NOWImaging.dll (file missing)
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\Copper HiSpeed\Prefetch.dll (file missing)
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Copper HiSpeed - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Copper HiSpeed\Toolband.dll (file missing)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6396 bytes


----------



## Phantom010 (Mar 9, 2009)

Try disabling *PeerBlock*.

Also, you still have traces of *Copper HiSpeed* inside Internet Explorer.

Run HijackThis again.

Select *Do a system scan only*.

Put a check mark on the following entries:

O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Copper HiSpeed\components\NOWImaging.dll (file missing)

O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\Copper HiSpeed\Prefetch.dll (file missing)

O3 - Toolbar: Copper HiSpeed - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Copper HiSpeed\Toolband.dll (file missing)

Click *Fix checked*.


----------



## Phoenix Rising (Mar 9, 2009)

I have run the Hijack and removed the items listed. I am also trying to download GMER at the moment. If it takes I will post the results.


----------



## Phantom010 (Mar 9, 2009)

I remember you seemed to have quite a few issues from your other threads not so long ago. I'm not sure I'll be able to help.


----------



## Phoenix Rising (Mar 9, 2009)

It's actually been running well fir quite some time now it's just the updating! That seems to be acting up!


----------



## Phoenix Rising (Mar 9, 2009)

Well I've noticed that when I reboot It runs well for approx 30 minutes then it starts to slow down or act up. My updates seem to be working but I don't know if they will take so long that they will push me into that after thirty minute time thing I will have to see, I don't know if that's significant or not. I have a GMER log now if your still interested. it makes me sad that you guys would just quite on me like that. I know that I have had troubles but I thought that's what you guys were in the biz for. I have learned a lot from you guys the most important thing is not to give up. Think things through troubleshoot intelligently and be extra careful of what you doing!
Here is tht GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-17 08:51:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD400BD-75JMA0 rev.05.01C05
Running: gmer.exe; Driver: C:\DOCUME~1\MARK\LOCALS~1\Temp\kftcqaow.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6F1EF80]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[2772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01263690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)

---- EOF - GMER 1.0.15 ----
log


----------



## Phoenix Rising (Mar 9, 2009)

It seems that the update worked on malwarebytes I ran. Let me know if there is anything wrong with the GMER log and I will end this thread since I'm incurable ..........or so they say!


----------



## Phantom010 (Mar 9, 2009)

For GMER, you need to ask a Malware Removal Specialist.


----------



## Phoenix Rising (Mar 9, 2009)

I was told I had to run all of these tests before I could post my question There was a list, so that's what I did. Which forum do I have to go to now!


----------



## Phantom010 (Mar 9, 2009)

You're not in the right forum. If you already have an active thread about this in the *Virus & Other Malware Removal* forum, post in it.

If not, please click on *Report* and kindly ask to be moved to the *Virus & Other Malware Removal *forum. Be sure to provide the appropriate reports in that forum after reading *THIS*. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.


----------



## eddie5659 (Mar 19, 2001)

Hiya

I'll take a look at the GMER log, and see what else there is 

Also, as its nearing 12am here, I'll take a look at this fully tomorrow, but can you run this for me, so I can look at it at the same time 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## Phoenix Rising (Mar 9, 2009)

I will run this by the time you get up It will be posted It's dinner time here in Texas so I will posted afterwards. Thanks for looking into this for me!
Phoenix Rising
Mark S


----------



## Phoenix Rising (Mar 9, 2009)

It came up not a win32 application, part of the problem. I have to make several attempts before it works, It's 3:30 am here I need to crash I will catch you when I get up.


----------



## Phoenix Rising (Mar 9, 2009)

I have also noticed that things work better if I reboot computer for approx. 20 -30 minutes!
OTL Txt:

OTL logfile created on: 1/18/2012 10:00:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 549.06 Mb Available Physical Memory | 54.14% Memory free
2.38 Gb Paging File | 2.08 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 18.45 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive H: | 14.41 Gb Total Space | 2.96 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
PRC - [2011/11/20 22:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/20 22:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 01:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2005/09/23 12:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\agrsmnt.sys -- (agrsm)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 87 E7 EC 3E CA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]

[2011/10/24 11:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions
[2012/01/13 09:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions
[2011/11/27 17:20:15 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/16 15:58:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011/12/04 12:23:07 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\[email protected]
[2011/09/24 02:27:37 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\askcom.xml
[2011/11/27 12:25:55 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\bing-zugo.xml
[2011/10/11 18:24:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml
[2011/12/16 21:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/10/06 09:17:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/23 13:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:26:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 03:41:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/16 12:34:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 07:39:52 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:04:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 09:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 09:33:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 17:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2012/01/10 23:42:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/06 07:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/01/06 07:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/01/06 07:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/01/02 23:24:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/02 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/12/23 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\PeoplePC
[2011/12/23 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/12/23 10:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent-7.5(1).exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/18 09:57:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/18 09:54:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/18 09:54:23 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/18 09:51:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/18 04:46:29 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 04:37:35 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\MARK\My Documents\Gmer.exe
[2012/01/17 04:37:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/16 12:46:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 12:20:38 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:28:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 10:06:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 12:31:16 | 000,000,114 | ---- | M] () -- C:\WINDOWS\E
[2012/01/12 11:09:44 | 000,000,436 | ---- | M] () -- C:\ZB20120112110939001.xml
[2012/01/11 11:51:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/05 18:26:07 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:19 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2012/01/03 11:44:51 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Microsoft Word.lnk
[2012/01/03 01:58:00 | 000,502,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/03 01:58:00 | 000,086,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/03 01:21:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
[2012/01/03 01:11:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/22 14:44:34 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 06:44:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\Gmer.exe
[2012/01/17 04:29:39 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/15 10:06:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | C] () -- C:\ZB20120112110939001.xml
[2012/01/05 18:26:07 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:18 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2011/12/23 10:48:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ppcpanel.cpl
[2011/12/23 10:48:51 | 000,057,168 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2011/12/23 10:48:51 | 000,040,616 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2011/11/27 13:49:55 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/27 08:58:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 18:30:10 | 000,002,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/11/01 08:30:42 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/29 04:09:02 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2011/10/29 04:09:02 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/10/28 16:03:22 | 000,002,806 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/10/28 16:02:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/10/28 16:02:16 | 000,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/10/28 16:02:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2011/10/28 16:02:12 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2011/10/28 16:02:12 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011/10/28 15:28:11 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2011/10/28 15:28:11 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2011/10/27 06:09:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/10/27 06:08:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/27 06:08:58 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/23 04:43:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/23 04:43:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/23 04:43:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/23 04:43:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/23 04:43:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 21:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/10 14:27:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/10/04 08:08:07 | 000,069,456 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2011/10/04 08:08:07 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2011/10/04 08:08:06 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2011/10/04 08:08:06 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2011/09/28 11:11:41 | 000,060,368 | R--- | C] () -- C:\WINDOWS\ptdll16.dll
[2011/09/28 11:11:41 | 000,000,456 | R--- | C] () -- C:\WINDOWS\pthsp.dat
[2011/09/22 21:09:36 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 03:55:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/19 22:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/19 09:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 09:23:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 04:08:49 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/09/19 04:08:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2011/09/19 04:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/19 04:04:08 | 000,385,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/10 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,502,366 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,086,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 20:05:46 | 000,031,136 | ---- | C] () -- C:\WINDOWS\ptsnoop.exe

========== LOP Check ==========

[2011/09/26 07:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/12 13:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/20 03:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/09/19 11:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/22 18:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/09/24 14:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/23 20:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/22 17:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2011/10/26 09:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/10/12 08:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\.BitTornado
[2011/11/09 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\AnvSoft
[2011/10/28 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\Azureus
[2012/01/06 07:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\BitTorrent
[2011/09/20 03:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\Canneverbe Limited
[2011/12/07 09:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\EarthLink
[2011/11/13 08:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\ElevatedDiagnostics
[2011/09/22 18:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\OpenOffice.org
[2011/09/28 18:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\PDF Software
[2011/10/11 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\searchqutoolbar
[2011/11/07 16:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\SlipStream
[2011/11/13 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\Windows Desktop Search
[2011/11/14 08:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\Windows Search
[2012/01/18 09:57:15 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/03 01:21:34 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job

========== Purity Check ==========

< End of report >

Extras txt:

OTL Extras logfile created on: 1/18/2012 10:00:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 549.06 Mb Available Physical Memory | 54.14% Memory free
2.38 Gb Paging File | 2.08 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 18.45 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive H: | 14.41 Gb Total Space | 2.96 Gb Free Space | 20.57% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management 
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*isabled:VLC media player -- ()
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:EnabledTX broker -- (Visicom Media Inc.)
"C:\Documents and Settings\MARK\Desktop\BitTorrent-7.5(1).exe" = C:\Documents and Settings\MARK\Desktop\BitTorrent-7.5(1).exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\MARK\My Documents\BitTorrent.exe" = C:\Documents and Settings\MARK\My Documents\BitTorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36BFC0A0-7F4E-11D4-950D-00609733D4AD}" = JamCam 3.0 Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"FrostWire 5" = FrostWire 5.2.11
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = HSP56 MicroModem Drivers
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PowerShell" = Windows PowerShell(TM) 1.0
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"T-Shirt Creator 32" = T-Shirt Creator 32
"VLC media player" = VLC media player 1.1.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 11:51:03 AM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/14/2012 11:56:07 AM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/15/2012 10:46:25 AM | Computer Name = MARK-387473CC81 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
mshtml.dll, version 8.0.6001.19170, fault address 0x000dc749.

Error - 1/15/2012 12:10:29 PM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2012 12:11:07 PM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1001
Description = Fault bucket -1542279733.

Error - 1/15/2012 12:19:44 PM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 1/16/2012 3:41:00 AM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/16/2012 8:08:55 PM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/17/2012 4:04:47 AM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/18/2012 11:59:34 AM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/17/2012 8:51:03 AM | Computer Name = MARK-387473CC81 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/17/2012 8:55:18 AM | Computer Name = MARK-387473CC81 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 1/17/2012 12:13:40 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/17/2012 12:14:07 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 1/17/2012 3:47:11 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/17/2012 3:47:54 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 1/17/2012 3:59:12 PM | Computer Name = MARK-387473CC81 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 1/17/2012 3:59:12 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 1/18/2012 11:51:50 AM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/18/2012 11:52:20 AM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

< End of report >


----------



## Phoenix Rising (Mar 9, 2009)

Wow that should take a minute or two to look over!


----------



## eddie5659 (Mar 19, 2001)

It sure did 

Glad to see the logs were produced, and I see a lot of things in there, so lets get started 

Now, although you don't seem to have them in your installed programs, you have foldes for .BitTornado, Azureus and BitTorrent.

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.


Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

So, we can remove the leftovers if you wish, but if you do decide to keep them, don't run them until we've cleaned the computer 

------------

Now that's out of the way, lets get started 

Can you uninstall these programs from AddRemove Programs, or Start | Programs:

*EpicPlay
StartNow Toolbar
WindowShopper
ask.com
searchqutoolbar*

Okay, you said you managed to update Malwarebytes' Anti-Malware, so can you run a full scan with it, and post the log.

Also, can you run this program as well:

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## Phoenix Rising (Mar 9, 2009)

I've not forgotten Trying to get a working version of the super anti-spyware. When I do I will post also have been under the weather some flu like stuff)so have been sleeping a lot.


----------



## Phoenix Rising (Mar 9, 2009)

I have removed the peerblock and It seems to have made things run better....and faster. I was told that it was a good thing and protected your computer from people trying to seal info from you, a peer blocker so to speak. Here are the logs you requested below.

Super Anti virus log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2012 at 08:09 AM

Application Version : 5.0.1142

Core Rules Database Version : 8149
Trace Rules Database Version: 5961

Scan type : Complete Scan
Total Scan Time : 00:27:18

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 38048
Registry threats detected : 4
File items scanned : 33784
File threats detected : 77

Adware.EpicPlay
HKCR\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
HKLM\Software\Classes\CLSID\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
HKU\S-1-5-21-789336058-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}

PUP.StartNow Toolbar
C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_msn.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files\StartNow Toolbar\Resources\images
C:\Program Files\StartNow Toolbar\Resources\installer.xml
C:\Program Files\StartNow Toolbar\Resources\skin\chevron_button.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
C:\Program Files\StartNow Toolbar\Resources\skin\separator.png
C:\Program Files\StartNow Toolbar\Resources\skin\splitter.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
C:\Program Files\StartNow Toolbar\Resources\skin
C:\Program Files\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files\StartNow Toolbar\Resources\update.xml
C:\Program Files\StartNow Toolbar\Resources
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService(2).exe
C:\Program Files\StartNow Toolbar\uninstall.dat
C:\Program Files\StartNow Toolbar

Adware.Tracking Cookie
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EKM4EBJZ.DEFAULT\COOKIES.TXT ]

HiJack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:40 PM, on 1/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MARK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5953 bytes

Mbam log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.17.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MARK :: MARK-387473CC81 [administrator]

1/20/2012 12:14:03 PM
mbam-log-2012-01-20 (12-14-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 189074
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## eddie5659 (Mar 19, 2001)

It may have been because it was searching a database to see if it will allow it or not, kind of like if you edit the hosts file, to block many sites 

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Now, go *here* and download the latest Java Version.

--------

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll ( )
[2011/11/27 17:20:15 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/04 12:23:07 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\[email protected]
[2011/09/24 02:27:37 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/09/22 21:09:36 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 18:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MARK\Application Data\searchqutoolbar
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

------------------------

Then, after doing that, can you run this tool:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Phoenix Rising (Mar 9, 2009)

CComboFix 12-01-21.02 - MARK 01/21/2012 16:50:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.449 [GMT -6:00]
Running from: c:\documents and settings\MARK\Desktop\123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\MARK\LOCALS~1\Temp\SAS4.tmp
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\bing-zugo.xml
c:\documents and settings\MARK\Local Settings\Temp\SAS4.tmp
c:\documents and settings\MARK\WINDOWS
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\system32
c:\windows\system32\system32\drivers\kbcam.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 22:25 . 2011-11-10 11:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-21 21:43 . 2012-01-21 21:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-21 21:35 . 2012-01-21 21:35 -------- dc----w- C:\_OTL
2012-01-21 14:40 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF4AD8CD-F763-474B-8672-00B2156A3617}\mpengine.dll
2012-01-20 19:36 . 2012-01-20 19:36 -------- d-----w- c:\documents and settings\MARK\Application Data\dvdcss
2012-01-20 12:52 . 2012-01-20 12:52 -------- d-----w- c:\documents and settings\MARK\Application Data\SUPERAntiSpyware.com
2012-01-20 12:51 . 2012-01-20 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 15:33 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 23:44 . 2012-01-11 23:44 -------- d-----w- c:\program files\ltmoh
2012-01-11 05:42 . 2012-01-11 05:42 -------- d--h--w- c:\windows\PIF
2012-01-06 13:42 . 2012-01-06 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-06 13:41 . 2012-01-06 13:41 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-01-06 13:37 . 2012-01-06 13:37 -------- d-----w- c:\windows\system32\URTTEMP
2012-01-06 13:36 . 2012-01-06 13:36 -------- d-----w- c:\windows\Downloaded Installations
2012-01-06 13:04 . 2012-01-21 22:48 -------- dc----w- c:\documents and settings\Administrator
2012-01-05 13:26 . 2009-08-03 21:07 373104 ----a-w- c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
2012-01-05 13:05 . 2006-03-24 01:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2012-01-04 22:58 . 2012-01-06 13:43 -------- dc----w- c:\documents and settings\Twinkle
2012-01-03 05:24 . 2012-01-06 13:37 -------- dc-h--w- c:\windows\ie8
2012-01-02 23:25 . 2012-01-06 13:37 -------- d-----w- c:\program files\LSI SoftModem
2011-12-23 16:48 . 2011-12-23 16:48 -------- d-----w- c:\program files\PeoplePC
2011-12-23 16:48 . 2011-05-18 22:01 40616 ------w- c:\windows\system32\PPCClean.exe
2011-12-23 16:48 . 2011-05-18 22:01 57168 ------w- c:\windows\system32\PPCOUNIN.exe
2011-12-23 16:48 . 2011-05-18 21:35 61440 ------w- c:\windows\system32\ppcpanel.cpl
2011-12-23 16:05 . 2011-12-23 16:05 -------- d-----w- c:\program files\Intel
2011-12-23 16:03 . 2011-12-23 16:03 -------- d-----w- c:\program files\Dell
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-09-25 06:43 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-03 01:43 . 2011-09-20 06:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 20:29 . 2011-09-25 03:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 11:54 . 2011-09-20 05:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 09:27 . 2011-09-20 05:48 73728  ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2004-08-10 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-10 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-10 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-10 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2007-08-13 23:34 268288 ----a-w- c:\windows\system32\iertutil(2)(3).dll
2011-10-31 23:43 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet(5)(2).dll
2011-10-31 23:43 . 2004-08-10 12:00 1168896 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2011-10-31 23:43 . 2004-08-10 12:00 106496 ----a-w- c:\windows\system32\url(4)(2).dll
2011-10-28 05:31 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-13 15:56 . 2011-10-24 23:20 5960560 ----a-w- c:\program files\BitTorrent-7.5(1).exe
2011-11-21 04:04 . 2011-12-17 03:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-23 10:15 . 2011-09-23 10:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [email protected]_11.08.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 11:42 . 2008-04-14 11:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2009-05-22 02:46 . 2009-05-22 02:46 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-05-22 03:09 . 2009-05-22 03:09 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2009-05-22 03:09 . 2009-05-22 03:09 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2009-05-22 02:54 . 2009-05-22 02:54 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2011-10-29 10:25 . 2011-10-29 10:25 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2012-01-21 22:25 . 2012-01-21 22:25 16384 c:\windows\Temp\Perflib_Perfdata_c0c.dat
+ 2011-10-27 12:09 . 2002-03-14 16:30 77824 c:\windows\system32\zdec.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 56320 c:\windows\system32\xmlfilter.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 02:13 . 2006-09-29 02:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 20:56 . 2009-10-09 20:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 02:00 . 2006-10-19 02:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2004-08-10 12:00 . 2006-10-19 03:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 33792 c:\windows\system32\wmdmlog.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 22:22 . 2009-10-09 22:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 20:56 . 2009-10-09 20:56 25088 c:\windows\system32\winrmprov.dll
+ 2011-11-13 14:00 . 2009-10-09 20:56 24064 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2003-02-21 11:16 . 2003-02-21 11:16 49152 c:\windows\system32\URTTEMP\regtlib.exe
+ 2009-08-19 19:22 . 2011-05-11 02:03 37720 c:\windows\system32\unMAX.exe
+ 2008-05-27 04:19 . 2008-05-27 04:19 97792 c:\windows\system32\UncCplExt.dll
+ 2009-08-19 19:22 . 2011-05-11 02:03 36696 c:\windows\system32\unACC.exe
+ 2011-09-19 17:09 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2011-09-19 17:09 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2008-05-27 03:59 . 2008-05-27 03:59 18904 c:\windows\system32\structuredqueryschematrivial.bin
+ 2011-09-19 15:41 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
- 2011-09-19 15:41 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2011-11-14 00:52 . 2009-01-08 00:20 16928 c:\windows\system32\spmsg.dll
- 2011-09-19 15:41 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 87552 c:\windows\system32\searchfilterhost.exe
+ 2008-05-27 04:18 . 2008-05-27 04:18 38400 c:\windows\system32\rtffilt.dll
+ 2012-01-03 00:15 . 2008-04-14 05:01 36352 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\intelppm.sys
+ 2011-12-19 17:39 . 2005-05-02 04:10 68096 c:\windows\system32\ReinstallBackups\0007\DriverFiles\agrsmdel.exe
+ 2011-11-14 00:55 . 2008-10-28 10:27 21568 c:\windows\system32\ReinstallBackups\0006\DriverFiles\drivers\dot4\Win2000\HPZius12.sys
+ 2012-01-11 23:44 . 2005-05-02 17:10 68096 c:\windows\system32\ReinstallBackups\0003\DriverFiles\agrsmdel.exe
- 2011-09-20 09:37 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe
+ 2012-01-05 13:02 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxtray.exe
+ 2012-01-05 13:02 . 2006-03-24 01:13 61440 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxsrvc.dll
- 2011-09-20 09:37 . 2006-03-24 01:13 61440 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxsrvc.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxext.exe
- 2011-09-20 09:37 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxext.exe
- 2011-09-20 09:37 . 2006-03-24 01:17 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxexps.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxexps.dll
+ 2012-01-05 13:02 . 2006-03-24 01:13 86016 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxdo.dll
- 2011-09-20 09:37 . 2006-03-24 01:13 86016 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxdo.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuTRK.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuTRK.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuTHA.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuTHA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuSVE.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuSVE.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuRUS.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuRUS.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPTG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPTG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPTB.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPTB.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPLK.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuPLK.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuNOR.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuNOR.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuNLD.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuNLD.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuKOR.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuKOR.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuJPN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuJPN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuITA.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuITA.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuHUN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuHUN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuHEB.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuHEB.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFRC.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFRC.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFRA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFRA.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFIN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuFIN.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuESP.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuESP.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuENG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuENG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuELL.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuELL.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuDEU.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuDEU.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuDAN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuDAN.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCSY.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCSY.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCHT.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCHT.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCHS.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuCHS.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuARB.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuARB.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuARA.dll
- 2011-09-20 09:37 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmuARA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 45694 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmrnt5.dll
- 2011-09-20 09:37 . 2006-03-24 01:38 45694 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmrnt5.dll
- 2011-09-20 09:37 . 2006-03-24 01:38 49152 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmrem.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 49152 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmrem.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 61440 c:\windows\system32\ReinstallBackups\0002\DriverFiles\iAlmCoIn.dll
- 2011-09-20 09:37 . 2006-03-24 01:38 61440 c:\windows\system32\ReinstallBackups\0002\DriverFiles\iAlmCoIn.dll
- 2011-09-20 09:37 . 2006-03-24 01:13 77824 c:\windows\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe
+ 2012-01-05 13:02 . 2006-03-24 01:13 77824 c:\windows\system32\ReinstallBackups\0002\DriverFiles\hkcmd.exe
+ 2012-01-05 13:02 . 2006-03-24 01:12 73728 c:\windows\system32\ReinstallBackups\0002\DriverFiles\hccutils.dll
- 2011-09-20 09:37 . 2006-03-24 01:12 73728 c:\windows\system32\ReinstallBackups\0002\DriverFiles\hccutils.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxtray.exe
+ 2012-01-05 13:01 . 2006-03-24 01:13 61440 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxsrvc.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 94208 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxext.exe
+ 2012-01-05 13:02 . 2006-03-24 01:17 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxexps.dll
+ 2012-01-05 13:02 . 2006-03-24 01:13 86016 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxdo.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuTRK.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuTHA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuSVE.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuRUS.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuPTG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuPTB.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuPLK.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuNOR.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuNLD.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuKOR.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuJPN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuITA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuHUN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuHEB.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuFRC.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuFRA.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuFIN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuESP.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuENG.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuELL.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuDEU.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuDAN.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuCSY.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuCHT.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuCHS.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuARB.dll
+ 2012-01-05 13:02 . 2006-03-24 01:24 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmuARA.dll
+ 2012-01-05 13:01 . 2006-03-24 01:38 45694 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmrnt5.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 49152 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmrem.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 61440 c:\windows\system32\ReinstallBackups\0001\DriverFiles\iAlmCoIn.dll
+ 2012-01-05 13:02 . 2006-03-24 01:13 77824 c:\windows\system32\ReinstallBackups\0001\DriverFiles\hkcmd.exe
+ 2012-01-05 13:01 . 2006-03-24 01:12 73728 c:\windows\system32\ReinstallBackups\0001\DriverFiles\hccutils.dll
+ 2012-01-03 00:15 . 2008-04-14 05:01 36352 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\intelppm.sys
+ 2009-10-09 22:22 . 2009-10-09 22:22 42496 c:\windows\system32\pwrshplugin.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 71680 c:\windows\system32\propdefs.dll
+ 2004-08-10 12:00 . 2009-03-08 10:31 46592 c:\windows\system32\pngfilt.dll
+ 2005-10-29 05:49 . 2005-10-29 05:49 84480 c:\windows\system32\pintool.exe
+ 2004-08-10 12:00 . 2012-01-03 07:58 86832 c:\windows\system32\perfc009.dat
+ 2008-05-27 04:19 . 2008-05-27 04:19 11264 c:\windows\system32\oephRes.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz(3)(2).dll
- 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 24576 c:\windows\system32\nlsdl.dll
- 2004-08-10 12:00 . 2008-04-14 10:42 98304 c:\windows\system32\nlhtml.dll
+ 2004-08-10 12:00 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
+ 2011-10-28 22:02 . 1997-04-16 14:05 59904 c:\windows\system32\Nkdserl.dll
+ 2011-10-28 22:02 . 1997-04-16 14:15 34304 c:\windows\system32\Nkdscsi.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 44032 c:\windows\system32\msstrc.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 32768 c:\windows\system32\mssprxy.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 87552 c:\windows\system32\mssitlb.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 11776 c:\windows\system32\msshooks.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 60416 c:\windows\system32\msscntrs.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 34816 c:\windows\system32\msscb.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 27136 c:\windows\system32\mspmsnsv.dll
- 2004-08-10 12:00 . 2007-08-13 23:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 12:00 . 2009-03-08 10:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2004-08-10 12:00 . 2007-08-13 23:32 45568 c:\windows\system32\mshta.exe
+ 2004-08-10 12:00 . 2009-03-08 10:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 23:36 . 2009-03-08 10:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 23:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 12:00 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
- 2004-08-10 12:00 . 2008-04-14 10:41 29696 c:\windows\system32\mimefilt.dll
+ 2004-08-10 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-10 12:00 . 2008-04-14 10:41 23040 c:\windows\system32\mciseq.dll
+ 2011-10-27 12:09 . 2000-11-22 23:31 27136 c:\windows\system32\lttwn80n.dll
+ 2011-10-27 12:09 . 2000-11-22 23:31 87552 c:\windows\system32\ltimg80n.dll
+ 2011-10-27 12:09 . 2000-11-22 23:31 58368 c:\windows\system32\ltfil80n.dll
+ 2011-10-28 22:02 . 1997-03-24 00:22 55808 c:\windows\system32\Ltfil70n.dll
+ 2011-10-27 12:09 . 2000-11-22 23:31 20992 c:\windows\system32\lfwpg80n.dll
+ 2011-10-27 12:09 . 2000-11-22 23:31 18944 c:\windows\system32\lfwfx80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 97280 c:\windows\system32\lftif80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 20992 c:\windows\system32\lftga80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 19456 c:\windows\system32\lfras80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 22016 c:\windows\system32\lfpsd80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 24064 c:\windows\system32\lfpcx80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 24576 c:\windows\system32\lfpct80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 19456 c:\windows\system32\lfpcd80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 19456 c:\windows\system32\lfmsp80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 18944 c:\windows\system32\lfmac80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 25088 c:\windows\system32\lflmb80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 28672 c:\windows\system32\lflma80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 91136 c:\windows\system32\Lfkodak.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 20480 c:\windows\system32\lfimg80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 26112 c:\windows\system32\lfica80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 32256 c:\windows\system32\lfgif80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 35840 c:\windows\system32\lffpx80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 57344 c:\windows\system32\lffax80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31  24064 c:\windows\system32\lfeps80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 19968 c:\windows\system32\lfcal80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 26112 c:\windows\system32\lfbmp80n.dll
+ 2011-10-28 22:02 . 1997-03-24 00:22 24576 c:\windows\system32\Lfbmp70n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 22528 c:\windows\system32\lfawd80n.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 11264 c:\windows\system32\LAPRXY.dll
+ 2011-10-28 22:00 . 2000-10-09 17:24 16384 c:\windows\system32\kbcam.sys
+ 2004-08-10 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 12:00 . 2009-03-08 10:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 12:00 . 2009-03-08 10:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 09:32 . 2009-03-08 10:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 12:00 . 2009-03-08 10:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 12:00 . 2009-03-08 10:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 26112 c:\windows\system32\idndl.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 23:36 . 2009-03-08 10:31 59904 c:\windows\system32\icardie.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 68096 c:\windows\system32\ekfpixpsets.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 97280 c:\windows\system32\ekfpixjpeg.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 43520 c:\windows\system32\ekfpixaudio.dll
+ 2011-10-28 22:02 . 1997-04-16 15:09 29696 c:\windows\system32\E300str.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 70472 c:\windows\system32\dxva2.dll
+ 2006-09-29 01:00 . 2006-09-29 01:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-29 00:55 . 2006-09-29 00:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2004-08-10 12:00 . 2006-10-19 02:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2011-10-17 22:58 . 2009-02-26 08:01 21568 c:\windows\system32\drivers\HPZius12.sys
- 2011-10-17 22:58 . 2008-10-28 10:27 21568 c:\windows\system32\drivers\HPZius12.sys
+ 2011-09-19 17:45 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-09-19 17:45 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2011-09-19 15:24 . 2006-10-19 03:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2011-09-19 15:24 . 2006-10-19 03:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2007-08-13 23:36 . 2009-03-08 10:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-11-14 00:53 . 2008-03-07 17:02 98304 c:\windows\system32\dllcache\nlhtml.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2007-08-13 23:01 . 2009-03-08 10:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 23:01 . 2007-08-13 23:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2011-06-21 18:18 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:32 . 2009-03-08 10:31  45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-13 23:32 . 2007-08-13 23:32 45568 c:\windows\system32\dllcache\mshta.exe
- 2011-09-19 17:45 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-09-19 17:45 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-11-14 00:53 . 2008-03-07 17:02 29696 c:\windows\system32\dllcache\mimefilt.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2007-08-13 23:44 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2007-08-13 23:54 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 23:39 . 2009-03-08 10:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 23:36 . 2009-03-08 10:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2011-08-17 12:21 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2011-08-17 12:21 . 2011-10-31 20:56 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 23:39 . 2009-03-08 10:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39 . 2009-03-08 10:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2011-08-17 21:32 . 2009-03-08 10:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 23:18 . 2009-03-08 10:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2007-08-13 23:42 . 2009-03-08 10:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 12:00 . 2008-04-14 10:41 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2007-08-13 23:39 . 2009-03-08 10:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 65864 c:\windows\system32\Digita.sys
+ 2011-10-28 22:02 . 1998-05-19 18:45 45568 c:\windows\system32\DC210V204_32.dll
+ 2011-10-28 22:02 . 1994-09-17 00:00 20976 c:\windows\system32\CTL3D.DLL
+ 2011-10-28 22:02 . 1998-04-20 19:45 27136 c:\windows\system32\CPPENV25.DLL
+ 2004-08-10 12:00 . 2009-03-08 10:33 18944 c:\windows\system32\corpol.dll
+ 2012-01-03 00:40 . 2012-01-03 00:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012010220120103\index.dat
- 2011-09-19 15:30 . 2011-10-23 11:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-19 15:30 . 2012-01-03 00:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-19 15:30 . 2012-01-03 00:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-09-19 15:30 . 2011-10-23 11:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-10-28 22:02 . 1996-06-17 15:03 19968 c:\windows\system32\Comm32.dll
+ 2011-10-28 22:02 . 1996-12-05 16:02 59392 c:\windows\system32\Camapi32.dll
+ 2005-10-29 05:49 . 2005-10-29 05:49 25600 c:\windows\system32\bcsprsrc.dll
+ 2005-10-28 22:40 . 2005-10-28 22:40 96792 c:\windows\system32\basecsp.dll
+ 2011-11-23 03:05 . 2005-05-02 04:10 68096 c:\windows\system32\agrsmdel.exe
+ 2009-03-28 04:12 . 2009-03-28 04:12 13824 c:\windows\system32\agrscoin.dll
+ 2004-08-10 12:00 . 2009-03-08 10:32 72704 c:\windows\system32\admparse.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2011-05-17 15:27 . 2011-05-17 15:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2004-07-15 08:11 . 2004-07-15 08:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2009-06-25 01:56 . 2009-06-25 01:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 20:28 . 2004-07-15 20:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 06:35 . 2004-07-15 06:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 13:26 . 2003-02-21 13:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 13:26 . 2003-02-21 13:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 13:25 . 2003-02-21 13:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 20:28 . 2004-07-15 20:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 13:25 . 2003-02-21 13:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 06:34 . 2004-07-15 06:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 00:43 . 2003-02-21 00:43 22528  c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 01:18 . 2003-02-21 01:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2004-07-15 06:33 . 2004-07-15 06:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 01:06 . 2003-02-21 01:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2004-07-15 06:32 . 2004-07-15 06:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 20:28 . 2004-07-15 20:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 13:25 . 2003-02-21 13:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 13:24 . 2003-02-21 13:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 01:22 . 2003-02-21 01:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2004-07-15 20:31 . 2004-07-15 20:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 20:30 . 2003-10-08 20:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 10:12 . 2003-02-21 10:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 13:24 . 2003-02-21 13:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2004-07-15 17:23 . 2004-07-15 17:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 13:24 . 2003-02-21 13:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 07:49 . 2004-07-15 07:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 07:49 . 2004-07-15 07:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 01:19 . 2003-02-21 01:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 11:00 . 2003-02-21 11:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 09:55 . 2003-02-21 09:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 08:59 . 2003-02-21 08:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-28 22:02 . 1998-01-17 07:44 37376 c:\windows\KPSYS32.DLL
+ 2011-10-29 10:25 . 2011-10-29 10:25 65536 c:\windows\Installer\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2011-10-29 10:25 . 2011-10-29 10:25 77824 c:\windows\Installer\{922E8525-AC7E-4294-ACAA-43712D4423C0}\ARPPRODUCTICON.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 34304  c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2011-12-17 15:59 . 2011-12-17 15:59 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-09-28 17:07 . 2011-09-28 17:07 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-10-26 15:38 . 2011-10-26 15:38 14534 c:\windows\Installer\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}\SystemFolder_msiexec.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut9.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut9.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut8.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut8.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut7.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut7.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-29 10:25 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut6.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut5.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut5.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut4.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut4.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut3.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut3.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut23.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut23.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut22.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut22.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut21.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut21.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut20.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut20.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut2.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut2.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut19.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut19.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut18.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut18.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut17.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut17.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut16.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut16.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut15.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut15.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut14.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut14.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut13.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut13.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut12.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut12.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut11.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut11.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut10.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut10.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2011-10-17 23:15 . 2011-10-29 10:25 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut1.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
- 2011-10-17 23:15 . 2011-10-18 12:18 91707 c:\windows\Installer\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}\NewShortcut1.8A4F6A3E_5FDC_4E68_953F_2A8D5A684B79.exe
+ 2012-01-03 05:27 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2012-01-03 05:27 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
+ 2012-01-03 05:27 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
+ 2012-01-03 05:27 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2012-01-03 05:27 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-01-03 05:27 . 2009-03-08 10:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-01-03 05:27 . 2009-03-08 10:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-01-03 07:38 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
+ 2012-01-03 07:38 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
+ 2012-01-03 07:37 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2012-01-03 07:37 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2012-01-03 05:25 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 44544 c:\windows\ie8\pngfilt.dll
+ 2012-01-03 05:24 . 2007-08-13 23:01 48128 c:\windows\ie8\mshtmler.dll
+ 2012-01-03 05:24 . 2007-08-13 23:32 45568 c:\windows\ie8\mshta.exe
+ 2012-01-03 05:24 . 2007-08-13 23:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2012-01-03 05:24 . 2011-10-31 23:43 52224 c:\windows\ie8\msfeedsbs.dll
+ 2012-01-03 05:24 . 2007-08-13 23:44 40960 c:\windows\ie8\licmgr10.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 27648 c:\windows\ie8\jsproxy.dll
+ 2012-01-03 05:24 . 2007-08-13 23:39 92672 c:\windows\ie8\inseng.dll
+ 2012-01-03 05:24 . 2007-08-13 23:36 36352 c:\windows\ie8\imgutil.dll
+ 2012-01-03 05:24 . 2007-08-13 23:39 55296 c:\windows\ie8\iesetup.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 44544 c:\windows\ie8\iernonce.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 78336 c:\windows\ie8\ieencode.dll
+ 2012-01-03 05:24 . 2011-10-31 20:56 70656 c:\windows\ie8\ie4uinit.exe
+ 2012-01-03 05:24 . 2011-10-31 23:43 63488 c:\windows\ie8\icardie.dll
+ 2012-01-03 05:24 . 2007-08-13 23:18 60416 c:\windows\ie8\hmmapi.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 17408 c:\windows\ie8\corpol.dll
+ 2012-01-03 05:24 . 2007-08-13 23:39 71680 c:\windows\ie8\admparse.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 44544 c:\windows\ie7updates\KB2618444-IE7\pngfilt.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 52224 c:\windows\ie7updates\KB2618444-IE7\msfeedsbs.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 27648 c:\windows\ie7updates\KB2618444-IE7\jsproxy.dll
+ 2011-12-17 11:03 . 2011-08-17 12:21 13824 c:\windows\ie7updates\KB2618444-IE7\ieudinit.exe
+ 2011-12-17 11:03 . 2011-08-17 21:32 44544 c:\windows\ie7updates\KB2618444-IE7\iernonce.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 78336 c:\windows\ie7updates\KB2618444-IE7\ieencode.dll
+ 2011-12-17 11:03 . 2011-08-17 12:21 70656 c:\windows\ie7updates\KB2618444-IE7\ie4uinit.exe
+ 2011-12-17 11:03 . 2011-08-17 21:32 63488 c:\windows\ie7updates\KB2618444-IE7\icardie.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 17408 c:\windows\ie7updates\KB2618444-IE7\corpol.dll
+ 2011-10-28 22:02 . 1998-04-18 13:34 54784 c:\windows\EasyPhoto Slide Show.scr
+ 2011-10-28 22:02 . 1995-07-14 06:46 27136 c:\windows\CTL3D32.DLL
+ 2012-01-03 08:04 . 2012-01-03 08:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_86a2efa6\System.Drawing.Design.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4b651485\CustomMarshalers.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\1c177e9aa7a1661ddec16c2f9f30947c\UIAutomationProvider.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\e4f0e0d45a1739bad6cc96377c9dd7f2\System.Windows.Presentation.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\385b56be2d617548e4b731dd050a1f32\System.Web.ApplicationServices.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e08ecf530f270cd45c72318b67826cb1\System.ServiceModel.Channels.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\117b65133fc00228bc249d1c61c387ea\System.AddIn.Contract.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\432eb09604ab71ee1aa4622bfbc4afee\Microsoft.VisualC.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\06ac8d640d2dfa7d4bb23c03584304ef\Accessibility.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
- 2011-10-17 18:46 . 2011-10-17 18:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
- 2011-10-17 18:42 . 2011-10-17 18:42 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2012-01-03 08:01 . 2012-01-03 08:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
- 2011-10-17 18:41 . 2011-10-17 18:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
- 2011-10-17 19:30 . 2011-10-17 19:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-01-03 08:05 . 2012-01-03 08:05 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
- 2011-10-17 19:29 . 2011-10-17 19:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-23 03:02 . 2005-06-30 05:16 88203 c:\windows\AGRSMMSG.exe
+ 2011-11-23 03:02 . 2005-05-02 04:10 68096 c:\windows\agrsmdel.exe
+ 2011-11-14 00:50 . 2006-09-29 01:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 81920 c:\windows\$NtUninstallwmp11$\wmpshell.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 73728 c:\windows\$NtUninstallwmp11$\wmplayer.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 28672 c:\windows\$NtUninstallwmp11$\wmpenc.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 77824 c:\windows\$NtUninstallwmp11$\wmpband.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 16896 c:\windows\$NtUninstallWMFDist11$\wpdusb.sys
+ 2011-11-14 00:51 . 2004-08-10 12:00 69120 c:\windows\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 64000 c:\windows\$NtUninstallWMFDist11$\wpdconns.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 38912 c:\windows\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 33280 c:\windows\$NtUninstallWMFDist11$\wmdmps.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 25088 c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 38912 c:\windows\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2011-11-14 00:51 . 2004-08-10 12:00 15360 c:\windows\$NtUninstallWMFDist11$\wdfapi.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 46592 c:\windows\$NtUninstallWMFDist11$\uwdf.exe
+ 2011-11-14 00:51 . 2006-11-02 17:46 13312 c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2011-11-14 00:51 . 2008-06-10 14:17 96768 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2011-11-13 14:00 . 2007-10-22 07:08 20480 c:\windows\$NtUninstallKB926139-v2$\PSCustomSetupUtil.exe
+ 2011-11-14 00:53 . 2008-04-14 10:42 98304 c:\windows\$NtUninstallKB915800-v4$\nlhtml.dll
+ 2011-11-14 00:53 . 2008-04-14 10:41 29696 c:\windows\$NtUninstallKB915800-v4$\mimefilt.dll
+ 2011-12-17 10:59 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
+ 2011-12-17 10:59 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
+ 2011-12-17 10:58 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
+ 2011-11-13 15:24 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-13 15:24 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2011-12-16 12:52 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
+ 2011-12-17 10:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
+ 2011-12-17 10:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
+ 2011-12-17 11:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE7\update\spcustom.dll
+ 2011-12-17 11:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE7\spmsg.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 44544 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\pngfilt.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 52224 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\msfeedsbs.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 27648 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\jsproxy.dll
+ 2011-10-31 21:08 . 2011-10-31 21:08 13824 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieudinit.exe
+ 2011-10-31 23:37 . 2011-10-31 23:37 44544 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iernonce.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 78336 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieencode.dll
+ 2011-10-31 21:08 . 2011-10-31 21:08 70656 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ie4uinit.exe
+ 2011-10-31 23:37 . 2011-10-31 23:37 63488 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\icardie.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 17408 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\corpol.dll
+ 2011-11-14 22:30 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll
+ 2011-11-14 22:30 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll
+ 2011-11-13 15:26 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-13 15:26 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2011-11-14 00:55 . 2007-11-01 04:48 20992 c:\windows\$968930Uinstall_KB968930$\pwrshsip.dll
+ 2009-10-09 20:57 . 2009-10-09 20:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2011-11-14 00:55 . 2011-11-13 14:01 65536 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.security.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmvdmod.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wmsdmod.dll
+ 2011-10-28 22:02 . 1996-02-07 16:15 4080 c:\windows\system32\WINSIZE.DLL
+ 2009-10-09 20:56 . 2009-10-09 20:56 2048 c:\windows\system32\winrsmgr.dll
+ 2011-11-13 14:00 . 2009-10-09 22:23 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2009-10-09 22:23 . 2009-10-09 22:23 4096 c:\windows\system32\windowspowershell\v1.0\powershell_ise.resources.dll
+ 2004-08-10 12:00 . 2006-10-19 03:58 8704 c:\windows\system32\wdfmgr.exe
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\wdfapi.dll
+ 2004-08-10 12:00 . 2006-10-19 03:58 8704 c:\windows\system32\uwdf.exe
+ 2008-05-27 04:19 . 2008-05-27 04:19 2048 c:\windows\system32\UncRes.dll
+ 2004-08-04 05:56 . 2008-04-14 11:42 7680 c:\windows\system32\spdwnwxp.exe
- 2004-08-04 05:56 . 2008-04-14 10:42 7680 c:\windows\system32\spdwnwxp.exe
+ 2003-02-21 00:43 . 2003-02-21 00:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2011-10-28 22:02 . 1998-05-19 18:45 6144 c:\windows\system32\ImgLibLead.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 4608 c:\windows\system32\ekfpixguid.dll
+ 2011-11-01 14:37 . 1997-06-17 09:00 4064 c:\windows\system32\drivers\ATMHELPR.SYS
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2011-09-19 17:46 . 2011-08-16 10:45 6144 c:\windows\system32\dllcache\iecompat.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 7168 c:\windows\system32\asferror.dll
+ 2011-11-08 00:30 . 2011-11-08 00:30 2309 c:\windows\mozver.dat
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 13:25 . 2003-02-21 13:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 13:25 . 2003-02-21 13:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 20:31 . 2004-07-15 20:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 13:24 . 2003-02-21 13:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 13:24 . 2003-02-21 13:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
- 2011-09-20 04:33 . 2011-10-17 18:15 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 3584  c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2012-01-03 05:27 . 2009-03-08 10:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\3a2ab56bb224b871516526753985ff69\System.Xml.Serialization.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\5cc246adea1b07b9c2a76bbe86fbfe2e\dfsvc.ni.exe
- 2011-10-17 18:18 . 2011-10-17 18:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-17 18:19 . 2011-10-17 18:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-03 05:19 . 2012-01-03 05:19 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 8192 c:\windows\$NtUninstallwmp11$\asferror.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 6656 c:\windows\$NtUninstallWMFDist11$\laprxy.dll
+ 2011-11-13 14:00 . 2007-10-30 09:15 7680 c:\windows\$NtUninstallKB926139-v2$\PSSetupNativeUtils.exe
+ 2011-11-14 00:55 . 2007-06-30 18:49 4608 c:\windows\$968930Uinstall_KB968930$\pwrshmsg.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2012-01-03 07:58 . 2012-01-03 07:58 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-14 04:56 . 2008-04-14 04:56 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-04-14 05:56 . 2008-04-14 05:56 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
+ 2009-05-22 03:16 . 2009-05-22 03:16 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2011-10-28 22:01 . 1997-04-09 01:08 299520 c:\windows\uninst.exe
+ 2011-10-28 22:00 . 1999-07-03 18:17 133632 c:\windows\twain_32\JamCamEx\kbusbdll.dll
- 2011-09-19 17:09 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2011-09-19 17:09 . 2009-01-08 00:21 121856 c:\windows\system32\xmllite.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-29 00:56 . 2006-09-29 00:56 146432 c:\windows\system32\WudfHost.exe
+ 2009-10-09 20:56 . 2009-10-09 20:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 22:22 . 2009-10-09 22:22 368640 c:\windows\system32\WsmRes.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2004-08-10 12:00 . 2006-10-19 03:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 154624 c:\windows\system32\wpdmtp.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-10 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 03:47 . 2008-06-25 00:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-10 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-10 12:00 . 2008-06-18 11:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 157184 c:\windows\system32\wmidx.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-10 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 757248 c:\windows\system32\WMADMOD.dll
+ 2009-10-09 20:56 . 2009-10-09 20:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-08-01 05:27 . 2009-08-01 05:27 201184 c:\windows\system32\winrm.vbs
- 2004-08-10 12:00 . 2008-04-14 10:42 176128 c:\windows\system32\winmm.dll
+ 2004-08-10 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2004-08-10 12:00 . 2011-08-17 21:32 832512 c:\windows\system32\wininet(3).dll
+ 2007-08-13 23:45 . 2009-03-08 10:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2009-10-09 22:23 . 2009-10-09 22:23 148480 c:\windows\system32\windowspowershell\v1.0\pspluginwkr.dll
+ 2009-10-09 20:57 . 2009-10-09 20:57 204800 c:\windows\system32\windowspowershell\v1.0\powershell_ise.exe
+ 2011-11-13 14:00 . 2009-10-09 20:56 448000 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2009-10-09 20:57 . 2009-10-09 20:57 112640 c:\windows\system32\windowspowershell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 16:22 . 2009-07-16 16:22 126976 c:\windows\system32\windowspowershell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 22:23 . 2009-10-09 22:23 178176 c:\windows\system32\wevtfwd.dll
+ 2004-08-10 12:00 . 2009-03-08 10:34 236544 c:\windows\system32\webcheck.dll
+ 2011-10-27 12:09 . 2001-11-02 18:50 147456 c:\windows\system32\VegaShEx.dll
+ 2004-08-10 12:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2004-08-10 12:00 . 2011-08-17 21:32 106496 c:\windows\system32\url(3).dll
+ 2008-05-27 04:19 . 2008-05-27 04:19 131072 c:\windows\system32\UncPH.dll
+ 2008-05-27 04:19 . 2008-05-27 04:19 108032 c:\windows\system32\UncNE.dll
+ 2008-05-27 04:19 . 2008-05-27 04:19 143872 c:\windows\system32\UncDMS.dll
+ 2008-05-27 03:59 . 2008-05-27 03:59 106605 c:\windows\system32\structuredqueryschema.bin
+ 2008-05-27 04:17 . 2008-05-27 04:17 301568 c:\windows\system32\srchadmin.dll
+ 2011-10-28 22:02 . 1997-11-11 21:50 151984 c:\windows\system32\spool\drivers\w32x86\PDFDDUI.DLL
+ 2011-10-28 22:02 . 1997-11-11 21:47 468944 c:\windows\system32\spool\drivers\w32x86\PDFDD.DLL
- 2011-09-21 04:12 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-09-21 04:12 . 2008-04-14 11:42 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-10-28 22:02 . 1996-05-06 16:52 249856 c:\windows\system32\Snap32n.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 184832 c:\windows\system32\searchprotocolhost.exe
+ 2008-05-27 04:18 . 2008-05-27 04:18 439808 c:\windows\system32\searchindexer.exe
+ 2011-10-28 22:02 . 1998-10-27 04:26 215040 c:\windows\system32\SC.DLL
+ 2012-01-02 23:24 . 2005-03-17 21:30 132608 c:\windows\system32\ReinstallBackups\0008\DriverFiles\b57xp32.sys
+ 2011-11-14 00:55 . 2008-10-28 10:27 372736 c:\windows\system32\ReinstallBackups\0006\DriverFiles\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-11-14 00:55 . 2008-10-28 10:27 309760 c:\windows\system32\ReinstallBackups\0006\DriverFiles\drivers\dot4\Win2000\difxapi.dll
- 2011-09-20 09:37 . 2006-03-24 01:31 524288 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igldev32.dll
+ 2012-01-05 13:02 . 2006-03-24 01:31 524288 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igldev32.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 114688 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxzoom.exe
- 2011-09-20 09:37 . 2006-03-24 01:17 114688 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxzoom.exe
- 2011-09-20 09:37 . 2006-03-24 01:13 163840 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxsrvc.exe
+ 2012-01-05 13:02 . 2006-03-24 01:13 163840 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxsrvc.exe
- 2011-09-20 09:37 . 2006-03-24 01:16 143360 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxpph.dll
+ 2012-01-05 13:02 . 2006-03-24 01:16 143360 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxpph.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 118784 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxpers.exe
- 2011-09-20 09:37 . 2006-03-24 01:17 118784 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxpers.exe
+ 2012-01-05 13:02 . 2006-03-24 01:12 139264 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxdev.dll
- 2011-09-20 09:37 . 2006-03-24 01:12 139264 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxdev.dll
- 2011-09-20 09:37 . 2006-03-24 01:16 450560 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxcfg.exe
+ 2012-01-05 13:02 . 2006-03-24 01:16 450560 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxcfg.exe
- 2011-09-20 09:37 . 2006-03-24 01:24 114688 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmudlg.exe
+ 2012-01-05 13:02 . 2006-03-24 01:24 114688 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmudlg.exe
- 2011-09-20 09:37 . 2006-03-24 01:38 121467 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdnt5.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 121467 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdnt5.dll
+ 2012-01-05 13:02 . 2006-03-24 01:38 238650 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdev5.dll
- 2011-09-20 09:37 . 2006-03-24 01:38 238650 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdev5.dll
- 2011-09-20 09:37 . 2006-03-24 01:45 956026 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdd5.dll
+ 2012-01-05 13:02 . 2006-03-24 01:45 956026 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmdd5.dll
+ 2012-01-05 13:02 . 2006-03-24 01:31 524288 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igldev32.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 114688 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxzoom.exe
+ 2012-01-05 13:01 . 2006-03-24 01:13 163840 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxsrvc.exe
+ 2012-01-05 13:01 . 2006-03-24 01:16 143360 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxpph.dll
+ 2012-01-05 13:02 . 2006-03-24 01:17 118784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxpers.exe
+ 2012-01-05 13:02 . 2006-03-24 01:12 139264 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxdev.dll
+ 2012-01-05 13:01 . 2006-03-24 01:16 450560 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxcfg.exe
+ 2012-01-05 13:02 . 2006-03-24 01:24 114688 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmudlg.exe
+ 2012-01-05 13:01 . 2006-03-24 01:38 121467 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmdnt5.dll
+ 2012-01-05 13:01 . 2006-03-24 01:38 238650 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmdev5.dll
+ 2012-01-05 13:01 . 2006-03-24 01:45 956026 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmdd5.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 211456 c:\windows\system32\qasf.dll
+ 2008-05-27 04:17 . 2008-05-27 04:17 754176 c:\windows\system32\propsys.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2004-08-10 12:00 . 2012-01-03 07:58 502366 c:\windows\system32\perfh009.dat
- 2004-05-19 08:59 . 2004-05-19 08:59 212480 c:\windows\system32\PCDLIB32.DLL
+ 1998-12-09 00:53 . 1998-12-09 00:53 212480 c:\windows\system32\PCDLIB32.DLL
+ 2004-08-10 12:00 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll
- 2004-08-10 12:00 . 2008-04-14 10:42 192000 c:\windows\system32\offfilt.dll
+ 2008-05-27 04:19 . 2008-05-27 04:19 273408 c:\windows\system32\oeph.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 321536 c:\windows\system32\mswmdm.dll
+ 2011-10-28 22:02 . 1993-07-23 23:31 210944 c:\windows\system32\MSVCRT10.DLL
+ 2010-03-18 19:16 . 2010-03-18 19:16 771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 203776 c:\windows\system32\mssphtb.dll
+ 2008-05-27 04:18 . 2009-05-25 06:24 350208 c:\windows\system32\mssph.dll
+ 2008-05-27 04:18 . 2008-05-27 04:18 231936 c:\windows\system32\msshsq.dll
+ 2004-08-10 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\msscp.dll
+ 2004-08-10 12:00 . 2009-03-08 10:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 179712 c:\windows\system32\msnetobj.dll
+ 2004-08-10 12:00 . 2009-03-08 10:22 156160 c:\windows\system32\msls31.dll
- 2004-08-10 12:00 . 2007-08-13 23:54 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 23:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2006-10-02 21:28 . 2006-10-02 21:28 312128 c:\windows\system32\msdelta.dll
+ 2009-01-07 23:20 . 2009-01-08 00:20 265720 c:\windows\system32\msdbg2.dll
- 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-09-24 06:30 . 2009-09-24 06:30 156488 c:\windows\system32\mscorier.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 03:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 212992 c:\windows\system32\MFPLAT.dll
+ 2012-01-03 01:43 . 2012-01-03 01:43 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-10-27 12:09 . 2000-11-22 23:31 401920 c:\windows\system32\ltkrn80n.dll
+ 2011-10-28 22:02 . 1997-03-24 00:21 349696 c:\windows\system32\Ltkrn70n.dll
+ 2004-08-10 12:00 . 2008-06-18 07:09 100864 c:\windows\system32\logagent.exe
+ 2011-10-27 12:08 . 2000-11-22 23:31 111616 c:\windows\system32\lfpng80n.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 308224 c:\windows\system32\Lffpx7.dll
+ 2011-10-27 12:08 . 2000-11-22 23:31 218112 c:\windows\system32\lfcmp80n.dll
+ 2011-10-28 22:02 . 1997-03-25 00:41 225280 c:\windows\system32\LFCMP70n.DLL
+ 2004-08-10 12:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2012-01-21 22:25 . 2011-11-10 11:54 157472 c:\windows\system32\javaws.exe
- 2011-09-28 22:10 . 2011-09-20 05:48 157472 c:\windows\system32\javaws.exe
+ 2012-01-21 22:25 . 2011-11-10 11:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-21 22:25 . 2011-11-10 11:54 149280 c:\windows\system32\java.exe
+ 2011-09-19 15:24 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2011-09-19 15:24 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
+ 2005-10-29 05:49 . 2005-10-29 05:49 151552 c:\windows\system32\ifxcardm.dll
+ 2007-08-13 23:54 . 2009-03-08 10:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2009-03-08 10:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 12:00 . 2009-03-08 10:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 12:00 . 2009-03-08 10:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 12:00 . 2009-03-08 10:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 12:00 . 2011-11-04 11:24 174080  c:\windows\system32\ie4uinit.exe
+ 2011-09-19 10:04 . 2011-12-17 16:02 385824 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-28 22:02 . 1998-04-20 19:51 415744 c:\windows\system32\EZIMG25.DLL
- 2004-08-10 12:00 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 12:00 . 2011-10-31 23:43 133120 c:\windows\system32\extmgr.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 486216 c:\windows\system32\evr.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 446976 c:\windows\system32\ekfpixio130.dll
+ 2011-10-28 22:02 . 1998-10-27 04:26 138240 c:\windows\system32\ekfpixexif.dll
+ 2011-10-28 22:02 . 1997-04-22 19:43 308224 c:\windows\system32\E300.DLL
+ 2004-08-10 12:00 . 2009-03-08 10:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 12:00 . 2009-03-08 10:31 348160 c:\windows\system32\dxtmsft.dll
+ 2011-10-29 10:23 . 2009-04-15 21:53 452408 c:\windows\system32\DRVSTORE\hpb209a_A68588CA695EF66CE18686E8C9C92C371D790DB5\hpzids01.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-19 02:00 . 2006-10-19 02:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-19 03:47 . 2006-10-19 03:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2011-09-19 15:37 . 2005-03-17 21:30 132608 c:\windows\system32\drivers\b57xp32.sys
+ 2011-09-19 15:37 . 2005-03-17 22:30 132608 c:\windows\system32\drivers\b57xp32.sys
+ 2004-08-10 12:00 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-10 12:00 . 2009-07-14 05:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-10 12:00 . 2008-06-18 11:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-10 12:00 . 2007-10-27 23:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2011-04-26 11:07 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2011-04-26 11:07 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2010-04-16 16:09 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 23:54 . 2009-03-08 10:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2011-10-04 18:26 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2011-03-04 06:45 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2011-06-21 18:18 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 12:00 . 2007-06-27 04:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2009-01-08 00:20 . 2009-01-08 00:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-06-25 08:25 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2011-11-14 00:53 . 2008-03-07 17:02 192000 c:\windows\system32\dllcache\offfilt.dll
+ 2007-08-13 23:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2011-06-21 18:18 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 12:00 . 2006-12-04 22:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2007-08-13 23:44 . 2009-03-08 10:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 179712 c:\windows\system32\dllcache\msnetobj.dll
- 2004-08-10 12:00 . 2007-08-13 23:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-10 12:00 . 2009-03-08 10:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2011-09-19 17:45 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-09-19 17:45 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-09-19 15:24 . 2006-10-19 03:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
- 2011-02-08 13:33 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-10 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-10 12:00 . 2008-06-18 07:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2011-03-04 06:45 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-13 23:43 . 2009-03-08 20:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2011-09-19 17:45 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-09-19 17:45 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-16 16:09 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-09-19 17:45 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-09-19 17:45 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2007-08-13 23:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-08-17 21:32 . 2009-03-08 10:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-10 12:00 . 2009-03-08 10:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 23:39 . 2009-03-08 10:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2009-03-08 10:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 23:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:54 . 2011-10-31 23:43 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 23:54 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 23:35 . 2009-03-08 10:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 23:35 . 2009-03-08 10:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2011-09-09 09:12 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-09 09:12 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2011-09-19 15:37 . 2005-03-17 22:30 132608 c:\windows\system32\dllcache\b57xp32.sys
- 2011-09-19 15:37 . 2005-03-17 21:30 132608 c:\windows\system32\dllcache\b57xp32.sys
+ 2007-08-13 23:39 . 2009-03-08 10:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2011-09-19 16:06 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll
- 2011-09-19 16:06 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2011-10-28 22:02 . 1996-12-17 21:17 119296 c:\windows\system32\Dc50v11_32.dll
+ 2011-10-28 22:02 . 1996-12-17 21:12 100864 c:\windows\system32\Dc50ip32.dll
+ 2004-08-10 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2004-08-10 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\crypt32.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 542720 c:\windows\system32\blackbox.dll
+ 2005-10-29 05:49 . 2005-10-29 05:49 133120 c:\windows\system32\axaltocm.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 276992 c:\windows\system32\audiodev.dll
+ 2011-11-01 14:37 . 1997-06-17 09:00 212352 c:\windows\system32\ATMDRVR.DLL
+ 2004-08-10 12:00 . 2009-03-08 10:32 128512 c:\windows\system32\advpack.dll
+ 2004-08-10 12:00 . 2011-08-17 21:32 124928 c:\windows\system32\advpack(3).dll
+ 2011-10-28 22:02 . 1998-01-21 22:16 133120 c:\windows\SPROF32.DLL
+ 2011-10-28 22:02 . 1995-07-31 18:44 212480 c:\windows\PCDLIB32.DLL
- 2011-10-10 19:32 . 1995-08-01 09:44 212480 c:\windows\PCDLIB32.DLL
+ 2010-03-18 19:16 . 2010-03-18 19:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2011-04-06 22:48 . 2011-04-06 22:48 916312 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 06:51 . 2010-03-18 06:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2011-05-17 15:27 . 2011-05-17 15:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2011-05-17 15:27 . 2011-05-17 15:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2004-07-15 17:23 . 2004-07-15 17:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 20:31 . 2004-07-15 20:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 20:31 . 2004-07-15 20:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 20:31 . 2004-07-15 20:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 20:31 . 2004-07-15 20:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 20:31 . 2004-07-15 20:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 06:35 . 2004-07-15 06:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 01:09 . 2003-02-21 01:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2004-08-10 22:20 . 2004-08-10 22:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-21 10:42 . 2003-02-21 10:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2004-07-15 06:33 . 2004-07-15 06:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-21 00:43 . 2003-02-21 00:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 06:32 . 2004-07-15 06:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 20:28 . 2004-07-15 20:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 06:35 . 2004-07-15 06:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 06:24 . 2004-07-15 06:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 01:16 . 2003-02-21 01:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 16:21 . 2003-02-21 16:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2004-07-15 17:23 . 2004-07-15 17:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 17:11 . 2002-07-29 17:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 11:04 . 2003-02-21 11:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 09:02 . 2003-02-21 09:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-28 22:02 . 1998-01-17 07:44 196608 c:\windows\KPCP32.DLL
+ 2011-10-28 22:02 . 1996-10-15 06:56 132096 c:\windows\KPAPI32.DLL
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\e5eff.msp
+ 2011-10-30 05:23 . 2011-10-30 05:23 210944 c:\windows\Installer\71e231.msi
+ 2011-10-26 15:38 . 2011-10-26 15:38 907776 c:\windows\Installer\6048f1.msi
+ 2011-10-29 10:27 . 2011-10-29 10:27 857600 c:\windows\Installer\478b23.msi
+ 2011-10-29 10:26 . 2011-10-29 10:26 577024 c:\windows\Installer\478b0c.msi
+ 2011-10-29 10:26 . 2011-10-29 10:26 279040 c:\windows\Installer\478b07.msi
+ 2011-10-29 10:26 . 2011-10-29 10:26 821760 c:\windows\Installer\478b02.msi
+ 2011-10-29 10:26 . 2011-10-29 10:26 459264 c:\windows\Installer\478af5.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 585216 c:\windows\Installer\478aee.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 678400 c:\windows\Installer\478ae9.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 692224 c:\windows\Installer\478ae4.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 859648 c:\windows\Installer\478ad9.msi
+ 2011-10-29 10:24 . 2011-10-29 10:24 307712 c:\windows\Installer\478ab5.msi
+ 2011-10-29 10:24 . 2011-10-29 10:24 935424 c:\windows\Installer\478aac.msi
+ 2011-10-29 10:24 . 2011-10-29 10:24 390144 c:\windows\Installer\478aa7.msi
+ 2011-10-29 10:24 . 2011-10-29 10:24 386560 c:\windows\Installer\478aa2.msi
+ 2011-10-29 10:23 . 2011-10-29 10:23 448000 c:\windows\Installer\478a97.msi
+ 2008-11-05 18:02 . 2008-11-05 18:02 119296 c:\windows\Installer\40317.msp
+ 2011-11-15 15:08 . 2011-11-15 15:08 549888 c:\windows\Installer\346af2e.msi
+ 2011-11-15 15:06 . 2011-11-15 15:06 155648 c:\windows\Installer\346af19.msi
+ 2011-10-27 12:09 . 2011-10-27 12:09 386560 c:\windows\Installer\31645f0.msi
+ 2011-09-20 04:33 . 2012-01-12 09:01 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-09-20 04:33 . 2011-10-17 18:15 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-09-20 04:33 . 2012-01-12 09:01 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-09-28 20:52 . 2012-01-03 17:45 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2011-09-28 20:52 . 2011-10-20 22:19 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-10-29 10:26 . 2011-10-29 10:26 689456 c:\windows\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2010-03-18 19:16 . 2010-03-18 19:16 915800 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpftxt_x86.dll
+ 2004-08-10 12:00 . 2007-06-27 04:10 317440 c:\windows\inf\unregmp2.exe
+ 2012-01-03 05:27 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2012-01-03 05:27 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
+ 2012-01-03 05:27 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
+ 2012-01-03 05:27 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2012-01-03 05:27 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2012-01-03 05:27 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
+ 2012-01-03 05:27 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2012-01-03 05:27 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2012-01-03 05:27 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2012-01-03 05:27 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2012-01-03 05:27 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2012-01-03 05:27 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2012-01-03 05:27 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2012-01-03 05:27 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2012-01-03 05:27 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-01-03 05:27 . 2009-03-08 10:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-01-03 05:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-01-03 05:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-01-03 05:27 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-01-03 05:27 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-01-03 05:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-01-03 05:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-01-03 07:38 . 2009-03-08 10:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-01-03 07:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
+ 2012-01-03 07:38 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
+ 2012-01-03 07:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-01-03 07:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-01-03 07:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
+ 2012-01-03 07:37 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-01-03 07:37 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2012-01-03 07:37 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2012-01-03 07:37 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-01-03 07:37 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-01-03 07:37 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2012-01-03 07:37 . 2009-03-08 10:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 832512 c:\windows\ie8\wininet.dll
+ 2012-01-03 05:24 . 2007-08-13 23:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2012-01-03 05:24 . 2011-10-31 23:43 233472 c:\windows\ie8\webcheck.dll
+ 2012-01-03 05:24 . 2011-04-30 08:50 766464 c:\windows\ie8\vgx.dll
+ 2012-01-03 05:24 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 106496 c:\windows\ie8\url.dll
+ 2012-01-03 05:25 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2012-01-03 05:25 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2012-01-03 05:24 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
+ 2012-01-03 05:24 . 2011-10-31 23:43 102912 c:\windows\ie8\occache.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 671232 c:\windows\ie8\mstime.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 193024 c:\windows\ie8\msrating.dll
+ 2012-01-03 05:24 . 2007-08-13 23:54 156160 c:\windows\ie8\msls31.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 478720 c:\windows\ie8\mshtmled.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 468480 c:\windows\ie8\msfeeds.dll
+ 2012-01-03 05:24 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2012-01-03 05:24 . 2011-10-31 10:46 634504 c:\windows\ie8\iexplore.exe
+ 2012-01-03 05:24 . 2007-08-13 23:54 180736 c:\windows\ie8\ieui.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 268288 c:\windows\ie8\iertutil.dll
+ 2012-01-03 05:24 . 2007-08-13 23:54 287744 c:\windows\ie8\ieproxy.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 192512 c:\windows\ie8\iepeers.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 384512 c:\windows\ie8\iedkcs32.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 380928 c:\windows\ie8\ieapfltr.dll
+ 2012-01-03 05:24 . 2011-10-27 12:49 161792 c:\windows\ie8\ieakui.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 230400 c:\windows\ie8\ieaksie.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 153088 c:\windows\ie8\ieakeng.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 214528 c:\windows\ie8\dxtrans.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 347136 c:\windows\ie8\dxtmsft.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 124928 c:\windows\ie8\advpack.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 832512 c:\windows\ie7updates\KB2618444-IE7\wininet.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 233472 c:\windows\ie7updates\KB2618444-IE7\webcheck.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 106496 c:\windows\ie7updates\KB2618444-IE7\url.dll
+ 2011-12-17 11:04 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2618444-IE7\spuninst\updspapi.dll
+ 2011-12-17 11:04 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2618444-IE7\spuninst\spuninst.exe
+ 2011-12-17 11:03 . 2011-08-17 21:32 102912 c:\windows\ie7updates\KB2618444-IE7\occache.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 671232 c:\windows\ie7updates\KB2618444-IE7\mstime.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 193024 c:\windows\ie7updates\KB2618444-IE7\msrating.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 478720 c:\windows\ie7updates\KB2618444-IE7\mshtmled.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 468480 c:\windows\ie7updates\KB2618444-IE7\msfeeds.dll
+ 2011-12-17 11:03 . 2011-08-17 11:01 634632 c:\windows\ie7updates\KB2618444-IE7\iexplore.exe
+ 2011-12-17 11:03 . 2011-08-17 21:32 268288 c:\windows\ie7updates\KB2618444-IE7\iertutil.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 192512 c:\windows\ie7updates\KB2618444-IE7\iepeers.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 384512 c:\windows\ie7updates\KB2618444-IE7\iedkcs32.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 380928 c:\windows\ie7updates\KB2618444-IE7\ieapfltr.dll
+ 2011-12-17 11:03 . 2011-08-17 11:00 161792 c:\windows\ie7updates\KB2618444-IE7\ieakui.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 230400 c:\windows\ie7updates\KB2618444-IE7\ieaksie.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 153088 c:\windows\ie7updates\KB2618444-IE7\ieakeng.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 133120 c:\windows\ie7updates\KB2618444-IE7\extmgr.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 214528 c:\windows\ie7updates\KB2618444-IE7\dxtrans.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 347136 c:\windows\ie7updates\KB2618444-IE7\dxtmsft.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 124928 c:\windows\ie7updates\KB2618444-IE7\advpack.dll
+ 2011-10-28 21:28 . 2011-10-29 11:25 192311 c:\windows\hpoins40.dat
+ 2012-01-03 08:05 . 2012-01-03 08:05 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b59b8d71\System.Drawing.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fd13c379\System.Drawing.Design.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3cbb1245\CustomMarshalers.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\962b04386ebf18f5871d5ceefa83ba4b\WindowsFormsIntegration.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1c29539a07226b411e0a1a47aed57183\UIAutomationClient.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\dcad72e49476386b76a81d2df187c32c\System.Windows.Input.Manipulations.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd104bb2f798661c5a972249582b5441\System.ServiceModel.Routing.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\aecd169d75edbcbe626d2a222a02e9f3\System.Security.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\bed774dde4b62ed1d2d55c2d1769d600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\97126244f88693adb36f94116d8d0dda\System.Numerics.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56fe9070b1d56613fd5cf7c73ec3b26f\System.Net.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\420c9d9b271bc26d1b6f437f1f4913a9\System.Messaging.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b71ea67c5bfa5b660efc12eb1c6ea4af\System.Management.Instrumentation.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\267d7dbdbe126590fba4a11c1ab12926\System.IO.Log.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\4ca1f130cbacf72beedf13da42b93e75\System.IdentityModel.Selectors.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.Wrapper.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b806ef4a19c8157e7858e0a15f9cf48d\System.Dynamic.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4178d8536c67896ab77af36a48ee7ec4\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\324617c0a492d6acc64325c836553f2c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ca25f888c067fa170d8bba824efa2ca8\System.Device.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\282487a15f595c199b6cc640ea8995e8\System.Data.DataSetExtensions.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\06f71e66b9913a24c22f85a0caef3ae4\System.Configuration.Install.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\fa608e0882b98981cb6fd6e0754bdff8\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a91d48ec926171da7de01cf2a10b1dfc\System.ComponentModel.Composition.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\f407937d4694c46537c470007a1df957\System.AddIn.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\80347a66af30b5c14c0114baee4c64f8\System.Activities.DurableInstancing.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fcbb4a33ebdc8562603bc7f725a088ce\SMSvcHost.ni.exe
+ 2012-01-03 08:12 . 2012-01-03 08:12 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2d4bdbd9e2196e04dcdd68994a1f952\PresentationFramework.Royale.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\6e48fb2ce01b4758a68f61651d6461d8\PresentationFramework.Luna.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\351819dc653a07a310cf1387b3266936\PresentationFramework.Classic.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edec5402d5424967ba20de137835ed2a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\f4ab32c177d931f26072a14c27efc3b5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\48ad8351ab66166c853d410d3282a408\CustomMarshalers.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2012-01-03 08:06 . 2012-01-03 08:06 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2012-01-03 08:03 . 2012-01-03 08:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
- 2011-10-17 18:46 . 2011-10-17 18:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
- 2011-10-17 18:46 . 2011-10-17 18:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
- 2011-10-17 18:45 . 2011-10-17 18:45 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
- 2011-10-17 19:33 . 2011-10-17 19:33 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
- 2011-10-17 19:29 . 2011-10-17 19:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
- 2011-10-17 19:29 . 2011-10-17 19:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
- 2011-10-17 18:44 . 2011-10-17 18:44 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
- 2011-10-17 19:30 . 2011-10-17 19:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2012-01-03 08:06 . 2012-01-03 08:06 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-03 08:02 . 2012-01-03 08:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
- 2011-10-17 19:30 . 2011-10-17 19:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2012-01-03 08:08 . 2012-01-03 08:08 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2012-01-03 08:06 . 2012-01-03 08:06 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2012-01-03 08:05 . 2012-01-03 08:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2004-08-10 12:00 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
- 2004-08-10 12:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2011-11-14 00:50 . 2006-09-16 07:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2011-11-14 00:50 . 2006-09-16 07:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 174080 c:\windows\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2011-11-14 00:52 . 2009-07-13 15:08 286720 c:\windows\$NtUninstallwmp11$\wmpdxm.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 131072 c:\windows\$NtUninstallwmp11$\wmpasf.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 118784 c:\windows\$NtUninstallwmp11$\wmlaunch.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 189440 c:\windows\$NtUninstallwmp11$\wmerror.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 192512 c:\windows\$NtUninstallwmp11$\unregmp2.exe
+ 2011-11-14 00:52 . 2006-05-17 00:11 371424 c:\windows\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2011-11-14 00:52 . 2006-05-17 00:11 213216 c:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 819200 c:\windows\$NtUninstallwmp11$\setup_wm.exe
+ 2011-11-14 00:52 . 2004-08-10 12:00 356352 c:\windows\$NtUninstallwmp11$\mpvis.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 329728 c:\windows\$NtUninstallWMFDist11$\wpdsp.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 116224 c:\windows\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 999424 c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 861184 c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 936960 c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2011-11-14 00:51 . 2009-04-10 06:01 530280 c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 765952 c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 146432 c:\windows\$NtUninstallWMFDist11$\wmidx.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 290816 c:\windows\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 344064 c:\windows\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2011-11-14 00:51 . 2007-10-27 22:40 227328 c:\windows\$NtUninstallWMFDist11$\wmasf.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 712704 c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 371712 c:\windows\$NtUninstallWMFDist11$\wmadmod.dll
+ 2011-11-14 00:51 . 2006-05-17 00:11 371424 c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2011-11-14 00:51 . 2006-05-17 00:11 213216 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2011-11-14 00:51 . 2004-08-10 12:00 221184 c:\windows\$NtUninstallWMFDist11$\qasf.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 312832 c:\windows\$NtUninstallWMFDist11$\mswmdm.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 350720 c:\windows\$NtUninstallWMFDist11$\msscp.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 166400 c:\windows\$NtUninstallWMFDist11$\mspmsp.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 138240 c:\windows\$NtUninstallWMFDist11$\msnetobj.dll
+ 2011-11-14 00:51 . 2008-04-14 10:41 240640 c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2011-11-14 00:51 . 2010-04-05 16:54 384512 c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 310272 c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 533504 c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 158720 c:\windows\$NtUninstallWMFDist11$\cewmdm.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 230912 c:\windows\$NtUninstallWMFDist11$\blackbox.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 480768 c:\windows\$NtUninstallWMFDist11$\audiodev.dll
+ 2011-11-14 00:52 . 2006-09-25 23:58 379184 c:\windows\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2011-11-14 00:52 . 2006-09-25 23:58 221488 c:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2011-11-14 07:21 . 2009-05-12 21:12 382496 c:\windows\$NtUninstallKB963093$\spuninst\updspapi.dll
+ 2011-11-14 07:21 . 2009-05-12 21:12 231456 c:\windows\$NtUninstallKB963093$\spuninst\spuninst.exe
+ 2011-11-14 07:21 . 2008-05-27 04:18 350208 c:\windows\$NtUninstallKB963093$\mssph.dll
+ 2011-11-14 07:21 . 2008-05-27 04:19 304128 c:\windows\$NtUninstallKB963093$\msnlnamespacemgr.dll
+ 2011-11-14 07:21 . 2008-05-27 04:20 595456 c:\windows\$NtUninstallKB963093$\msnlext.dll
+ 2011-11-14 07:21 . 2008-05-27 04:19 275456 c:\windows\$NtUninstallKB963093$\mapine.dll
+ 2011-11-14 07:18 . 2006-10-19 03:47 295936 c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2011-11-14 07:18 . 2007-07-27 16:41 382840 c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2011-11-14 07:18 . 2007-07-27 16:41 231288 c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2011-11-14 00:53 . 2008-05-27 04:18 261120 c:\windows\$NtUninstallKB940157$\spuninst\wss_SpCustom.dll
+ 2011-11-14 00:53 . 2007-09-27 16:46 379184 c:\windows\$NtUninstallKB940157$\spuninst\updspapi.dll
+ 2011-11-14 00:53 . 2007-09-27 16:46 221488 c:\windows\$NtUninstallKB940157$\spuninst\spuninst.exe
+ 2011-11-14 07:18 . 2006-11-02 00:31 315904 c:\windows\$NtUninstallKB939683$\unregmp2.exe
+ 2011-11-14 07:18 . 2005-06-28 16:23 371424 c:\windows\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2011-11-14 07:18 . 2005-06-28 16:23 213216 c:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2011-11-14 07:18 . 2005-06-28 16:23 371424 c:\windows\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2011-11-14 07:18 . 2005-06-28 16:23 213216 c:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2011-11-14 07:18 . 2006-10-19 03:47 414208 c:\windows\$NtUninstallKB929399$\msscp.dll
+ 2011-11-13 14:00 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB926139-v2$\spuninst\updspapi.dll
+ 2011-11-13 14:00 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB926139-v2$\spuninst\spuninst.exe
+ 2011-11-14 00:53 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB915800-v4$\spuninst\updspapi.dll
+ 2011-11-14 00:53 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB915800-v4$\spuninst\spuninst.exe
+ 2011-11-14 00:53 . 2008-04-14 10:42 192000 c:\windows\$NtUninstallKB915800-v4$\offfilt.dll
+ 2011-11-13 15:24 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641690$\spuninst\updspapi.dll
+ 2011-11-13 15:24 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
+ 2011-11-13 15:24 . 2011-09-09 09:12 599040 c:\windows\$NtUninstallKB2641690$\crypt32.dll
+ 2011-12-17 11:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2639417$\spuninst\updspapi.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
+ 2011-12-17 10:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633952$\spuninst\updspapi.dll
+ 2011-12-17 10:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
+ 2011-12-17 10:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633171$\spuninst\updspapi.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
+ 2011-12-17 11:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2624667$\spuninst\updspapi.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
+ 2011-12-17 10:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2620712$\spuninst\updspapi.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
+ 2011-12-17 10:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2618451$\spuninst\updspapi.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
+ 2011-11-13 15:26 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
+ 2011-11-13 15:26 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
+ 2011-11-13 15:26 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2011-11-14 00:54 . 2005-10-21 23:11 371936 c:\windows\$NtUninstallbasecsp$\spuninst\updspapi.dll
+ 2011-11-14 00:54 . 2005-10-21 23:11 209632 c:\windows\$NtUninstallbasecsp$\spuninst\spuninst.exe
+ 2011-11-13 15:24 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-13 15:24 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-13 15:24 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-09-28 07:05 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2011-12-17 11:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2639417\update\updspapi.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2639417\update\update.exe
+ 2011-12-17 11:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2639417\spuninst.exe
+ 2011-12-17 10:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2633171\update\updspapi.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2633171\update\update.exe
+ 2011-12-17 10:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2633171\spuninst.exe
+ 2011-12-17 11:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2624667\update\updspapi.dll
+ 2011-12-17 11:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2624667\update\update.exe
+ 2011-12-17 11:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2624667\spuninst.exe
+ 2011-12-17 10:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2620712\update\updspapi.dll
+ 2011-12-17 10:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2620712\update\update.exe
+ 2011-12-17 10:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2620712\spuninst.exe
+ 2011-12-17 10:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618451\update\updspapi.dll
+ 2011-12-17 10:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618451\update\update.exe
+ 2011-12-17 10:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618451\spuninst.exe
+ 2011-12-17 11:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618444-IE7\update\updspapi.dll
+ 2011-12-17 11:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618444-IE7\update\update.exe
+ 2011-12-17 11:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618444-IE7\spuninst.exe
+ 2011-10-31 23:38 . 2011-10-31 23:38 841216 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 233472 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\webcheck.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 106496 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\url.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 102912 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\occache.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 671232 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mstime.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 193024 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\msrating.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 478720 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mshtmled.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 468480 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\msfeeds.dll
+ 2011-10-31 10:32 . 2011-10-31 10:32 634504 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iexplore.exe
+ 2011-10-31 23:37 . 2011-10-31 23:37 268288 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iertutil.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 193024 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iepeers.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 388608 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iedkcs32.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 380928 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieapfltr.dll
+ 2011-10-27 10:32 . 2011-10-27 10:32 161792 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieakui.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 230400 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieaksie.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 153088 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieakeng.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 132608 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\extmgr.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 214528 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\dxtrans.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 347136 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\dxtmsft.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 124928 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\advpack.dll
+ 2011-11-14 22:30 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll
+ 2011-11-14 22:30 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe
+ 2011-11-14 22:30 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe
+ 2011-11-14 22:07 . 2011-08-22 23:47 919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll
+ 2011-11-14 22:07 . 2011-08-22 11:52 174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe
+ 2011-11-13 15:26 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-13 15:26 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-13 15:26 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2011-11-14 00:55 . 2009-06-18 00:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2011-11-14 00:55 . 2009-06-18 00:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2011-11-14 00:55 . 2007-10-30 09:15 330240 c:\windows\$968930Uinstall_KB968930$\powershell.exe
+ 2011-11-14 00:55 . 2011-11-13 14:01 200704 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.consolehost.dll
+ 2011-11-14 00:55 . 2011-11-13 14:01 294912 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.utility.dll
+ 2011-11-14 00:55 . 2011-11-13 14:01 139264 c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.management.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
+ 2009-05-22 03:09 . 2009-05-22 03:09 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2009-05-22 03:09 . 2009-05-22 03:09 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2009-05-14 11:22 . 2009-05-14 11:22 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2008-04-14 11:42 . 2008-04-14 11:42 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
- 2008-04-14 10:42 . 2008-04-14 10:42 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2011-10-29 10:25 . 2011-10-29 10:25 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-10-09 22:23 . 2009-10-09 22:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 03:47 . 2006-10-19 03:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-10 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 8231936 c:\windows\system32\wmploc.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 1661440 c:\windows\system32\wmpencen.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:00 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon(3).dll
+ 2008-05-27 04:21 . 2008-05-27 04:21 1582592 c:\windows\system32\tquery.dll
+ 2012-01-11 23:44 . 2005-09-23 18:26 1094751 c:\windows\system32\ReinstallBackups\0003\DriverFiles\AGRSM.sys
+ 2012-01-05 13:02 . 2006-03-24 01:29 2318336 c:\windows\system32\ReinstallBackups\0002\DriverFiles\iglicd32.dll
- 2011-09-20 09:37 . 2006-03-24 01:29 2318336 c:\windows\system32\ReinstallBackups\0002\DriverFiles\iglicd32.dll
+ 2012-01-05 13:02 . 2006-03-24 01:16 1503232 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxress.dll
- 2011-09-20 09:37 . 2006-03-24 01:16 1503232 c:\windows\system32\ReinstallBackups\0002\DriverFiles\igfxress.dll
- 2011-09-20 09:37 . 2006-03-24 01:47 1166972 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmnt5.sys
+ 2012-01-05 13:02 . 2006-03-24 01:47 1166972 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ialmnt5.sys
+ 2012-01-05 13:02 . 2006-03-24 01:29 2318336 c:\windows\system32\ReinstallBackups\0001\DriverFiles\iglicd32.dll
+ 2012-01-05 13:02 . 2006-03-24 01:16 1503232 c:\windows\system32\ReinstallBackups\0001\DriverFiles\igfxress.dll
+ 2012-01-05 13:01 . 2006-03-24 01:47 1166972 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ialmnt5.sys
+ 2004-08-10 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32(3).dll
+ 2011-09-19 17:09 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
- 2011-09-19 17:09 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2008-05-27 04:21 . 2008-05-27 04:21 1418240 c:\windows\system32\mssrch.dll
+ 2004-08-10 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2011-10-05 19:47 . 2012-01-03 01:43 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 23:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2007-02-12 21:10 . 2009-02-07 03:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-05-14 11:22 . 2009-05-14 11:22 1645320 c:\windows\system32\gdiplus.dll
+ 2005-09-23 18:26 . 2005-09-23 18:26 1094751 c:\windows\system32\drivers\AGRSM.sys
+ 2004-08-10 12:00 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2004-08-10 12:00 . 2006-10-19 03:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2010-05-02 05:22 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2010-04-16 16:09 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2011-09-19 15:24 . 2006-11-02 00:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2010-02-05 18:27 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2011-09-19 16:05 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-09-19 16:05 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-09-19 16:05 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2011-09-19 16:05 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2011-09-19 16:05 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-09-19 16:05 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2011-09-19 17:09 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2011-09-19 17:09 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2010-04-16 16:09 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2011-09-19 17:45 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2010-07-05 20:32 . 2009-02-07 03:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-11-23 03:02 . 2005-06-30 05:44 1269584 c:\windows\system32\agrsmnt.sys
+ 2011-04-06 22:48 . 2011-04-06 22:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2011-04-06 22:48 . 2011-04-06 22:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2011-04-12 21:11 . 2011-04-12 21:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2011-04-28 14:48 . 2011-04-28 14:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2011-05-17 15:27 . 2011-05-17 15:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2011-04-06 22:48 . 2011-04-06 22:48 1354584  c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2011-07-09 15:30 . 2011-07-09 15:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2011-07-09 15:30 . 2011-07-09 15:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2004-07-15 14:15 . 2004-07-15 14:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 20:29 . 2004-07-15 20:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 20:29 . 2004-07-15 20:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 20:32 . 2004-07-15 20:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 13:25 . 2003-02-21 13:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-03 07:58 . 2012-01-03 07:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\e5f09.msp
+ 2011-12-26 11:06 . 2011-12-26 11:06 5115392 c:\windows\Installer\e5ef9.msp
+ 2011-04-28 16:54 . 2011-04-28 16:54 2720768 c:\windows\Installer\c1ce1c.msp
+ 2011-03-25 15:03 . 2011-03-25 15:03 5079552 c:\windows\Installer\a4a426.msp
+ 2011-11-03 19:31 . 2011-11-03 19:31 5525504 c:\windows\Installer\95337e.msp
+ 2011-11-14 17:26 . 2011-11-14 17:26 1160192 c:\windows\Installer\775d8e.msi
+ 2011-10-29 10:27 . 2011-10-29 10:27 1097216 c:\windows\Installer\478b1e.msi
+ 2011-10-29 10:27 . 2011-10-29 10:27 1054720 c:\windows\Installer\478b17.msi
+ 2011-10-29 10:26 . 2011-10-29 10:26 1888768 c:\windows\Installer\478b12.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 1022464 c:\windows\Installer\478ade.msi
+ 2011-10-29 10:25 . 2011-10-29 10:25 2974720 c:\windows\Installer\478aba.msi
+ 2011-10-29 10:24 . 2011-10-29 10:24 1843712 c:\windows\Installer\478a9d.msi
+ 2011-10-30 05:10 . 2011-10-30 05:10 6824960 c:\windows\Installer\389b60e.msp
+ 2011-10-28 20:59 . 2011-10-28 20:59 3341312 c:\windows\Installer\30eda2.msi
+ 2011-11-01 19:34 . 2011-11-01 19:34 1552384 c:\windows\Installer\2c7525.msp
+ 2011-11-17 16:55 . 2011-11-17 16:55 5522944 c:\windows\Installer\224c93.msp
+ 2011-12-06 21:22 . 2011-12-06 21:22 5519360 c:\windows\Installer\204e773.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 1552384 c:\windows\Installer\1fc82c4.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\1fc82bc.msp
+ 2012-01-03 05:20 . 2012-01-03 05:20 3443712 c:\windows\Installer\151d4d.msi
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\1477835.msp
+ 2011-11-17 16:55 . 2011-11-17 16:55 5522944 c:\windows\Installer\147782d.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\147781d.msp
+ 2010-03-18 19:16 . 2010-03-18 19:16 1663320 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpfgfx_x86.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 1303896 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\WindowsBase_x86.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 6346600 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationFramework_x86.dll
+ 2010-03-18 19:16 . 2010-03-18 19:16 3545952 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationCore_x86.dll
+ 2011-07-27 10:44 . 2011-07-27 10:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2009-06-12 23:15 . 2009-06-12 23:15 1661792 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OGL.DLL
+ 2012-01-03 05:27 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2012-01-03 05:27 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2012-01-03 05:27 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 1168896 c:\windows\ie8\urlmon.dll
+ 2012-01-03 05:24 . 2011-11-04 15:16 3616256 c:\windows\ie8\mshtml.dll
+ 2012-01-03 05:24 . 2011-10-31 23:43 6076416 c:\windows\ie8\ieframe.dll
+ 2012-01-03 05:24 . 2010-07-05 20:32 2452872 c:\windows\ie8\ieapfltr.dat
+ 2011-12-17 11:03 . 2011-08-17 21:32 1168896 c:\windows\ie7updates\KB2618444-IE7\urlmon.dll
+ 2011-12-17 11:03 . 2011-09-05 07:48 3615744 c:\windows\ie7updates\KB2618444-IE7\mshtml.dll
+ 2011-12-17 11:03 . 2011-08-17 21:32 6076416 c:\windows\ie7updates\KB2618444-IE7\ieframe.dll
- 2011-09-19 16:05 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-09-19 16:05 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-09-19 16:05 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2011-09-19 16:05 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2011-09-19 16:05 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-09-19 16:05 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-12-23 16:00 . 2011-12-23 16:00 3990420 c:\windows\Downloaded Installations\BASF\{2CE43E32-082E-4BA7-A592-27CE9E4C2164}\ASF.msi
+ 2012-01-03 08:05 . 2012-01-03 08:05 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7ddee908\System.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_18b1aac0\System.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e547176c\System.Xml.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_418c5ca7\System.Xml.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_aa6e2ec7\System.Windows.Forms.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_37009e90\System.Windows.Forms.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_036f5e0e\System.Drawing.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f8acc7fa\System.Design.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3eb4501c\System.Design.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6f1ff417\mscorlib.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4c5f3b0d\mscorlib.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\ac9379a0db1d8da11fbc46f09da411db\UIAutomationClientsideProviders.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e3a0483820fafd51c8cd4576de6eb45f\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4cbc10b8a84a7ef0fcf9d2885bfe9832\System.Web.Services.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6663f8ba0327399c1a5b313707cff36f\System.Speech.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a30a201408744c5315446aef7fb3d5a\System.Printing.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\83a815291644645a3ab1ce55452e1e61\System.DirectoryServices.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\1c2d038775f2c9d42468261118019e6b\System.Deployment.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\14d8a7579839b11151cd901b846d0afb\System.Data.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\05f8ccf31515e720b1663e710e992211\System.Data.SqlXml.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c05998cb3411b039bdfb5d852e1413be\System.Data.Services.Client.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\d622a2c40d37cfdb88e4eea7315a323e\System.Data.Linq.ni.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\e69e487d338ceb3883b7d175885f0794\System.Activities.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cc25c620acedf02fd6b5c46238643cab\System.Activities.Presentation.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\49577d8acbf16b6091f5466feae43403\System.Activities.Core.Presentation.ni.dll
+ 2012-01-03 08:12 . 2012-01-03 08:12 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2d23bb6dd81b41002c8f927b95b7b226\ReachFramework.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ec64d7c99f7e030d39c355ce7a968600\PresentationUI.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c7dd3d91f33a79c70db8bd805a483f4b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\596251e8604d886f1edfcd2671a2f371\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\51df2ad80d91a7669dd1856a9c1061f9\Microsoft.VisualBasic.ni.dll
+ 2012-01-03 08:11 . 2012-01-03 08:11 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\477c9b916a9aee0a8beb041ee00a5fcb\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\614f6f698d269e2c56bf23feba58551c\Microsoft.JScript.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\f03a7f8f2393a04fac7fecc1c55bd02e\Microsoft.CSharp.ni.dll
- 2011-10-17 18:41 . 2011-10-17 18:41 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
- 2011-10-17 18:46 . 2011-10-17 18:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
- 2011-10-17 18:40 . 2011-10-17 18:40 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
- 2011-10-17 18:45 . 2011-10-17 18:45 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
- 2011-10-17 18:45 . 2011-10-17 18:45 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
- 2011-10-17 19:29 . 2011-10-17 19:29 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
- 2011-10-17 18:44 . 2011-10-17 18:44 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll
+ 2012-01-03 08:05 . 2012-01-03 08:05 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
- 2011-10-17 18:44 . 2011-10-17 18:44 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
- 2011-10-17 19:31 . 2011-10-17 19:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
- 2011-10-17 18:44 . 2011-10-17 18:44 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-03 08:08 . 2012-01-03 08:08 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6c46eade19e6f222f8b233ab0065d84a\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-03 08:09 . 2012-01-03 08:09 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
- 2011-10-17 19:32 . 2011-10-17 19:32 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2012-01-03 08:07 . 2012-01-03 08:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
- 2011-10-17 19:30 . 2011-10-17 19:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 5025792  c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-09-21 06:16 . 2011-09-21 06:16 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-02 22:06 . 2012-01-02 22:06 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-11-14 00:56 . 2011-11-14 00:56 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
- 2011-10-17 18:18 . 2011-10-17 18:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-02 22:08 . 2012-01-02 22:08 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-17 18:19 . 2011-10-17 18:19 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 08:04 . 2012-01-03 08:04 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-03 07:36 . 2012-01-03 07:36 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2012-01-03 05:20 . 2012-01-03 05:20 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 3371008 c:\windows\$NtUninstallwmp11$\wmploc.dll
+ 2011-11-14 00:52 . 2004-08-10 12:00 1582080 c:\windows\$NtUninstallwmp11$\wmpencen.dll
+ 2011-11-14 00:52 . 2010-08-25 12:23 5541888 c:\windows\$NtUninstallwmp11$\wmp.dll
+ 2011-11-14 00:51 . 2010-04-03 08:33 2365288 c:\windows\$NtUninstallWMFDist11$\wmvcore.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 1508864 c:\windows\$NtUninstallWMFDist11$\wmvadve.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 1174528 c:\windows\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2011-11-14 00:51 . 2004-08-10 12:00 1116160 c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2011-11-14 00:51 . 2008-06-10 16:37 1026048 c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2011-12-17 11:03 . 2011-09-06 13:20 1858944 c:\windows\$NtUninstallKB2639417$\win32k.sys
+ 2011-12-17 10:58 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
+ 2011-12-17 10:58 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrpamp.exe
+ 2011-12-17 10:58 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
+ 2011-12-17 10:58 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntkrnlmp.exe
+ 2011-12-17 11:03 . 2010-07-16 12:05 1288192 c:\windows\$NtUninstallKB2624667$\ole32.dll
+ 2011-11-23 13:29 . 2011-11-23 13:29 1868544 c:\windows\$hf_mig$\KB2639417\SP3QFE\win32k.sys
+ 2011-10-25 13:34 . 2011-10-25 13:34 2192768 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
+ 2011-10-25 13:38 . 2011-10-25 13:38 2148864 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlmp.exe
+ 2011-11-01 16:05 . 2011-11-01 16:05 1289216 c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
+ 2011-10-31 23:38 . 2011-10-31 23:38 1172992 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\urlmon.dll
+ 2011-11-04 15:14 . 2011-11-04 15:14 3618304 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mshtml.dll
+ 2011-10-31 23:37 . 2011-10-31 23:37 6080512 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieframe.dll
+ 2011-12-16 14:31 . 2010-07-05 20:32 2452872 c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\ieapfltr.dat
+ 2011-11-14 22:07 . 2011-08-22 23:47 1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
+ 2011-11-14 22:07 . 2011-10-03 08:34 5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll
+ 2011-11-14 00:55 . 2011-11-13 14:01 1564672 c:\windows\$968930Uinstall_KB968930$\system.management.automation.dll
+ 2004-08-10 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
+ 2011-10-20 16:08 . 2012-01-06 13:43 11599796 c:\windows\system32\Restore\rstrlog.dat
+ 2011-09-19 17:05 . 2012-01-11 23:28 52128560 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
+ 2004-08-10 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2011-09-19 17:45 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2011-09-19 17:45 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-04-13 17:37 . 2011-04-13 17:37 19201024 c:\windows\Installer\c1ce45.msp
+ 2011-07-11 23:19 . 2011-07-11 23:19 10619904 c:\windows\Installer\c1ce3e.msp
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\4b4d6.msp
+ 2011-05-19 04:55 . 2011-05-19 04:55 19624448 c:\windows\Installer\4b4ab.msp
+ 2011-07-12 21:50 . 2011-07-12 21:50 17555968 c:\windows\Installer\4b49d.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 38176256 c:\windows\Installer\308faec.msp
+ 2012-01-03 07:35 . 2012-01-03 07:35 19210240 c:\windows\Installer\182bc4.msp
+ 2011-08-30 14:40 . 2011-08-30 14:40 15145832 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2012-01-03 05:27 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2012-01-03 05:27 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-01-03 07:59 . 2012-01-03 07:59 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
+ 2012-01-03 08:15 . 2012-01-03 08:15 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
+ 2012-01-03 08:14 . 2012-01-03 08:14 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\78afce4e1bd3d345ef1fff004659191c\System.Data.Entity.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
+ 2012-01-03 08:00 . 2012-01-03 08:00 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
+ 2012-01-03 07:56 . 2012-01-03 07:56 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
- 2011-10-17 18:45 . 2011-10-17 18:45 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2012-01-03 08:03 . 2012-01-03 08:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2012-01-03 08:10 . 2012-01-03 08:10 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-03 08:06 . 2012-01-03 08:06 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2012-01-03 08:02 . 2012-01-03 08:02 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
- 2011-10-17 18:43 . 2011-10-17 18:43 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
- 2011-10-17 18:41 . 2011-10-17 18:41 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2012-01-03 08:01 . 2012-01-03 08:01 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
- 2011-10-17 18:40 . 2011-10-17 18:40 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-11-14 22:07 . 2011-08-22 23:47 11084288  c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll
+ 2011-04-07 02:43 . 2011-04-07 02:43 123313664 c:\windows\Installer\4b4be.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^20111127.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\20111127.lnk
backup=c:\windows\pss\20111127.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-06-30 05:16 88203 ------w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-09-23 10:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [11/1/2011 8:37 AM 4064]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
S2 agrsm;Agere Modem Driver;c:\windows\system32\agrsmnt.sys [11/22/2011 9:02 PM 1269584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/23/2011 4:15 AM 30192]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - !SASCORE
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-03 c:\windows\Tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
FF - ProfilePath - c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\
FF - user.js: general.useragent.extra.brc - 
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Google Update - c:\documents and settings\MARK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-LtMoh - d:\modem\Agere Modem\Win2KXP\Ltmoh.exe
MSConfigStartUp-PhoneTray - c:\program files\CallAlert\PhoneTray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SlipStream - c:\program files\Copper HiSpeed\coppercore.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 16:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(412)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-21 16:58:31
ComboFix-quarantined-files.txt 2012-01-21 22:58
ComboFix2.txt 2011-10-23 11:13
.
Pre-Run: 22,192,218,112 bytes free
Post-Run: 22,206,418,944 bytes free
.
- - End Of File - - 3C85B5B69E8B4999880C78A59D06ED28


----------



## Phoenix Rising (Mar 9, 2009)

I mentioned i couldn't find these is that pertinent or not?

*EpicPlay
StartNow Toolbar
WindowShopper
ask.com
searchqutoolbar*


----------



## eddie5659 (Mar 19, 2001)

The programs look like they may have been removed, but to double-check we can see if any remains are there. Also, you mentioned that you have removed Peerblock, but I can see a driver there. Plus, you had/have an infection I just want to check out. We can do all of these with the following tool:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*EpicPlay*
*StartNow*
*WindowShopper*
*ask.com*
*searchqutoolbar*
*PeerBlock*
*iertutil*
*wininet*
*urlmon*
*url*
*normaliz*
*advpack*
*ole32*
*tool.exe
*ESPI11.dll
*ÖíÅ£Æ¤Ã°ÏÕµº.lnk
*ESPI.dll
:folderfind
*EpicPlay*
*StartNow*
*WindowShopper*
*ask.com*
*searchqutoolbar*
*PeerBlock*
:regfind
*EpicPlay*
*StartNow*
*WindowShopper*
*ask.com*
*searchqutoolbar*
*PeerBlock*
*ESPI11*
*PACKEDCATALOGITEM*
:file
c:\windows\system32\agrsmnt.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## Phoenix Rising (Mar 9, 2009)

Her you go:
SystemLook 30.07.11 by jpshortstuff
Log created at 08:44 on 22/01/2012 by MARK
Administrator - Elevation successful

========== filefind ==========

Searching for "*EpicPlay*"
C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\epicplay.js --a---- 4862 bytes [14:04 27/09/2011] [14:04 27/09/2011] D7B69B0CA6635B49A6691C734C51E77A
C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\epicPlayGames.xpt --a---- 142 bytes [17:24 07/09/2011] [17:24 07/09/2011] 32F1359C9431B9B31C2B1F49D9C3239E
C:\Program Files\EpicPlay\epicPlayFrame.dll --a---- 147456 bytes [11:36 25/10/2011] [11:36 25/10/2011] B0315DC3C2CEC3599908FD187CE97873

Searching for "*StartNow*"
C:\_OTL\MovedFiles\01212012_153525\C_Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png --a---- 2674 bytes [09:29 29/06/2011] [09:29 29/06/2011] 1C644B5EE41ED387E22C62CDD4292FFC

Searching for "*WindowShopper*"
No files found.

Searching for "*ask.com*"
No files found.

Searching for "*searchqutoolbar*"
No files found.

Searching for "*PeerBlock*"
C:\Documents and Settings\MARK\My Documents\Downloads\PeerBlock-Setup_v1.0.0.r181.exe --a---- 1954640 bytes [09:19 21/09/2011] [02:26 11/05/2010] 89172F32519424D199C27F345023F8CB

Searching for "*iertutil*"
C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll --a---- 1992192 bytes [17:46 19/09/2011] [18:33 23/06/2011] 245977336BD60170CB13BED95C7E6918
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\iertutil.dll --a---- 268288 bytes [21:30 17/08/2011] [21:30 17/08/2011] 8526F11A72EB2932E94584C6A88F4D87
C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll --a---- 2001408 bytes [22:07 14/11/2011] [23:47 22/08/2011] 3C4C4C37B675D3B286BFF85684034642
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\iertutil.dll --a---- 268288 bytes [23:37 31/10/2011] [23:37 31/10/2011] DA4CAD63703575EE359F4E89F2310591
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\iertutil.dll --a---- 2001408 bytes [05:27 03/01/2012] [19:19 04/11/2011] 0751ED1C6A5BC95C4518744861D6FCBF
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll --a---- 1986048 bytes [17:45 19/09/2011] [10:36 06/05/2010] AA9B8D2F3BEB369DB82E48C689D7A8FC
C:\WINDOWS\ie7updates\KB2586448-IE7\iertutil.dll -----c- 266752 bytes [18:14 17/10/2011] [23:34 13/08/2007] 37B82F050378ABA1FC6BF6664575F68B
C:\WINDOWS\ie7updates\KB2618444-IE7\iertutil.dll -----c- 268288 bytes [11:03 17/12/2011] [21:32 17/08/2011] 80C92437B61D65E397D6EA0A763B8CAC
C:\WINDOWS\ie8\iertutil.dll --a--c- 268288 bytes [05:24 03/01/2012] [23:43 31/10/2011] EB9FEAED8096A9DEECFED39121DFF591
C:\WINDOWS\ie8updates\KB2618444-IE8\iertutil.dll -----c- 1985536 bytes [05:27 03/01/2012] [10:41 06/05/2010] 7FBE659ECDC2E61BDA3AA930C1532516
C:\WINDOWS\ie8updates\KB2618444-IE8\iertutil.dll.000 -----c- 2000384 bytes [05:27 03/01/2012] [23:48 22/08/2011] 7CFDEB1560EACAD6006D653EC55D12D0
C:\WINDOWS\ie8updates\KB982381-IE8\iertutil.dll -----c- 1985024 bytes [05:27 03/01/2012] [10:32 08/03/2009] 58BD4689E1DCD40A903721D7EF45F2EC
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\iertutil.dll --a---- 1991680 bytes [17:43 19/09/2011] [18:36 23/06/2011] 58EDB392D880E8546832643AC46543DC
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\iertutil.dll --a---- 1992192 bytes [17:43 19/09/2011] [18:33 23/06/2011] 245977336BD60170CB13BED95C7E6918
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\iertutil.dll --a---- 2000384 bytes [05:22 03/01/2012] [19:20 04/11/2011] 1AB894FA897E26B23CA53BEED72F61F4
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\iertutil.dll --a---- 2001408 bytes [05:22 03/01/2012] [19:19 04/11/2011] 0751ED1C6A5BC95C4518744861D6FCBF
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\iertutil.dll --a---- 1985536 bytes [17:41 19/09/2011] [10:41 06/05/2010] 7FBE659ECDC2E61BDA3AA930C1532516
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\iertutil.dll --a---- 1986048 bytes [17:41 19/09/2011] [10:36 06/05/2010] AA9B8D2F3BEB369DB82E48C689D7A8FC
C:\WINDOWS\system32\iertutil(2)(3).dll --a---- 268288 bytes [23:34 13/08/2007] [23:43 31/10/2011] EB9FEAED8096A9DEECFED39121DFF591
C:\WINDOWS\system32\iertutil.dll --a---- 2000384 bytes [23:34 13/08/2007] [19:20 04/11/2011] 1AB894FA897E26B23CA53BEED72F61F4
C:\WINDOWS\system32\dllcache\iertutil.dll -----c- 2000384 bytes [17:45 19/09/2011] [19:20 04/11/2011] 1AB894FA897E26B23CA53BEED72F61F4
C:\WINDOWS\system32\en-us\IERtUtil.dll.mui ------- 2560 bytes [20:22 08/03/2009] [20:22 08/03/2009] D4C9F423F5029B8096B96AE85C832A8D

Searching for "*wininet*"
C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\wininet.dll --a---- 668672 bytes [18:17 21/06/2011] [18:17 21/06/2011] CE82C101C2DA9ADD36E325CC9844C9BC
C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [17:46 19/09/2011] [18:33 23/06/2011] 509CF67AE762A38E23A5455A0053853C
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll --a---- 841216 bytes [21:30 17/08/2011] [21:30 17/08/2011] 6E388A1A8AA9EF62E6252530549940C1
C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [22:07 14/11/2011] [23:47 22/08/2011] 19630AEBBFAEB06984CAB91848270AAF
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll --a---- 841216 bytes [23:38 31/10/2011] [23:38 31/10/2011] 4A23B5E3B92F5C54D3A04EA86FF9DC00
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll --a---- 919552 bytes [05:27 03/01/2012] [19:19 04/11/2011] 4E4716CAF514717814D07113AD0425B6
C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\wininet.dll --a---- 668672 bytes [16:01 16/04/2010] [16:01 16/04/2010] C3052A99A24F462B418632A05328BB38
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll --a---- 919040 bytes [17:45 19/09/2011] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll -----c- 656384 bytes [16:56 19/09/2011] [12:00 10/08/2004] C0823FC5469663BA63E7DB88F9919D70
C:\WINDOWS\$NtUninstallKB2559049$\wininet.dll -----c- 667136 bytes [22:24 05/10/2011] [16:09 16/04/2010] B43B18FB0EB577856883E5A0708AB9EF
C:\WINDOWS\$NtUninstallKB982381$\wininet.dll -----c- 666112 bytes [17:36 19/09/2011] [10:42 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\ERDNT\cache\wininet.dll --a---- 916992 bytes [11:12 23/10/2011] [19:20 04/11/2011] 552263502EA8C24D301A0C43FF90B3ED
C:\WINDOWS\ie7\wininet.dll --a--c- 667136 bytes [17:20 12/10/2011] [18:18 21/06/2011] 10D0068A5F17490B1DA6DFC6FB11EFF8
C:\WINDOWS\ie7updates\KB2586448-IE7\wininet.dll -----c- 818688 bytes [18:14 17/10/2011] [23:54 13/08/2007] A4A0FC92358F39538A6494C42EF99FE9
C:\WINDOWS\ie7updates\KB2618444-IE7\wininet.dll -----c- 832512 bytes [11:03 17/12/2011] [21:32 17/08/2011] 3688E2BBE543CC753809E462C3553188
C:\WINDOWS\ie8\wininet.dll --a--c- 832512 bytes [05:24 03/01/2012] [23:43 31/10/2011] 5762E2F5C7B081F4251F92A5DF99FCCC
C:\WINDOWS\ie8\wininet.dll.mui --a--c- 131072 bytes [05:24 03/01/2012] [23:40 13/08/2007] EC0D79CB8F1002EA6877A3E35662DAE6
C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll -----c- 916480 bytes [05:27 03/01/2012] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll.000 -----c- 916480 bytes [05:27 03/01/2012] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll -----c- 914944 bytes [05:27 03/01/2012] [10:34 08/03/2009] 6CE32F7778061CCC5814D5E0F282D369
C:\WINDOWS\ServicePackFiles\i386\wininet.dll ------- 666112 bytes [16:08 19/09/2011] [10:42 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\wininet.dll --a---- 916480 bytes [17:43 19/09/2011] [18:36 23/06/2011] AF4EDDC6C0446FCE5681B5DED52B8F0E
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\wininet.dll --a---- 919552 bytes [17:43 19/09/2011] [18:33 23/06/2011] 509CF67AE762A38E23A5455A0053853C
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll --a---- 666112 bytes [17:01 19/09/2011] [00:12 14/04/2008] 7A4F775ABB2F1C97DEF3E73AFA2FAEDD
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll --a---- 916992 bytes [05:22 03/01/2012] [19:20 04/11/2011] 552263502EA8C24D301A0C43FF90B3ED
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll --a---- 919552 bytes [05:22 03/01/2012] [19:19 04/11/2011] 4E4716CAF514717814D07113AD0425B6
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll --a---- 916480 bytes [17:41 19/09/2011] [10:41 06/05/2010] 2D9C7B010409372C34F725DA5CCED083
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll --a---- 919040 bytes [17:41 19/09/2011] [10:36 06/05/2010] C1490F68B44AF8B781F52F12F564625D
C:\WINDOWS\system32\wininet(3).dll --a---- 832512 bytes [12:00 10/08/2004] [21:32 17/08/2011] 3688E2BBE543CC753809E462C3553188
C:\WINDOWS\system32\wininet(5)(2).dll --a---- 832512 bytes [12:00 10/08/2004] [23:43 31/10/2011] 5762E2F5C7B081F4251F92A5DF99FCCC
C:\WINDOWS\system32\wininet.dll ------- 916992 bytes [12:00 10/08/2004] [19:20 04/11/2011] 552263502EA8C24D301A0C43FF90B3ED
C:\WINDOWS\system32\dllcache\wininet.dll -----c- 916992 bytes [16:09 16/04/2010] [19:20 04/11/2011] 552263502EA8C24D301A0C43FF90B3ED
C:\WINDOWS\system32\en-us\wininet.dll.mui --a---- 53248 bytes [23:40 13/08/2007] [20:21 08/03/2009] 2A7D8005E806CB18CB20CBD997DF6B45

Searching for "*urlmon*"
C:\Program Files\PhotoDeluxe HE 3.1\URLMON.DLL --a---- 182752 bytes [22:02 28/10/2011] [16:11 24/08/1996] 971F8746D874C3B8BC4F5F5DC6667917
C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\urlmon.dll --a---- 633856 bytes [18:17 21/06/2011] [18:17 21/06/2011] F91F39F2983BAC1B3A12630D4D34A847
C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [17:46 19/09/2011] [18:33 23/06/2011] 88CD5F15A63F359327682413D6C21C49
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll --a---- 1172992 bytes [21:30 17/08/2011] [21:30 17/08/2011] 07736203407810F304BFA97128345BFC
C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [22:07 14/11/2011] [23:47 22/08/2011] C959E26CF5AB9C0E68ED3A70386BDBD6
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\urlmon.dll --a---- 1172992 bytes [23:38 31/10/2011] [23:38 31/10/2011] 4E52458D88E2E3C75DFF7482468CD7A3
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [05:27 03/01/2012] [19:19 04/11/2011] AFB5B05B658C51E32EE0FD642D97C190
C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\urlmon.dll --a---- 628736 bytes [16:01 16/04/2010] [16:01 16/04/2010] 4C2D1AF805E474BADB0221F17947D5AE
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll --a---- 1209856 bytes [17:45 19/09/2011] [10:36 06/05/2010] 28A11881A04B8EEA7BBE1882651066C1
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll -----c- 601088 bytes [16:56 19/09/2011] [12:00 10/08/2004] 19D0EAB2740080925F812FF36A2D6378
C:\WINDOWS\$NtUninstallKB2559049$\urlmon.dll -----c- 627712 bytes [22:24 05/10/2011] [16:09 16/04/2010] 456BB0B6A15FF96A2D8F760FEA3ACDFF
C:\WINDOWS\$NtUninstallKB982381$\urlmon.dll -----c- 619520 bytes [17:36 19/09/2011] [10:42 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\ie7\urlmon.dll --a--c- 633344 bytes [17:20 12/10/2011] [18:18 21/06/2011] A809CAEADA7C35E4C04DB5BF23782AA4
C:\WINDOWS\ie7updates\KB2586448-IE7\urlmon.dll -----c- 1162240 bytes [18:14 17/10/2011] [23:54 13/08/2007] 5F0510D33E1B173F9803EC5C287F7CDA
C:\WINDOWS\ie7updates\KB2618444-IE7\urlmon.dll -----c- 1168896 bytes [11:03 17/12/2011] [21:32 17/08/2011] DA01583E2FE34E2F670167506FA5F1D3
C:\WINDOWS\ie8\urlmon.dll --a--c- 1168896 bytes [05:24 03/01/2012] [23:43 31/10/2011] 059BF56F31C691F1398B0F799B6ECCBB
C:\WINDOWS\ie8\urlmon.dll.mui --a--c- 331776 bytes [05:24 03/01/2012] [23:40 13/08/2007] 1D9FF0C77C36AF6F1116E0B096CB05D1
C:\WINDOWS\ie8updates\KB2618444-IE8\urlmon.dll -----c- 1209344 bytes [05:27 03/01/2012] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\ie8updates\KB2618444-IE8\urlmon.dll.000 -----c- 1209344 bytes [05:27 03/01/2012] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\ie8updates\KB982381-IE8\urlmon.dll -----c- 1206784 bytes [05:27 03/01/2012] [10:34 08/03/2009] 05642AE6A7BDAA7541A7451F5A4C6512
C:\WINDOWS\ServicePackFiles\i386\urlmon.dll ------- 619520 bytes [16:07 19/09/2011] [10:42 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\urlmon.dll --a---- 1212416 bytes [17:42 19/09/2011] [18:36 23/06/2011] 58D950B59DD4A69A40F928A40ED1A667
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\urlmon.dll --a---- 1214464 bytes [17:42 19/09/2011] [18:33 23/06/2011] 88CD5F15A63F359327682413D6C21C49
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\urlmon.dll --a---- 619520 bytes [17:01 19/09/2011] [00:12 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\urlmon.dll --a---- 1212416 bytes [05:22 03/01/2012] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\urlmon.dll --a---- 1214464 bytes [05:22 03/01/2012] [19:19 04/11/2011] AFB5B05B658C51E32EE0FD642D97C190
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\urlmon.dll --a---- 1209344 bytes [17:41 19/09/2011] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\urlmon.dll --a---- 1209856 bytes [17:41 19/09/2011] [10:36 06/05/2010] 28A11881A04B8EEA7BBE1882651066C1
C:\WINDOWS\system32\urlmon(3).dll --a---- 1168896 bytes [12:00 10/08/2004] [21:32 17/08/2011] DA01583E2FE34E2F670167506FA5F1D3
C:\WINDOWS\system32\urlmon(5)(2).dll --a---- 1168896 bytes [12:00 10/08/2004] [23:43 31/10/2011] 059BF56F31C691F1398B0F799B6ECCBB
C:\WINDOWS\system32\urlmon.dll --a---- 1212416 bytes [12:00 10/08/2004] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\system32\dllcache\urlmon.dll -----c- 1212416 bytes [16:09 16/04/2010] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\system32\en-us\urlmon.dll.mui --a---- 40960 bytes [23:40 13/08/2007] [20:21 08/03/2009] 4F7CDE36B480B013C8B6B4DF6A950C4E

Searching for "*url*"
C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url --a---- 174 bytes [15:38 26/10/2011] [15:38 26/10/2011] 26122C8FBE8EA3C3413DB58CF868533B
C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url --a---- 181 bytes [15:38 26/10/2011] [15:38 26/10/2011] 3EC2589A353D33C80CCFD7C0CB8827FF
C:\Documents and Settings\All Users\Start Menu\Programs\Jam\JamCam 3.0\Register your JamCam.url --a---- 161 bytes [22:01 28/10/2011] [14:34 01/11/2011] 58653CE584CC3540F8F21EF9CB9A0661
C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine on the Web.url --a---- 102 bytes [02:39 24/09/2011] [13:28 05/01/2012] 9DABE20BD327B01973AFD09756AC93DE
C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\urlclassifierkey3.txt --a---- 154 bytes [04:06 20/01/2012] [23:11 21/01/2012] EFC731797B4B5D3A6DEB471DDE00AEB5
C:\Documents and Settings\MARK\Favorites\2000 VersaTip™ Gas Torch Model 2000.URL --a---- 210 bytes [07:21 03/01/2012] [07:21 03/01/2012] 789679C1323FE542FDF598E16C6CDA02
C:\Documents and Settings\MARK\Favorites\Answer All Open Questions - Yahoo! Answers.URL --a---- 214 bytes [07:21 03/01/2012] [07:21 03/01/2012] 326B644DC4AC72207FC55F018FF50FD7
C:\Documents and Settings\MARK\Favorites\Austin News, Weather, Sports, Traffic KXAN.com.URL --a---- 177 bytes [07:21 03/01/2012] [07:21 03/01/2012] 0BC5A6413F21D2A1E987E1D2E397D3C2
C:\Documents and Settings\MARK\Favorites\austinplantcycle AustinPlantCycle.URL --a---- 218 bytes [07:21 03/01/2012] [07:21 03/01/2012] 8D9DB1301F3FFE2A815C8293C3132229
C:\Documents and Settings\MARK\Favorites\b. organic project list.URL --a---- 186 bytes [07:21 03/01/2012] [07:21 03/01/2012] CEBCE15ADE276621AD84487B6DD5F895
C:\Documents and Settings\MARK\Favorites\b. organic.URL --a---- 165 bytes [07:21 03/01/2012] [07:21 03/01/2012] C339E2157693624B807B1C8E9176FECB
C:\Documents and Settings\MARK\Favorites\Best Wallpapers of 2011, National Geographic.URL --a---- 281 bytes [07:21 03/01/2012] [07:21 03/01/2012] 784AAF9F34DD547F44BA5BDA91AE4096
C:\Documents and Settings\MARK\Favorites\BUY SELL TRADE GUNS ONLINE. TEXAS GUN SHOW CLASSIFIEDS AUCTIONS.URL --a---- 124 bytes [07:21 03/01/2012] [07:21 03/01/2012] 9E7112AF1FC50E042EED2301F92168C7
C:\Documents and Settings\MARK\Favorites\Cheap, easy, low-waste trestle table plans.URL --a---- 220 bytes [07:21 03/01/2012] [07:21 03/01/2012] 7BEB6106C64E52039885DFC7487EBBA1
C:\Documents and Settings\MARK\Favorites\Check Your Numbers.URL --a---- 150 bytes [07:21 03/01/2012] [07:21 03/01/2012] 0743F92351429C2D8170775066F46B98
C:\Documents and Settings\MARK\Favorites\Contact the Veterans Support Organization or find the VSO In Your Area.URL --a---- 152 bytes [07:21 03/01/2012] [07:21 03/01/2012] 646719E4D6CAC6007255E238B414C1E7
C:\Documents and Settings\MARK\Favorites\Cool Site Of The Day. - Page 5 - Tech Support Guy Forums.URL --a---- 159 bytes [07:21 03/01/2012] [07:21 03/01/2012] 3939E0F4AB117D535E0367B88E32CE6D
C:\Documents and Settings\MARK\Favorites\craigslist austin .URL --a---- 182 bytes [14:32 27/09/2011] [08:52 04/12/2011] DAB74F1ED662E4962F6451F360B02010
C:\Documents and Settings\MARK\Favorites\craigslist austin classifieds for jobs, apartments, personals, for sale, services, community, and events.URL --a---- 182 bytes [07:21 03/01/2012] [07:21 03/01/2012] DAB74F1ED662E4962F6451F360B02010
C:\Documents and Settings\MARK\Favorites\craigslist san marcos .URL --a---- 188 bytes [14:32 27/09/2011] [08:52 04/12/2011] 25C4375035C0911CBBF947291391EC1F
C:\Documents and Settings\MARK\Favorites\craigslist san marcos classifieds for jobs, apartments, personals, for sale, services, community, and events.URL --a---- 188 bytes [07:21 03/01/2012] [07:21 03/01/2012] 25C4375035C0911CBBF947291391EC1F
C:\Documents and Settings\MARK\Favorites\Edit Profile LinkedIn.URL --a---- 213 bytes [07:21 03/01/2012] [07:21 03/01/2012] C37D845775DBF6B3B6DA55F253A2F4AF
C:\Documents and Settings\MARK\Favorites\Firefox Support Home Page Firefox Help.URL --a---- 201 bytes [07:21 03/01/2012] [07:21 03/01/2012] FB33389FE1EA9842AE8BD28314E07A6B
C:\Documents and Settings\MARK\Favorites\Free clip art, stock photos, images, pictures » The Stock Solution.URL --a---- 165 bytes [07:21 03/01/2012] [07:21 03/01/2012] 2D83CC51D78C85F495A26D85352B95F8
C:\Documents and Settings\MARK\Favorites\free woodworking plans - Web - WebCrawler.URL --a---- 227 bytes [07:21 03/01/2012] [07:21 03/01/2012] AB28E3682BB1176A9FF89F1671AE6B85
C:\Documents and Settings\MARK\Favorites\full size carousel horses eBay.URL --a---- 267 bytes [07:21 03/01/2012] [07:21 03/01/2012] 54B3B0D500CD537391117EE677E268A2
C:\Documents and Settings\MARK\Favorites\Gmail - Inbox.URL --a---- 263 bytes [07:21 03/01/2012] [07:21 03/01/2012] 528CBF39255A95728BFDBC3B225ECE7F
C:\Documents and Settings\MARK\Favorites\Gmail.URL --a---- 197 bytes [14:32 27/09/2011] [08:52 04/12/2011] C0627641066353BDDED07D3487EFBB84
C:\Documents and Settings\MARK\Favorites\Google Translate.URL --a---- 180 bytes [07:21 03/01/2012] [07:21 03/01/2012] B402DC21D94844B1F89E099DF958396D
C:\Documents and Settings\MARK\Favorites\HijackThis - Trend Micro USA.URL --a---- 186 bytes [07:21 03/01/2012] [07:21 03/01/2012] 1743066ED77CC11CB052A61FB9F4336A
C:\Documents and Settings\MARK\Favorites\Hill Country Restorations.URL --a---- 404 bytes [07:21 03/01/2012] [07:21 03/01/2012] 4A4755E6D08D237C6D3F13ADE25F1AFC
C:\Documents and Settings\MARK\Favorites\HillCountryFreecycle Hill Country Freecycle™.URL --a---- 222 bytes [07:21 03/01/2012] [07:21 03/01/2012] 6A057105CE6D4D703217B9A242761967
C:\Documents and Settings\MARK\Favorites\HillCountryFreecycle Pending Messages.URL --a---- 240 bytes [14:32 27/09/2011] [08:52 04/12/2011] 2D39CAF7A27298DDB4C348D4B6502A28
C:\Documents and Settings\MARK\Favorites\How to Use Google Chrome.URL --a---- 136 bytes [14:32 27/09/2011] [08:52 04/12/2011] 7AE682F0AD3DD4A1156FD6B9DD87324E
C:\Documents and Settings\MARK\Favorites\HP Smart Print.URL --a---- 263 bytes [07:21 03/01/2012] [07:21 03/01/2012] 9A65945DDF89F29708D9BAB0AD46B7E5
C:\Documents and Settings\MARK\Favorites\http citypictures.org index.php.URL --a---- 122 bytes [07:21 03/01/2012] [07:21 03/01/2012] 19BCE976C9F282E88BE7A53965EE0B07
C:\Documents and Settings\MARK\Favorites\http www.txlottery.org export sites lottery index.html.URL --a---- 145 bytes [07:21 03/01/2012] [07:21 03/01/2012] 8BEF622EFED30A88147D4C26D0E2F040
C:\Documents and Settings\MARK\Favorites\KODAK Gallery Photo Merchandise.URL --a---- 273 bytes [07:21 03/01/2012] [07:21 03/01/2012] BBEF6D9079A6019214C765FBACD475C5
C:\Documents and Settings\MARK\Favorites\KyleFreecycle Messages 1113-1247 of 1251.URL --a---- 223 bytes [07:21 03/01/2012] [07:21 03/01/2012] 68CB4534DB186D3094DE756B2B5ED1FA
C:\Documents and Settings\MARK\Favorites\Layoutsparks.com wallpaper.URL --a---- 222 bytes [07:21 03/01/2012] [07:21 03/01/2012] DED2CFD9A192F4432D121D9A75D676E5
C:\Documents and Settings\MARK\Favorites\Lidia's Italy Recipes.URL --a---- 186 bytes [07:21 03/01/2012] [07:21 03/01/2012] 1DD502A9ABD6C0C786CE9D1C32ABC080
C:\Documents and Settings\MARK\Favorites\Lotto Check Your Numbers.URL --a---- 150 bytes [14:32 27/09/2011] [08:52 04/12/2011] 0743F92351429C2D8170775066F46B98
C:\Documents and Settings\MARK\Favorites\Mark Schwend LinkedIn.URL --a---- 226 bytes [07:21 03/01/2012] [07:21 03/01/2012] D589F301421C6CD1DC10E2A45D455A6F
C:\Documents and Settings\MARK\Favorites\MERCHANDISING CONTACT INFORMATION VERIFICATION.URL --a---- 229 bytes [07:21 03/01/2012] [07:21 03/01/2012] 4CF357AB3A41A9B76BA73712A727CFD6
C:\Documents and Settings\MARK\Favorites\Microsoft Support PRODUCTS.URL --a---- 152 bytes [07:21 03/01/2012] [07:21 03/01/2012] EC790B19FAF9ACE14450661BD6FDA509
C:\Documents and Settings\MARK\Favorites\MSN.com.url --a---- 119 bytes [15:32 19/09/2011] [08:52 04/12/2011] 315B47138DB430DBAC3014CC34D86414
C:\Documents and Settings\MARK\Favorites\My Account - PayPal.URL --a---- 226 bytes [07:21 03/01/2012] [07:21 03/01/2012] C581E1496A6C16DD3ADFBB77C314F98B
C:\Documents and Settings\MARK\Favorites\My eBay Messages Inbox.URL --a---- 302 bytes [07:21 03/01/2012] [07:21 03/01/2012] 37CC0B0195F2647041E3D9CAB9486A97
C:\Documents and Settings\MARK\Favorites\Oracle Software Downloads.URL --a---- 208 bytes [07:21 03/01/2012] [07:21 03/01/2012] 780A9C412867C82ECF65BC677120E44F
C:\Documents and Settings\MARK\Favorites\Philosophy Skin Care Philosophy Cosmetics & Philosophy Perfume at Sephora.com Fragrance.URL --a---- 261 bytes [07:21 03/01/2012] [07:21 03/01/2012] 911F9F246E5E477591B833DED18E9B69
C:\Documents and Settings\MARK\Favorites\Pinterest Home.URL --a---- 110 bytes [07:21 03/01/2012] [07:21 03/01/2012] 333427046288AF48928F523068751DE7
C:\Documents and Settings\MARK\Favorites\Rachael Ray Show - Shepherd's Pie Knife-and-Fork Burgers.URL --a---- 240 bytes [07:21 03/01/2012] [07:21 03/01/2012] D69C2E36ED1B701FA27D36AD5ED32557
C:\Documents and Settings\MARK\Favorites\Radio Station Guide.url --a---- 197 bytes [15:32 19/09/2011] [08:52 04/12/2011] 60FA0E221B33B4CEFE92CDEC243185E6
C:\Documents and Settings\MARK\Favorites\Recipes from Jacques Pepin More Fast Food My Way.URL --a---- 141 bytes [07:21 03/01/2012] [07:21 03/01/2012] 91C33CC8866F93FEEF5A2792FA6789BA
C:\Documents and Settings\MARK\Favorites\Respond to your case.URL --a---- 228 bytes [07:21 03/01/2012] [07:21 03/01/2012] 659A86B00453EFD5FF7CDE8E68D18136
C:\Documents and Settings\MARK\Favorites\Robert Simmering in Maxwell, TX WhitePages.URL --a---- 297 bytes [07:21 03/01/2012] [07:21 03/01/2012] D9E7464A3773CF31A65D9895F9E641A1
C:\Documents and Settings\MARK\Favorites\SanMarcosTXFreecycle Messages 8872-8901 of 8901.URL --a---- 230 bytes [07:21 03/01/2012] [07:21 03/01/2012] 01E6C1B99C2C478E8EF0580438EEF78E
C:\Documents and Settings\MARK\Favorites\Sara Moulton Chef, Cookbook Author, Television Personality.URL --a---- 174 bytes [07:21 03/01/2012] [07:21 03/01/2012] A09210C69D275D7084E5669A86F0610F
C:\Documents and Settings\MARK\Favorites\SCHWEND1 - Microsoft Answers.URL --a---- 263 bytes [07:21 03/01/2012] [07:21 03/01/2012] 665BC0CFAAE3D98FC446A645D0F5E20C
C:\Documents and Settings\MARK\Favorites\snopes.com Urban Legends Reference Pages.URL --a---- 168 bytes [07:21 03/01/2012] [07:21 03/01/2012] 1467E23AFBE4193F0DCE0883231F9839
C:\Documents and Settings\MARK\Favorites\Tech Support Guy Forums.URL --a---- 234 bytes [14:32 27/09/2011] [08:52 04/12/2011] A62F152E4658F956CAA5D1A3EE485912
C:\Documents and Settings\MARK\Favorites\Tech Support Guy- My threads.URL --a---- 200 bytes [07:21 03/01/2012] [07:21 03/01/2012] 7AE8ABD92C9F88978158D367C3F59CD1
C:\Documents and Settings\MARK\Favorites\THE GREAT ESCAPE TRAVEL Sweepstakes.URL --a---- 207 bytes [14:32 27/09/2011] [08:52 04/12/2011] 9579151DF529D5FA3231F51588E476A8
C:\Documents and Settings\MARK\Favorites\The Harry Lauder walking stick tree - Photo. - Google Search.URL --a---- 322 bytes [07:21 03/01/2012] [07:21 03/01/2012] 95D9FA03678CC004E93148373CD31470
C:\Documents and Settings\MARK\Favorites\The Pirate Bay - The world's most resilient bittorrent site.URL --a---- 193 bytes [07:21 03/01/2012] [07:21 03/01/2012] B24DDCE4FD4267581E8DDC90B784AD27
C:\Documents and Settings\MARK\Favorites\TheFirearmsForum.Com - Lost Password Recovery Form.URL --a---- 207 bytes [07:21 03/01/2012] [07:21 03/01/2012] 6A4D03FBA54940934677B5FBA008C654
C:\Documents and Settings\MARK\Favorites\ThePBay - Google Search.URL --a---- 208 bytes [07:21 03/01/2012] [07:21 03/01/2012] B048BE7D07A7747E26063522B20BB232
C:\Documents and Settings\MARK\Favorites\Tip of the day.... - Tech Support Guy Forums.URL --a---- 210 bytes [07:21 03/01/2012] [07:21 03/01/2012] 7D127C3ACEBB24591554DF63820E3F38
C:\Documents and Settings\MARK\Favorites\Translation Dictionary - WordReference.com.URL --a---- 182 bytes [07:21 03/01/2012] [07:21 03/01/2012] 6BFB1F381B3C4A2996915ECCAC810285
C:\Documents and Settings\MARK\Favorites\Twinkle's Web Mail Messages.URL --a---- 225 bytes [07:21 03/01/2012] [07:21 03/01/2012] 4697A6105F046EF787AF45C3578C6718
C:\Documents and Settings\MARK\Favorites\unable to download software updates. - Page 2 - Tech Support Guy Forums.URL --a---- 248 bytes [07:21 03/01/2012] [07:21 03/01/2012] D1AB16E5508E189D3C8F0A0DEC54C2E4
C:\Documents and Settings\MARK\Favorites\VA For Vets Pilot Registration.URL --a---- 116 bytes [07:21 03/01/2012] [07:21 03/01/2012] E8150363A04983FD9C313D1AACA2D427
C:\Documents and Settings\MARK\Favorites\Veterans Day Poster Gallery - Office of Public and Intergovernmental Affairs.URL --a---- 183 bytes [07:21 03/01/2012] [07:21 03/01/2012] 642D705F02A5330825D1CD5B6910C368
C:\Documents and Settings\MARK\Favorites\Web Mail Messages (From Firefox).URL --a---- 224 bytes [07:21 03/01/2012] [07:21 03/01/2012] 05CC7B6F00F16788616283CE90133FAB
C:\Documents and Settings\MARK\Favorites\Web Mail Messages.URL --a---- 216 bytes [14:32 27/09/2011] [08:52 04/12/2011] FA30C82FA74A2FFB66D3F3F38E9CEC78
C:\Documents and Settings\MARK\Favorites\Welcome to the GI Bill Web Site The Home for All Educational Benefits Provided by the Department of Veterans Affairs.URL --a---- 174 bytes [07:21 03/01/2012] [07:21 03/01/2012] 845EAF821CA7D36042813BBF71DED631
C:\Documents and Settings\MARK\Favorites\Wells Fargo Sign On to View Your Accounts.URL --a---- 233 bytes [07:21 03/01/2012] [07:21 03/01/2012] AF225101F09136623A77EB6A63EEA188
C:\Documents and Settings\MARK\Favorites\Wikipedia, the free encyclopedia.URL --a---- 186 bytes [07:21 03/01/2012] [07:21 03/01/2012] 011BA88C8372E2D18E61FB35F920D19D
C:\Documents and Settings\MARK\Favorites\wimberleyguy - Yahoo! Mail (From Firefox).URL --a---- 242 bytes [07:21 03/01/2012] [07:21 03/01/2012] 01C43F0992F7A5A057220476F37BC468
C:\Documents and Settings\MARK\Favorites\wimberleyguy - Yahoo! Mail.URL --a---- 225 bytes [14:32 27/09/2011] [08:52 04/12/2011] 3FB232ADEC9692A2787ADF94DBC359BA
C:\Documents and Settings\MARK\Favorites\You're now a registered eBay member.URL --a---- 224 bytes [07:21 03/01/2012] [07:21 03/01/2012] C3D1F41B6EA1965F31ABA81E98DB3BC7
C:\Documents and Settings\MARK\Favorites\You're ready to go! - PayPal.URL --a---- 365 bytes [07:21 03/01/2012] [07:21 03/01/2012] 39F63A5A95C5B0AC114CD0C76983B819
C:\Documents and Settings\MARK\Favorites\Bookmarks Toolbar\Getting Started.URL --a---- 192 bytes [14:32 27/09/2011] [08:52 04/12/2011] BADAEE30FAEE335BA7D7026B36B3D5F2
C:\Documents and Settings\MARK\Favorites\Links\Free Hotmail.url --a---- 113 bytes [15:32 19/09/2011] [08:52 04/12/2011] 99C7A59690945FDB15A15CBFF7838671
C:\Documents and Settings\MARK\Favorites\Links\Suggested Sites.url --a---- 302 bytes [04:10 20/09/2011] [08:52 04/12/2011] 4E54825515DC4B7CC32E3D561F163C0A
C:\Documents and Settings\MARK\Favorites\Links\Web Slice Gallery.url --a---- 226 bytes [04:09 20/09/2011] [07:11 03/01/2012] 73A9F815ED543EA96C5216970B8DA445
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\IE Add-on site.url --a---- 133 bytes [04:09 20/09/2011] [07:11 03/01/2012] 48E524699DCC73BAC0C2545D16B6674E
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\IE site on Microsoft.com.url --a---- 133 bytes [04:09 20/09/2011] [07:11 03/01/2012] AC91D5CC7407507E77788C47A7EBFD47
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\Marketplace.url --a---- 133 bytes [19:35 12/10/2011] [12:24 22/12/2011] 67287E4405E0A1487A67448C2E791090
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\Microsoft At Home.url --a---- 133 bytes [04:09 20/09/2011] [07:11 03/01/2012] F3391623132064D37F46FFD389EDB2D2
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\Microsoft At Work.url --a---- 133 bytes [04:09 20/09/2011] [07:11 03/01/2012] 31C2D4522865E528805887EDF891EB1E
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\Microsoft Store.url --a---- 134 bytes [04:09 20/09/2011] [07:11 03/01/2012] 8A645E631C7649F88926CE028FBFE6DB
C:\Documents and Settings\MARK\Favorites\Microsoft Websites\Welcome to IE7.url --a---- 133 bytes [19:35 12/10/2011] [12:24 22/12/2011] 00A44E2E0BD49360DE37021BD71CEAFF
C:\Documents and Settings\MARK\Favorites\Mozilla Firefox\About Us.URL --a---- 124 bytes [14:32 27/09/2011] [08:52 04/12/2011] F2D290BBDC78FAEFA900A829C54437F5
C:\Documents and Settings\MARK\Favorites\Mozilla Firefox\Customize Firefox.URL --a---- 136 bytes [14:32 27/09/2011] [08:52 04/12/2011] A5A31C6A43C8DC2B0E591AFB29232241
C:\Documents and Settings\MARK\Favorites\Mozilla Firefox\Get Involved.URL --a---- 136 bytes [14:32 27/09/2011] [08:52 04/12/2011] DF98F066300A3776CC810F346ED424D2
C:\Documents and Settings\MARK\Favorites\Mozilla Firefox\Help and Tutorials.URL --a---- 131 bytes [14:32 27/09/2011] [08:52 04/12/2011] DE1B041C962801EAB311B8C9BCDF0727
C:\Documents and Settings\MARK\Favorites\鎈£sorted Bookmarks\http www.bing.com search pc=Z208&form=ZGAADF&install_date=20111127&q=Hill+Country+Restorations++Wimberley%2C+Texas.URL --a---- 261 bytes [07:21 03/01/2012] [07:21 03/01/2012] 88E73FEF15FB2681C34068725C0A5299
C:\Documents and Settings\MARK\Local Settings\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\urlclassifier3.sqlite --a---- 31457280 bytes [21:48 21/01/2012] [14:44 22/01/2012] D5DCF89F76C5870A4CA6044785DD340A
C:\Documents and Settings\MARK\Local Settings\Temporary Internet Files\Content.IE5\J1SO2UYH\surly[1].js --a---- 1702 bytes [14:03 22/01/2012] [14:03 22/01/2012] CFD7D7330E4250366877D4FAEC34CD97
C:\Documents and Settings\MARK\Start Menu\Programs\FrostWire 5\Official FrostWire Website.url --a---- 80 bytes [19:37 19/11/2011] [19:37 19/11/2011] E6182C11B9454DA9A32A7D23F5344046
C:\Documents and Settings\Twinkle\Favorites\Links\Web Slice Gallery.url --a--c- 226 bytes [13:05 05/01/2012] [13:05 05/01/2012] 73A9F815ED543EA96C5216970B8DA445
C:\Documents and Settings\Twinkle\Favorites\Microsoft Websites\IE Add-on site.url --a--c- 133 bytes [13:05 05/01/2012] [13:05 05/01/2012] 48E524699DCC73BAC0C2545D16B6674E
C:\Documents and Settings\Twinkle\Favorites\Microsoft Websites\IE site on Microsoft.com.url --a--c- 133 bytes [13:05 05/01/2012] [13:05 05/01/2012] AC91D5CC7407507E77788C47A7EBFD47
C:\Documents and Settings\Twinkle\Favorites\Microsoft Websites\Microsoft At Home.url --a--c- 133 bytes [13:05 05/01/2012] [13:05 05/01/2012] F3391623132064D37F46FFD389EDB2D2
C:\Documents and Settings\Twinkle\Favorites\Microsoft Websites\Microsoft At Work.url --a--c- 133 bytes [13:05 05/01/2012] [13:05 05/01/2012] 31C2D4522865E528805887EDF891EB1E
C:\Documents and Settings\Twinkle\Favorites\Microsoft Websites\Microsoft Store.url --a--c- 134 bytes [13:05 05/01/2012] [13:05 05/01/2012] 8A645E631C7649F88926CE028FBFE6DB
C:\Program Files\Common Files\System\Ole DB\msdaurl.dll --a---- 4096 bytes [15:23 19/09/2011] [10:42 14/04/2008] 6759E216E144771DF99F3126A5DCE8C5
C:\Program Files\Hewlett-Packard\Digital Imaging\Help\PS_AiO_06_B209a-m_readme\phone_list_urls_lar-150%.png -ra---- 63427 bytes [10:23 29/10/2011] [03:03 02/02/2009] A6CC2C662D6C8F70365C66948693D225
C:\Program Files\Hewlett-Packard\Digital Imaging\HP Photosmart Plus B209a-m\help\HP Product Support Website.url --a---- 144 bytes [10:24 29/10/2011] [10:24 29/10/2011] 05A49757FFD73DBBD5976770B072872A
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\url-classifier.xpt --a---- 1720 bytes [02:54 22/05/2009] [02:54 22/05/2009] 17F9948057E34FAAD203844111792A06
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\urlformatter.xpt --a---- 172 bytes [02:54 22/05/2009] [02:54 22/05/2009] 6BE267B2D177D96341CF7B705A3F2CB9
C:\Program Files\Hewlett-Packard\Digital Imaging\TSDG\Support.url --a---- 140 bytes [23:12 12/12/2002] [23:12 12/12/2002] 3ECC0A8C7D06A3F6794591D01F29C8B8
C:\Program Files\JamCam 3.0\Register.url ------- 150 bytes [22:00 28/10/2011] [17:17 26/05/2000] 9784810B4CB536C4FD96A15B4ECB62FA
C:\Program Files\Microsoft Office\Office10\forms\1033\SECURL.ICO --a---- 1078 bytes [02:23 24/05/2000] [02:23 24/05/2000] 3BEDC926758AF0B96D9E36C393BA5A50
C:\Program Files\Microsoft Office\OFFICE11\FORMS\1033\SECURL.ICO --a---- 1078 bytes [03:23 24/05/2000] [03:23 24/05/2000] 3BEDC926758AF0B96D9E36C393BA5A50
C:\Program Files\Microsoft Picture It! 10\PiFiles\Textures\BURLAP.TIF --a---- 58010 bytes [09:03 19/05/2004] [09:03 19/05/2004] B14F227FC98FE8543FADEC6BD59B6F9F
C:\Program Files\PeoplePC\ISP8400\HTA\Toasts\url.brt ------- 2871 bytes [16:48 23/12/2011] [02:03 11/05/2011] A7C443A7E7F2F02E64357F049FAB3161
C:\Program Files\PhotoDeluxe HE 3.1\URLMON.DLL --a---- 182752 bytes [22:02 28/10/2011] [16:11 24/08/1996] 971F8746D874C3B8BC4F5F5DC6667917
C:\Program Files\PhotoDeluxe HE 3.1\PlugIns\PAGECURL.8BF --a---- 17920 bytes [22:02 28/10/2011] [09:17 18/09/2000] B02C2A9794F241AD4E930333FD842B09
C:\Program Files\VideoLAN\VLC\Documentation.url --a---- 55 bytes [16:53 26/10/2011] [16:53 26/10/2011] 50EED48CA8A0DCFE2506424434E77B18
C:\Program Files\VideoLAN\VLC\New_Skins.url --a---- 64 bytes [16:53 26/10/2011] [16:53 26/10/2011] D9391C0752078F4AD7EFF9EE8B303AD8
C:\Program Files\VideoLAN\VLC\VideoLAN Website.url --a---- 50 bytes [16:53 26/10/2011] [16:53 26/10/2011] 59789A39AD357FE0E41ACE6E7D3A2C46
C:\Program Files\VideoLAN\VLC\sdk\include\vlc\plugins\vlc_url.h --a---- 6181 bytes [12:21 14/07/2011] [12:21 14/07/2011] A222009283848808AECF3B03D3973858
C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\url.dll --a---- 37888 bytes [18:17 21/06/2011] [18:17 21/06/2011] EF88722727C8FF06BB327874EA041A85
C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\urlmon.dll --a---- 633856 bytes [18:17 21/06/2011] [18:17 21/06/2011] F91F39F2983BAC1B3A12630D4D34A847
C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll --a---- 105984 bytes [17:46 19/09/2011] [18:33 23/06/2011] DA532C49D6661C150864E93158F5BD0E
C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [17:46 19/09/2011] [18:33 23/06/2011] 88CD5F15A63F359327682413D6C21C49
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\url.dll --a---- 106496 bytes [21:30 17/08/2011] [21:30 17/08/2011] 68628290AFEB25CA5650B1EC00622A8A
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll --a---- 1172992 bytes [21:30 17/08/2011] [21:30 17/08/2011] 07736203407810F304BFA97128345BFC
C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll --a---- 105984 bytes [22:07 14/11/2011] [23:47 22/08/2011] 8D21C567972B48D095864A703A7E06C5
C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [22:07 14/11/2011] [23:47 22/08/2011] C959E26CF5AB9C0E68ED3A70386BDBD6
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\url.dll --a---- 106496 bytes [23:38 31/10/2011] [23:38 31/10/2011] 1D49C0C1D9B0AD7D21C0CA37E5BA64A9
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\urlmon.dll --a---- 1172992 bytes [23:38 31/10/2011] [23:38 31/10/2011] 4E52458D88E2E3C75DFF7482468CD7A3
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll --a---- 105984 bytes [05:27 03/01/2012] [19:19 04/11/2011] 7C6824A5CBFE77B48DC191A022E3944A
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll --a---- 1214464 bytes [05:27 03/01/2012] [19:19 04/11/2011] AFB5B05B658C51E32EE0FD642D97C190
C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\urlmon.dll --a---- 628736 bytes [16:01 16/04/2010] [16:01 16/04/2010] 4C2D1AF805E474BADB0221F17947D5AE
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll --a---- 1209856 bytes [17:45 19/09/2011] [10:36 06/05/2010] 28A11881A04B8EEA7BBE1882651066C1
C:\WINDOWS\$NtServicePackUninstall$\msdaurl.dll -----c- 4096 bytes [16:57 19/09/2011] [12:00 10/08/2004] 78878CCEA55119FFF5CD0B82A9309649
C:\WINDOWS\$NtServicePackUninstall$\url.dll -----c- 37888 bytes [16:56 19/09/2011] [12:00 10/08/2004] 695FD15CC3ADCFEFF1DF454ABAC4249A
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll -----c- 601088 bytes [16:56 19/09/2011] [12:00 10/08/2004] 19D0EAB2740080925F812FF36A2D6378
C:\WINDOWS\$NtUninstallKB2559049$\url.dll -----c- 37888 bytes [22:24 05/10/2011] [10:42 14/04/2008] 510A6A4A66080B78190D8F0A53F9304B
C:\WINDOWS\$NtUninstallKB2559049$\urlmon.dll -----c- 627712 bytes [22:24 05/10/2011] [16:09 16/04/2010] 456BB0B6A15FF96A2D8F760FEA3ACDFF
C:\WINDOWS\$NtUninstallKB982381$\urlmon.dll -----c- 619520 bytes [17:36 19/09/2011] [10:42 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\Fonts\CURLZ___.TTF -ra---- 69480 bytes [09:48 20/09/2011] [09:00 19/05/2004] D2215729B1C20B9DC5E6230EB6497E6F
C:\WINDOWS\ie7\url.dll --a--c- 37888 bytes [17:20 12/10/2011] [18:18 21/06/2011] BCAD18219D2A0EE0551B05AD2444AF05
C:\WINDOWS\ie7\urlmon.dll --a--c- 633344 bytes [17:20 12/10/2011] [18:18 21/06/2011] A809CAEADA7C35E4C04DB5BF23782AA4
C:\WINDOWS\ie7updates\KB2586448-IE7\url.dll -----c- 105984 bytes [18:14 17/10/2011] [23:44 13/08/2007] 245BC72B30F68BCF296B39C8BA1FD114
C:\WINDOWS\ie7updates\KB2586448-IE7\urlmon.dll -----c- 1162240 bytes [18:14 17/10/2011] [23:54 13/08/2007] 5F0510D33E1B173F9803EC5C287F7CDA
C:\WINDOWS\ie7updates\KB2618444-IE7\url.dll -----c- 106496 bytes [11:03 17/12/2011] [21:32 17/08/2011] 937B43B8B74C09CC8E3A9AB78B643EBC
C:\WINDOWS\ie7updates\KB2618444-IE7\urlmon.dll -----c- 1168896 bytes [11:03 17/12/2011] [21:32 17/08/2011] DA01583E2FE34E2F670167506FA5F1D3
C:\WINDOWS\ie8\url.dll --a--c- 106496 bytes [05:24 03/01/2012] [23:43 31/10/2011] 6FA703896398327EEB6A4B0548456FE6
C:\WINDOWS\ie8\urlmon.dll --a--c- 1168896 bytes [05:24 03/01/2012] [23:43 31/10/2011] 059BF56F31C691F1398B0F799B6ECCBB
C:\WINDOWS\ie8\urlmon.dll.mui --a--c- 331776 bytes [05:24 03/01/2012] [23:40 13/08/2007] 1D9FF0C77C36AF6F1116E0B096CB05D1
C:\WINDOWS\ie8updates\KB2618444-IE8\url.dll -----c- 105984 bytes [05:27 03/01/2012] [10:34 08/03/2009] 91617515AA185259694A1C4882080B99
C:\WINDOWS\ie8updates\KB2618444-IE8\urlmon.dll -----c- 1209344 bytes [05:27 03/01/2012] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\ie8updates\KB2618444-IE8\urlmon.dll.000 -----c- 1209344 bytes [05:27 03/01/2012] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\ie8updates\KB982381-IE8\urlmon.dll -----c- 1206784 bytes [05:27 03/01/2012] [10:34 08/03/2009] 05642AE6A7BDAA7541A7451F5A4C6512
C:\WINDOWS\pchealth\helpctr\System\errors\badurl.htm --a---- 1663 bytes [17:10 19/09/2011] [17:10 19/09/2011] C4DAB772433061B7C4FED01CD041A380
C:\WINDOWS\ServicePackFiles\i386\msdaurl.dll ------- 4096 bytes [16:06 19/09/2011] [10:42 14/04/2008] 6759E216E144771DF99F3126A5DCE8C5
C:\WINDOWS\ServicePackFiles\i386\url.dll ------- 37888 bytes [16:08 19/09/2011] [10:42 14/04/2008] 510A6A4A66080B78190D8F0A53F9304B
C:\WINDOWS\ServicePackFiles\i386\urlmon.dll ------- 619520 bytes [16:07 19/09/2011] [10:42 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\SoftwareDistribution\Download\5599132effaee562760dce29f8ca8491\update\update.url --a---- 5330 bytes [16:08 19/09/2011] [16:23 25/06/2008] 6CFBC3FF82B46B0958029A8656ADF785
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\url.dll --a---- 105984 bytes [17:43 19/09/2011] [18:36 23/06/2011] 33A766DD54C49C9E68B42F4D6391C080
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\urlmon.dll --a---- 1212416 bytes [17:42 19/09/2011] [18:36 23/06/2011] 58D950B59DD4A69A40F928A40ED1A667
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\url.dll --a---- 105984 bytes [17:43 19/09/2011] [18:33 23/06/2011] DA532C49D6661C150864E93158F5BD0E
C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\urlmon.dll --a---- 1214464 bytes [17:42 19/09/2011] [18:33 23/06/2011] 88CD5F15A63F359327682413D6C21C49
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msdaurl.dll --a---- 4096 bytes [17:00 19/09/2011] [00:11 14/04/2008] 6759E216E144771DF99F3126A5DCE8C5
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\url.dll --a---- 37888 bytes [17:01 19/09/2011] [00:12 14/04/2008] 510A6A4A66080B78190D8F0A53F9304B
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\urlmon.dll --a---- 619520 bytes [17:01 19/09/2011] [00:12 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.url --a---- 101375 bytes [17:01 19/09/2011] [13:22 14/04/2008] E350CEF0F2A558F76822DAFE6EE0F2A6
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\url.dll --a---- 105984 bytes [05:22 03/01/2012] [19:20 04/11/2011] C69CA7B29773558095177D3B12434D1A
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\urlmon.dll --a---- 1212416 bytes [05:22 03/01/2012] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\url.dll --a---- 105984 bytes [05:22 03/01/2012] [19:19 04/11/2011] 7C6824A5CBFE77B48DC191A022E3944A
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\urlmon.dll --a---- 1214464 bytes [05:22 03/01/2012] [19:19 04/11/2011] AFB5B05B658C51E32EE0FD642D97C190
C:\WINDOWS\SoftwareDistribution\Download\a855eed5ad28db3548ad40195130e787\update\update.url --a---- 5324 bytes [16:09 19/09/2011] [20:01 25/06/2009] 78A09C094AD7D8A06396B933364FE38F
C:\WINDOWS\SoftwareDistribution\Download\e14bd1c8d27eab2520ba102ec2753b30\update\update.url --a---- 5324 bytes [16:08 19/09/2011] [11:43 10/03/2010] B66666E4C41104F03FDE3107C0E6825E
C:\WINDOWS\SoftwareDistribution\Download\e7e3f2641db6f1463fbb38295b32ff54\update\update.url --a---- 5326 bytes [10:28 17/01/2012] [14:30 25/10/2011] D923A32039DF0797973084EF7C0FA521
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\urlmon.dll --a---- 1209344 bytes [17:41 19/09/2011] [10:41 06/05/2010] E3AB3442249C4861C9D591F95330731F
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\urlmon.dll --a---- 1209856 bytes [17:41 19/09/2011] [10:36 06/05/2010] 28A11881A04B8EEA7BBE1882651066C1
C:\WINDOWS\system32\url(3).dll --a---- 106496 bytes [12:00 10/08/2004] [21:32 17/08/2011] 937B43B8B74C09CC8E3A9AB78B643EBC
C:\WINDOWS\system32\url(4)(2).dll --a---- 106496 bytes [12:00 10/08/2004] [23:43 31/10/2011] 6FA703896398327EEB6A4B0548456FE6
C:\WINDOWS\system32\url.dll --a---- 105984 bytes [12:00 10/08/2004] [19:20 04/11/2011] C69CA7B29773558095177D3B12434D1A
C:\WINDOWS\system32\urlmon(3).dll --a---- 1168896 bytes [12:00 10/08/2004] [21:32 17/08/2011] DA01583E2FE34E2F670167506FA5F1D3
C:\WINDOWS\system32\urlmon(5)(2).dll --a---- 1168896 bytes [12:00 10/08/2004] [23:43 31/10/2011] 059BF56F31C691F1398B0F799B6ECCBB
C:\WINDOWS\system32\urlmon.dll --a---- 1212416 bytes [12:00 10/08/2004] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\system32\dllcache\url.dll -----c- 105984 bytes [18:18 21/06/2011] [19:20 04/11/2011] C69CA7B29773558095177D3B12434D1A
C:\WINDOWS\system32\dllcache\urlmon.dll -----c- 1212416 bytes [16:09 16/04/2010] [19:20 04/11/2011] 496CE99BBBB7680323921DF30B405C36
C:\WINDOWS\system32\en-us\urlmon.dll.mui --a---- 40960 bytes [23:40 13/08/2007] [20:21 08/03/2009] 4F7CDE36B480B013C8B6B4DF6A950C4E

Searching for "*normaliz*"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll --a---- 24584 bytes [16:17 25/07/2008] [16:17 25/07/2008] FB6FC10318BD7AD4C0EAF393987551AA
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\normalization.dll --a---- 21336 bytes [19:16 18/03/2010] [19:16 18/03/2010] 4F8FE517EEBC079031239EAB00892014
C:\WINDOWS\system32\normaliz(3)(2).dll --a---- 23552 bytes [23:20 07/01/2009] [00:20 08/01/2009] 10753A3ADC3E39A3B10CC3F08E98E6B4
C:\WINDOWS\system32\normaliz.dll --a---- 23552 bytes [23:20 07/01/2009] [00:20 08/01/2009] 10753A3ADC3E39A3B10CC3F08E98E6B4

Searching for "*advpack*"
C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\advpack.dll --a---- 124928 bytes [21:30 17/08/2011] [21:30 17/08/2011] 92D509C8EE9FB02A4BFCBD5137FF3CF6
C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\advpack.dll --a---- 124928 bytes [23:37 31/10/2011] [23:37 31/10/2011] 55C2D7A465172278B69FD4BE9E33472C
C:\WINDOWS\$NtServicePackUninstall$\advpack.dll -----c- 99840 bytes [16:57 19/09/2011] [12:00 10/08/2004] 2301AD7B56D8D26936FFF4968D2D9DC6
C:\WINDOWS\ie7\advpack.dll --a--c- 99840 bytes [17:20 12/10/2011] [10:41 14/04/2008] 774348DE1DEA6262E06BFE1906D13D4D
C:\WINDOWS\ie7updates\KB2586448-IE7\advpack.dll -----c- 123904 bytes [18:14 17/10/2011] [23:39 13/08/2007] F9D975BD4E56B05795A56ABB7829D3A3
C:\WINDOWS\ie7updates\KB2618444-IE7\advpack.dll -----c- 124928 bytes [11:03 17/12/2011] [21:32 17/08/2011] 8EF6AEE5B67E40F09140A57A7D64A92D
C:\WINDOWS\ie8\advpack.dll --a--c- 124928 bytes [05:24 03/01/2012] [23:43 31/10/2011] 2D5945425A31D13FCE1E8FF2972FB954
C:\WINDOWS\ie8\advpack.dll.mui --a--c- 10240 bytes [05:24 03/01/2012] [23:38 13/08/2007] BA0DF9DD588F65E98D9CFD529F1FB7B5
C:\WINDOWS\ServicePackFiles\i386\advpack.dll ------- 99840 bytes [16:08 19/09/2011] [10:41 14/04/2008] 774348DE1DEA6262E06BFE1906D13D4D
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\advpack.dll --a---- 99840 bytes [16:58 19/09/2011] [00:11 14/04/2008] 774348DE1DEA6262E06BFE1906D13D4D
C:\WINDOWS\system32\advpack(3).dll --a---- 124928 bytes [12:00 10/08/2004] [21:32 17/08/2011] 8EF6AEE5B67E40F09140A57A7D64A92D
C:\WINDOWS\system32\advpack.dll --a---- 128512 bytes [12:00 10/08/2004] [10:32 08/03/2009] 8FED1E0A491D4990853D23F21C59C730
C:\WINDOWS\system32\advpack.dll.mui --a---- 10240 bytes [23:38 13/08/2007] [20:21 08/03/2009] D5F37A37B59E7490F7EDBAB56CCEB856
C:\WINDOWS\system32\dllcache\advpack.dll --a--c- 128512 bytes [23:39 13/08/2007] [10:32 08/03/2009] 8FED1E0A491D4990853D23F21C59C730

Searching for "*ole32*"
C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll --a---- 1289216 bytes [16:05 01/11/2011] [16:05 01/11/2011] 7D9DDE1AB4B00DDB173F5A16E9206517
C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll --a---- 1289216 bytes [12:04 16/07/2010] [12:04 16/07/2010] 8D51FB47062F2A1A9EFECCEF338A4C46
C:\WINDOWS\$NtServicePackUninstall$\ole32.dll -----c- 1281536 bytes [16:56 19/09/2011] [12:00 10/08/2004] 4FE9D9FA62D020E35E0AC6D1AEEB96F0
C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll -----c- 1288192 bytes [11:03 17/12/2011] [12:05 16/07/2010] 7A6A7900B5E322763430BA6FD9A31224
C:\WINDOWS\$NtUninstallKB979687$\ole32.dll -----c- 1287168 bytes [23:34 20/09/2011] [10:42 14/04/2008] ECCE74BC6168375016450A86A164D976
C:\WINDOWS\ERDNT\cache\ole32.dll --a---- 1288704 bytes [11:12 23/10/2011] [16:07 01/11/2011] 6BAD1BED9872E62049E487FB91AE2F3A
C:\WINDOWS\ServicePackFiles\i386\ole32.dll ------- 1287168 bytes [16:07 19/09/2011] [10:42 14/04/2008] ECCE74BC6168375016450A86A164D976
C:\WINDOWS\ServicePackFiles\i386\stdole32.tlb ------- 7168 bytes [17:08 19/09/2011] [23:34 29/12/2006] 7430A0EC3EF934AE7C4D6807D36ECEBA
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll --a---- 1287168 bytes [17:01 19/09/2011] [00:12 14/04/2008] ECCE74BC6168375016450A86A164D976
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\stdole32.tlb --a---- 7168 bytes [17:01 19/09/2011] [12:00 10/08/2004] 7430A0EC3EF934AE7C4D6807D36ECEBA
C:\WINDOWS\system32\mciole32.dll --a---- 7680 bytes [12:00 10/08/2004] [12:00 10/08/2004] 9F331426EAB6948011FE11DCC07FFD2F
C:\WINDOWS\system32\ole32(3).dll --a---- 1288192 bytes [12:00 10/08/2004] [12:05 16/07/2010] 7A6A7900B5E322763430BA6FD9A31224
C:\WINDOWS\system32\ole32.dll --a---- 1288704 bytes [12:00 10/08/2004] [16:07 01/11/2011] 6BAD1BED9872E62049E487FB91AE2F3A
C:\WINDOWS\system32\stdole32.tlb --a---- 7168 bytes [12:00 10/08/2004] [12:00 10/08/2004] 7430A0EC3EF934AE7C4D6807D36ECEBA
C:\WINDOWS\system32\dllcache\mciole32.dll --a--c- 7680 bytes [12:00 10/08/2004] [12:00 10/08/2004] 9F331426EAB6948011FE11DCC07FFD2F
C:\WINDOWS\system32\dllcache\ole32.dll -----c- 1288704 bytes [12:05 16/07/2010] [16:07 01/11/2011] 6BAD1BED9872E62049E487FB91AE2F3A
C:\WINDOWS\system32\dllcache\stdole32.tlb --a--c- 7168 bytes [12:00 10/08/2004] [12:00 10/08/2004] 7430A0EC3EF934AE7C4D6807D36ECEBA

Searching for "*tool.exe"
C:\Program Files\Java\jre6\bin\keytool.exe --a---- 34080 bytes [05:48 20/09/2011] [11:54 10/11/2011] B75565755E44111FF6391268F3B06555
C:\Program Files\Java\jre6\bin\policytool.exe --a---- 34080 bytes [05:48 20/09/2011] [11:54 10/11/2011] 8D8E70465B638A0FBEF479BB1F9A50BE
C:\Program Files\Java\jre6\bin\servertool.exe --a---- 34080 bytes [05:48 20/09/2011] [11:54 10/11/2011] AA8ECED8B0C3B3722E8958B79A4C6296
C:\WINDOWS\system32\pintool.exe ------- 84480 bytes [05:49 29/10/2005] [05:49 29/10/2005] 12E483D58BC9242543FA86E1591A1D4C

Searching for "*ESPI11.dll"
No files found.

Searching for "*ÖíÅ£Æ¤Ã°ÏÕµº.lnk"
No files found.

Searching for "*ESPI.dll"
No files found.

========== folderfind ==========

Searching for "*EpicPlay*"
C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] d------ [11:36 25/10/2011]
C:\Program Files\EpicPlay d------ [11:36 25/10/2011]
C:\_OTL\MovedFiles\01212012_153525\C_Program Files\EpicPlay d----c- [21:35 21/01/2012]

Searching for "*StartNow*"
No folders found.

Searching for "*WindowShopper*"
No folders found.

Searching for "*ask.com*"
No folders found.

Searching for "*searchqutoolbar*"
C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar d------ [00:24 12/10/2011]
C:\_OTL\MovedFiles\01212012_153525\C_Documents and Settings\MARK\Application Data\searchqutoolbar d------ [00:24 12/10/2011]

Searching for "*PeerBlock*"
No folders found.

========== regfind ==========

Searching for "*EpicPlay*"
No data found.

Searching for "*StartNow*"
No data found.

Searching for "*WindowShopper*"
No data found.

Searching for "*ask.com*"
No data found.

Searching for "*searchqutoolbar*"
No data found.

Searching for "*PeerBlock*"
No data found.

Searching for "*ESPI11*"
No data found.

Searching for "*PACKEDCATALOGITEM*"
No data found.

========== file ==========

c:\windows\system32\agrsmnt.sys - File found and opened.
MD5: 1A2D03ABE1B1FBED5494F20E3655EF43
Created at 03:02 on 23/11/2011
Modified at 05:44 on 30/06/2005
Size: 1269584 bytes
Attributes: -ra----
FileDescription: SoftModem Device Driver
FileVersion: 2.1.56 2.1.56 06/30/2005 13:44:19
ProductVersion: 2.1.56 2.1.56 06/30/2005 13:44:19
OriginalFilename: AGRSM.sys
InternalName: AGRSM.sys
ProductName: Agere SoftModem Driver
CompanyName: Agere Systems
LegalCopyright: Copyright © Agere Systems 1998-2000

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Thanks 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> C:\Documents and Settings\MARK\My Documents\Downloads\PeerBlock-Setup_v1.0.0.r181.exe
> Folder::
> C:\Program Files\EpicPlay
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

---------------


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\ZB20120112110939001.xml*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

-------------

After all the above, can you run this tool:

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*
eddie


----------



## Phoenix Rising (Mar 9, 2009)

AVP Tool by Kaspersky is still downloading ( with dial up it will take a while). Here are the other results. when the "AVP Tool by Kaspersky" is done and I have results for it I will post them as well. 

ComboFix 12-01-21.02 - MARK 01/22/2012 11:40:14.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.498 [GMT -6:00]
Running from: c:\documents and settings\MARK\Desktop\123.exe
Command switches used :: c:\documents and settings\MARK\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\MARK\My Documents\Downloads\PeerBlock-Setup_v1.0.0.r181.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\eptextlinks.jar
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\epicplay.js
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\epicPlayGames.xpt
c:\documents and settings\MARK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\geodata.xml
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\geoip.xml
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\guid.dat
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\preferences.dat
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\stats.dat
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\uninstallFF.dat
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\version.xml
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\weather\a5b6ae5b3a7694ad0f279bb54d8aad7c
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\weather\a983cd0a03c81f8c345b57ea1d47d3b4
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\weather\forecasts_cache.xml
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\weather\observations_cache.xml
c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchqutoolbar\weatherbutton_prefs.xml
c:\documents and settings\MARK\My Documents\Downloads\PeerBlock-Setup_v1.0.0.r181.exe
c:\program files\EpicPlay
c:\program files\EpicPlay\epicHost.dll
c:\program files\EpicPlay\epicPlayFrame.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_pbfilter
-------\Service_pbfilter
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-21 23:13 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66FF5665-4E39-43C1-B80B-50B6BFA7FD64}\mpengine.dll
2012-01-21 22:25 . 2011-11-10 11:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-21 21:43 . 2012-01-21 21:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-21 21:35 . 2012-01-21 21:35 -------- dc----w- C:\_OTL
2012-01-20 19:36 . 2012-01-20 19:36 -------- d-----w- c:\documents and settings\MARK\Application Data\dvdcss
2012-01-20 12:52 . 2012-01-20 12:52 -------- d-----w- c:\documents and settings\MARK\Application Data\SUPERAntiSpyware.com
2012-01-20 12:51 . 2012-01-20 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 15:33 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 23:44 . 2012-01-11 23:44 -------- d-----w- c:\program files\ltmoh
2012-01-11 05:42 . 2012-01-11 05:42 -------- d--h--w- c:\windows\PIF
2012-01-06 13:42 . 2012-01-06 13:42 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-06 13:41 . 2012-01-06 13:41 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-01-06 13:37 . 2012-01-06 13:37 -------- d-----w- c:\windows\system32\URTTEMP
2012-01-06 13:36 . 2012-01-06 13:36 -------- d-----w- c:\windows\Downloaded Installations
2012-01-06 13:04 . 2012-01-21 22:48 -------- dc----w- c:\documents and settings\Administrator
2012-01-05 13:26 . 2009-08-03 21:07 373104 ----a-w- c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
2012-01-05 13:05 . 2006-03-24 01:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2012-01-04 22:58 . 2012-01-06 13:43 -------- dc----w- c:\documents and settings\Twinkle
2012-01-03 05:24 . 2012-01-06 13:37 -------- dc-h--w- c:\windows\ie8
2012-01-02 23:25 . 2012-01-06 13:37 -------- d-----w- c:\program files\LSI SoftModem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-09-25 06:43 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-03 01:43 . 2011-09-20 06:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 20:29 . 2011-09-25 03:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-10 11:54 . 2011-09-20 05:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 09:27 . 2011-09-20 05:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2004-08-10 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-10 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-10 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-10 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2007-08-13 23:34 268288 ----a-w- c:\windows\system32\iertutil(2)(3).dll
2011-10-31 23:43 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet(5)(2).dll
2011-10-31 23:43 . 2004-08-10 12:00 1168896 ----a-w- c:\windows\system32\urlmon(5)(2).dll
2011-10-31 23:43 . 2004-08-10 12:00 106496 ----a-w- c:\windows\system32\url(4)(2).dll
2011-10-28 05:31 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-10 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-13 15:56 . 2011-10-24 23:20 5960560 ----a-w- c:\program files\BitTorrent-7.5(1).exe
2011-11-21 04:04 . 2011-12-17 03:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-23 10:15 . 2011-09-23 10:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^20111127.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\20111127.lnk
backup=c:\windows\pss\20111127.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^MARK^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\MARK\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-06-30 05:16 88203 ------w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-09-23 10:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [11/1/2011 8:37 AM 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
S1 MpKsl0a9ad49f;MpKsl0a9ad49f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66FF5665-4E39-43C1-B80B-50B6BFA7FD64}\MpKsl0a9ad49f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66FF5665-4E39-43C1-B80B-50B6BFA7FD64}\MpKsl0a9ad49f.sys [?]
S2 agrsm;Agere Modem Driver;c:\windows\system32\agrsmnt.sys [11/22/2011 9:02 PM 1269584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/23/2011 4:15 AM 30192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 6:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-01-21 c:\windows\Tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
FF - ProfilePath - c:\documents and settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 11:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(416)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2012-01-22 11:53:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 17:53
ComboFix2.txt 2012-01-21 22:58
ComboFix3.txt 2011-10-23 11:13
.
Pre-Run: 22,165,512,192 bytes free
Post-Run: 22,183,964,672 bytes free
.
- - End Of File - - 29D0BE669CB089297B2C0196C8821218

VirScan:

VirSCAN.org Scanned Report :
Scanned time : 2012/01/22 12:02:46 (CST)
Scanner results: Scanners did not find malware!
File Name : ZB20120112110939001.xml
File Size : 436 byte
File Type : XML 1.0 document text
MD5 : d5956c09d39427ab97f5e17bce94f4d2
SHA1 : 89fa446683a44c612934ea3163f1a7c1f315586d
Online report : http://r.virscan.org/b0d2ff27f285d012cfdd4b3e1ced5192

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120123011514 2012-01-23 0.28 -
AhnLab V3 2012.01.23.00 2012.01.23 2012-01-23 3.67 -
AntiVir 8.2.8.34 7.11.21.127 2012-01-22 0.24 -
Antiy 2.0.18 20120123.15905382 2012-01-23 0.02 -
Arcavir 2011 201201210656 2012-01-21 3.46 -
Authentium 5.1.1 201201220129 2012-01-22 1.43 -
AVAST! 4.7.4 120122-0 2012-01-22 0.00 -
AVG 10.0.1405 2090/4759 2012-01-22 0.10 -
BitDefender 7.90123.7902431 7.40697 2012-01-23 4.07 -
ClamAV 0.97.1 14336 2012-01-22 0.00 -
Comodo 5.1 11328 2012-01-21 2.12 -
CP Secure 1.3.0.5 2012.01.22 2012-01-22 0.01 -
Dr.Web 7.0.0.11250 2012.01.23 2012-01-23 11.38 -
F-Prot 4.6.2.117 20120121 2012-01-21 0.79 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 12.87 -
Fortinet 4.2.257 15.123 2012-01-21 0.11 -
GData 22.3582 20120123 2012-01-23 4.75 -
ViRobot 20120121 2012.01.21 2012-01-21 0.35 -
Ikarus T3.1.32.20.0 2012.01.22.80300 2012-01-22 5.09 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.07 -
Kaspersky 5.5.10 2012.01.22 2012-01-22 0.04 -
KingSoft 2009.2.5.15 2012.1.22.9 2012-01-22 0.95 -
McAfee 5400.1158 6597 2012-01-22 11.10 -
Microsoft 1.8001 2012.01.22 2012-01-22 3.13 -
NOD32 3.0.21 6816 2012-01-22 0.01 -
Panda 9.05.01 2012.01.22 2012-01-22 2.51 -
Trend Micro 9.500-1005 8.726.06 2012-01-22 0.02 -
Quick Heal 11.00 2012.01.21 2012-01-21 0.96 -
Rising 20.0 23.93.02.01 2012-01-18 0.28 -
Sophos 3.27.0 4.73 2012-01-23 4.59 -
Sunbelt 3.9.2526.2 11436 2012-01-22 0.94 -
Symantec 1.3.0.24 20120121.009 2012-01-21 1.51 -
nProtect 20120122.01 11832391 2012-01-22 1.33 -
The Hacker 6.7.0.1 v00384 2012-01-21 0.54 -
VBA32 3.12.16.4 20120120.2024 2012-01-20 3.72 -
VirusBuster 5.4.0.10 14.1.180.1/74922422012-01-22 0.01 -


----------



## Phoenix Rising (Mar 9, 2009)

when I tried to download Kaperski it said that some files were corrupt and I must download again. So I have retried and will get back with you when it works with some results.


----------



## Phoenix Rising (Mar 9, 2009)

It took almost 3 hours to run, and it found no problems luckily. I tried a dozen times to get the KAS log to paste here can't do it. I did however copy this though:
Automatic Scan: completed 6 minutes ago (events: 307338, objects: 304797, time: 02:54:30) No threats.


----------



## eddie5659 (Mar 19, 2001)

Its okay about the log, as it was nice and clean 

There is one program to remove as follows:

Can you uninstall this via AddRemove Programs:

*Windows iLivid Toolbar*

And then save the following as CFSCript, and do the same as before, with the drag/drop and post the log. You'll have to delete the first CFScript 



> Folder::
> C:\Program Files\Windows iLivid Toolbar


Then, can you run the following tools. Also, you had the remains of a virus so I want to see if its all gone 

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









----------

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

------------

Using SystemLook, can you run the following code:


```
:dir
c:\windows\IME\CHTIME\Applets /sub
c:\windows\SYSTEM32\IME\PINTLGNT /sub
c:\windows\IME\imjp8_1 /sub
c:\windows\SYSTEM32\IME\CINTLGNT /sub
c:\windows\IME\imkr6_1 /sub
c:\windows\IME\SHARED\res /sub
c:\windows\SYSTEM32\IME\TINTLGNT /sub
c:\windows\IME\IMJP8_1\applets /sub
c:\windows\IME\CHSIME\applets /sub
c:\windows\IME\shared /sub
c:\windows\IME\IMJP8_1\DICTS /sub
:filefind
*kbd101b.dll
*quick.ime
*miniime.tpl
*kbd106.dll
*winime.ime
*CINTLGNT.IME
*phon.ime
*imjp81k.dll
*winar30.ime
*imekr61.ime
*PINTLGNT.IME
*chajei.ime
*uniime.dll
*unicdime.ime
*kbdkor.dll
*kbd103.dll
*dayi.ime
*kbdjpn.dll
*romanime.ime
*kbd101c.dll
*TINTLGNT.IME
*imjp81.ime
:regfind
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\W2KLPK
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\ENABLE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\FACTOR
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\INITHITS
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\SIZE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB
```
I'm hoping it will come back clear, but want to be safe than sorry


----------



## Phoenix Rising (Mar 9, 2009)

Windows Ilivid thing is done

Downloading the next two, Kasperski one and aswMBR.exe when I have results I will post them.
System look says:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:10 on 24/01/2012 by MARK
Administrator - Elevation successful

========== dir ==========

c:\windows\IME\CHTIME\Applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\SYSTEM32\IME\PINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\imjp8_1 - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\imjp8_1\applets d------ [15:26 19/09/2011]

c:\windows\SYSTEM32\IME\CINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\imkr6_1 - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\imkr6_1\applets d------ [15:26 19/09/2011]

c:\windows\IME\imkr6_1\dicts d------ [15:26 19/09/2011]

c:\windows\IME\SHARED\res - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\SYSTEM32\IME\TINTLGNT - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\IMJP8_1\applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\CHSIME\applets - Parameters: "/sub"

---Files---
None found.

No folders found.

c:\windows\IME\shared - Parameters: "/sub"

---Files---
None found.

c:\windows\IME\shared\res d------ [15:26 19/09/2011]

c:\windows\IME\IMJP8_1\DICTS - Unable to find folder.

========== filefind ==========

Searching for "*kbd101b.dll"
No files found.

Searching for "*quick.ime"
C:\WINDOWS\$NtServicePackUninstall$\quick.ime -----c- 77824 bytes [16:58 19/09/2011] [12:00 10/08/2004] 41EE37E1080C0BF0A62692FF335E0276
C:\WINDOWS\ServicePackFiles\i386\lang\quick.ime ------- 77824 bytes [16:09 19/09/2011] [10:41 14/04/2008] FA97615A0C79C51FAD96911D2D946B77
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\quick.ime --a---- 77824 bytes [17:00 19/09/2011] [00:11 14/04/2008] FA97615A0C79C51FAD96911D2D946B77
C:\WINDOWS\system32\dllcache\quick.ime --a--c- 77824 bytes [15:28 19/09/2011] [10:41 14/04/2008] FA97615A0C79C51FAD96911D2D946B77

Searching for "*miniime.tpl"
C:\WINDOWS\$NtServicePackUninstall$\miniime.tpl -----c- 11776 bytes [17:00 19/09/2011] [04:04 04/08/2004] 9BF4515140865D6E59E299B41CC5509B
C:\WINDOWS\ServicePackFiles\i386\lang\miniime.tpl ------- 11776 bytes [16:09 19/09/2011] [05:10 14/04/2008] C40CF89D7E855DE1FCDA27DB5F3CE424
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\miniime.tpl --a---- 11776 bytes [17:00 19/09/2011] [18:40 13/04/2008] C40CF89D7E855DE1FCDA27DB5F3CE424

Searching for "*kbd106.dll"
C:\WINDOWS\ServicePackFiles\i386\kbd106.dll ------- 6144 bytes [17:06 19/09/2011] [10:39 14/04/2008] C33B3ED4BEF24BAC604FF97FF2D97C49
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbd106.dll --a---- 6144 bytes [17:00 19/09/2011] [00:09 14/04/2008] C33B3ED4BEF24BAC604FF97FF2D97C49

Searching for "*winime.ime"
C:\WINDOWS\$NtServicePackUninstall$\winime.ime -----c- 65536 bytes [16:58 19/09/2011] [12:00 10/08/2004] DCD035CB333B50F7734855DF1CF346C0
C:\WINDOWS\ServicePackFiles\i386\lang\winime.ime ------- 65536 bytes [16:09 19/09/2011] [10:41 14/04/2008] 2CC6DF8577A8648C6C802C067862443E
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\winime.ime --a---- 65536 bytes [17:00 19/09/2011] [00:11 14/04/2008] 2CC6DF8577A8648C6C802C067862443E
C:\WINDOWS\system32\dllcache\winime.ime --a--c- 65536 bytes [15:28 19/09/2011] [10:41 14/04/2008] 2CC6DF8577A8648C6C802C067862443E

Searching for "*CINTLGNT.IME"
C:\WINDOWS\$NtServicePackUninstall$\cintlgnt.ime -----c- 21504 bytes [16:58 19/09/2011] [12:00 10/08/2004] 0C71330B934D112E73A753C313193BD9
C:\WINDOWS\ServicePackFiles\i386\lang\cintlgnt.ime ------- 21504 bytes [16:09 19/09/2011] [10:41 14/04/2008] 96DDB1E61337B7BE52F650C9B570FC46
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\cintlgnt.ime --a---- 21504 bytes [17:00 19/09/2011] [00:11 14/04/2008] 96DDB1E61337B7BE52F650C9B570FC46
C:\WINDOWS\system32\dllcache\cintlgnt.ime --a--c- 21504 bytes [15:27 19/09/2011] [10:41 14/04/2008] 96DDB1E61337B7BE52F650C9B570FC46

Searching for "*phon.ime"
C:\WINDOWS\$NtServicePackUninstall$\phon.ime -----c- 79360 bytes [16:58 19/09/2011] [12:00 10/08/2004] 2051CE65B8FE1D9E6E8A4493D83155BE
C:\WINDOWS\ServicePackFiles\i386\lang\phon.ime ------- 79360 bytes [16:09 19/09/2011] [10:41 14/04/2008] BB665DCB93104E4D81678E55A765F4FF
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\phon.ime --a---- 79360 bytes [17:00 19/09/2011] [00:11 14/04/2008] BB665DCB93104E4D81678E55A765F4FF
C:\WINDOWS\system32\dllcache\phon.ime --a--c- 79360 bytes [15:28 19/09/2011] [10:41 14/04/2008] BB665DCB93104E4D81678E55A765F4FF

Searching for "*imjp81k.dll"
C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll -----c- 811064 bytes [16:58 19/09/2011] [12:00 10/08/2004] 2CA3F4A55B164213BDE6B4B8416262D4
C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll ------- 811064 bytes [16:09 19/09/2011] [10:39 14/04/2008] 2FA3AA17542825F837E119CC669943BC
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\imjp81k.dll --a---- 811064 bytes [17:00 19/09/2011] [00:09 14/04/2008] 2FA3AA17542825F837E119CC669943BC
C:\WINDOWS\system32\dllcache\imjp81k.dll --a--c- 811064 bytes [15:27 19/09/2011] [10:39 14/04/2008] 2FA3AA17542825F837E119CC669943BC

Searching for "*winar30.ime"
C:\WINDOWS\$NtServicePackUninstall$\winar30.ime -----c- 79360 bytes [16:58 19/09/2011] [12:00 10/08/2004] 6CC1BFE77866D54849C06F93C8E3D097
C:\WINDOWS\ServicePackFiles\i386\lang\winar30.ime ------- 79360 bytes [16:09 19/09/2011] [10:41 14/04/2008] 56948CD822AAD728895A74CC8EC0D735
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\winar30.ime --a---- 79360 bytes [17:00 19/09/2011] [00:11 14/04/2008] 56948CD822AAD728895A74CC8EC0D735
C:\WINDOWS\system32\dllcache\winar30.ime --a--c- 79360 bytes [15:28 19/09/2011] [10:41 14/04/2008] 56948CD822AAD728895A74CC8EC0D735

Searching for "*imekr61.ime"
C:\WINDOWS\$NtServicePackUninstall$\imekr61.ime -----c- 94720 bytes [16:58 19/09/2011] [12:00 10/08/2004] 0C865FA69AFAB09E2C8F1EA53D0610D4
C:\WINDOWS\ServicePackFiles\i386\lang\imekr61.ime ------- 94720 bytes [16:09 19/09/2011] [10:39 14/04/2008] 0BE4186EF76AED034FE43A0797F963FA
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\imekr61.ime --a---- 94720 bytes [17:00 19/09/2011] [00:09 14/04/2008] 0BE4186EF76AED034FE43A0797F963FA
C:\WINDOWS\system32\dllcache\imekr61.ime --a--c- 94720 bytes [15:27 19/09/2011] [10:39 14/04/2008] 0BE4186EF76AED034FE43A0797F963FA

Searching for "*PINTLGNT.IME"
C:\WINDOWS\$NtServicePackUninstall$\pintlgnt.ime -----c- 482304 bytes [16:58 19/09/2011] [12:00 10/08/2004] E55EFA038E182B5C357F72F8D3F6A84D
C:\WINDOWS\ServicePackFiles\i386\lang\pintlgnt.ime ------- 482304 bytes [16:09 19/09/2011] [10:41 14/04/2008] 7E0B8C97043388405471FD76E8F189FD
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\pintlgnt.ime --a---- 482304 bytes [17:00 19/09/2011] [00:11 14/04/2008] 7E0B8C97043388405471FD76E8F189FD
C:\WINDOWS\system32\dllcache\pintlgnt.ime --a--c- 482304 bytes [15:28 19/09/2011] [10:41 14/04/2008] 7E0B8C97043388405471FD76E8F189FD

Searching for "*chajei.ime"
C:\WINDOWS\$NtServicePackUninstall$\chajei.ime -----c- 78336 bytes [16:58 19/09/2011] [12:00 10/08/2004] 2417C1FF0CFB8BF8779AA1C2D205C8F8
C:\WINDOWS\ServicePackFiles\i386\lang\chajei.ime ------- 78336 bytes [16:09 19/09/2011] [10:41 14/04/2008] 0419BC2473FA62BF61F615B4893CA299
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\chajei.ime --a---- 78336 bytes [17:00 19/09/2011] [00:11 14/04/2008] 0419BC2473FA62BF61F615B4893CA299
C:\WINDOWS\system32\dllcache\chajei.ime --a--c- 78336 bytes [15:27 19/09/2011] [10:41 14/04/2008] 0419BC2473FA62BF61F615B4893CA299

Searching for "*uniime.dll"
C:\WINDOWS\$NtServicePackUninstall$\uniime.dll -----c- 76288 bytes [16:58 19/09/2011] [12:00 10/08/2004] D81DA064CF5682ED5C9B1C7C29446312
C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll ------- 76288 bytes [16:09 19/09/2011] [10:41 14/04/2008] 4B1C1F9A10CE47FEA5407DAC4C1F4EF8
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\uniime.dll --a---- 76288 bytes [17:00 19/09/2011] [00:11 14/04/2008] 4B1C1F9A10CE47FEA5407DAC4C1F4EF8
C:\WINDOWS\system32\dllcache\uniime.dll --a--c- 76288 bytes [15:28 19/09/2011] [10:41 14/04/2008] 4B1C1F9A10CE47FEA5407DAC4C1F4EF8

Searching for "*unicdime.ime"
C:\WINDOWS\$NtServicePackUninstall$\unicdime.ime -----c- 65024 bytes [16:58 19/09/2011] [12:00 10/08/2004] 27EB290512A92EAA830FBA6D9E02A98A
C:\WINDOWS\ServicePackFiles\i386\lang\unicdime.ime ------- 65024 bytes [16:09 19/09/2011] [10:41 14/04/2008] 21EE9664CB49C1C797E751FE13675B10
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\unicdime.ime --a---- 65024 bytes [17:00 19/09/2011] [00:11 14/04/2008] 21EE9664CB49C1C797E751FE13675B10
C:\WINDOWS\system32\dllcache\unicdime.ime --a--c- 65024 bytes [15:28 19/09/2011] [10:41 14/04/2008] 21EE9664CB49C1C797E751FE13675B10

Searching for "*kbdkor.dll"
No files found.

Searching for "*kbd103.dll"
No files found.

Searching for "*dayi.ime"
C:\WINDOWS\$NtServicePackUninstall$\dayi.ime -----c- 78848 bytes [16:58 19/09/2011] [12:00 10/08/2004] D69624C4AB7E88F6DED1D93429646CDC
C:\WINDOWS\ServicePackFiles\i386\lang\dayi.ime ------- 78848 bytes [16:09 19/09/2011] [10:41 14/04/2008] DC47D5147C07FE214380FC866963C8C0
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\dayi.ime --a---- 78848 bytes [17:00 19/09/2011] [00:11 14/04/2008] DC47D5147C07FE214380FC866963C8C0
C:\WINDOWS\system32\dllcache\dayi.ime --a--c- 78848 bytes [15:27 19/09/2011] [10:41 14/04/2008] DC47D5147C07FE214380FC866963C8C0

Searching for "*kbdjpn.dll"
No files found.

Searching for "*romanime.ime"
C:\WINDOWS\$NtServicePackUninstall$\romanime.ime -----c- 26112 bytes [16:58 19/09/2011] [12:00 10/08/2004] 798D173FB03152EEB58C1936439F44E8
C:\WINDOWS\ServicePackFiles\i386\lang\romanime.ime ------- 26112 bytes [16:09 19/09/2011] [10:41 14/04/2008] 2F15D7D52D74C84172EC3440BBF543FC
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\romanime.ime --a---- 26112 bytes [17:00 19/09/2011] [00:11 14/04/2008] 2F15D7D52D74C84172EC3440BBF543FC
C:\WINDOWS\system32\dllcache\romanime.ime --a--c- 26112 bytes [15:28 19/09/2011] [10:41 14/04/2008] 2F15D7D52D74C84172EC3440BBF543FC

Searching for "*kbd101c.dll"
No files found.

Searching for "*TINTLGNT.IME"
C:\WINDOWS\$NtServicePackUninstall$\tintlgnt.ime -----c- 571392 bytes [16:58 19/09/2011] [12:00 10/08/2004] 9A2B11D982E31E9D94BDB45C31A01D76
C:\WINDOWS\ServicePackFiles\i386\lang\tintlgnt.ime ------- 571392 bytes [16:09 19/09/2011] [10:41 14/04/2008] ED0ABFC1B16BD862BDA52480C7A88A58
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\tintlgnt.ime --a---- 571392 bytes [17:00 19/09/2011] [00:11 14/04/2008] ED0ABFC1B16BD862BDA52480C7A88A58
C:\WINDOWS\system32\dllcache\tintlgnt.ime --a--c- 571392 bytes [15:28 19/09/2011] [10:41 14/04/2008] ED0ABFC1B16BD862BDA52480C7A88A58

Searching for "*imjp81.ime"
C:\WINDOWS\$NtServicePackUninstall$\imjp81.ime -----c- 340023 bytes [16:58 19/09/2011] [12:00 10/08/2004] 4B1F6D1F43E222367D7DB5756F26E608
C:\WINDOWS\ServicePackFiles\i386\lang\imjp81.ime ------- 340023 bytes [16:09 19/09/2011] [10:39 14/04/2008] 5510BBA7190C545610597F0A109E0CA0
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lang\imjp81.ime --a---- 340023 bytes [17:00 19/09/2011] [00:09 14/04/2008] 5510BBA7190C545610597F0A109E0CA0
C:\WINDOWS\system32\dllcache\imjp81.ime --a--c- 340023 bytes [15:27 19/09/2011] [10:39 14/04/2008] 5510BBA7190C545610597F0A109E0CA0

========== regfind ==========

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\W2KLPK"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\ENABLE"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\FACTOR"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\INITHITS"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNATIONAL\CPMRU\SIZE"
No data found.

Searching for "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\MULTIMEDIA\DRAWDIB"
No data found.

-= EOF =-


----------



## Phoenix Rising (Mar 9, 2009)

Kaspersky finds no threats.
aswMBR log:
aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 18:06:07
-----------------------------
18:06:07.359 OS Version: Windows 5.1.2600 Service Pack 3
18:06:07.359 Number of processors: 2 586 0x407
18:06:07.359 ComputerName: MARK-387473CC81 UserName: MARK
18:06:07.796 Initialize success
18:12:01.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
18:12:01.609 Disk 0 Vendor: WDC_WD400BD-75JMA0 05.01C05 Size: 38146MB BusType: 3
18:12:01.609 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000070
18:12:01.609 Disk 1 Vendor: Size: 38146MB BusType: 0
18:12:01.640 Disk 0 MBR read successfully
18:12:01.640 Disk 0 MBR scan
18:12:01.640 Disk 0 Windows XP default MBR code
18:12:01.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
18:12:01.640 Disk 0 scanning sectors +78108030
18:12:01.718 Disk 0 scanning C:\WINDOWS\system32\drivers
18:12:09.421 Service scanning
18:12:10.484 Modules scanning
18:12:31.828 Disk 0 trace - called modules:
18:12:31.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
18:12:31.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f6cab8]
18:12:31.843 3 CLASSPNP.SYS[f767efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x86f78b00]
18:12:31.843 Scan finished successfully
18:13:05.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MARK\Desktop\MBR.dat"
18:13:05.687 The log file has been saved successfully to "C:\Documents and Settings\MARK\Desktop\aswMBR log.txt"


----------



## eddie5659 (Mar 19, 2001)

Excellent, all looking good 

There are a few files that you have on your system that appear legit, but with extra numbers. Can you do the following to see if they are the same.

Go to *Start* and then *Run* and type in the following:

*cmd*

and press enter.

type:

*cd..*

and press enter. Note that there are two periods - dots after the cd.

Then type:

*cd..*

and press enter.

Then, type

*cd\windows\system32*

and press enter. you should then be at

*C:\Windows\System32>*

type

*fc iertutil.dll iertutil(2)(3).dll*

and press enter.

If the data in the files is identical you will be told it is.

*FC: No differences encountered*

If the data in the files are different, a message will appear.

If that happens, rightclick inside the cmd box, and select *Select All* and then again to select *Copy*, and paste the details here in your next reply.

Can you then do the same for the following commands:

*]fc wininet.dll wininet(5)(2).dll

fc urlmon.dll urlmon(5)(2).dll

fc url.dll url(4)(2).dll

fc normaliz.dll normaliz(3)(2).dll

fc url.dll url(3).dll

fc urlmon.dll urlmon(3).dll

fc ole32.dll ole32(3).dll*

type: exit, or close the black window, to return to Windows


----------



## Phoenix Rising (Mar 9, 2009)

*@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
‚Ë
ŽË
˜Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
ŽÌ
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
ŽÍ
œÍ
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
ŒÎ
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
ŽÏ
žÏ
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
ŽÐ
šÐ
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
'Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
‚Ò
šÒ
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä›
î›
þ›
œ
œ
œ
(œ
6œ
Dœ
Pœ
Xœ
bœ
pœ
zœ
„œ
Žœ
˜œ
¢œ
®œ
¸œ
Âœ

Îœ

Úœ
êœ
øœ



2
B
P
^
t
Ž

¶
Æ
Ú
ô
ž
ž
*ž
:ž
Jž
Xž
dž
vž
Žž
ž
¼ž
Èž
Ôž
òž
Ÿ
Ÿ
2Ÿ
@Ÿ
LŸ
bŸ
xŸ
ŒŸ
¢Ÿ
¸Ÿ
ÈŸ
ØŸ
ìŸ


 
* 
: 
L 
d 
t 
‚ 
Ž 
š 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
„¡
-¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>
@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
‚Ë
ŽË
˜Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
ŽÌ
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
ŽÍ
œÍ
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
ŒÎ
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
ŽÏ
žÏ
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
ŽÐ
šÐ
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
'Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
‚Ò
šÒ
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä›
î›
þ›
œ
œ
œ
(œ
6œ
Dœ
Pœ
Xœ
bœ
pœ
zœ
„œ
Žœ
˜œ
¢œ
®œ
¸œ
Âœ

Îœ

Úœ
êœ
øœ



2
B
P
^
t
Ž

¶
Æ
Ú
ô
ž
ž
*ž
:ž
Jž
Xž
dž
vž
Žž
ž
¼ž
Èž
Ôž
òž
Ÿ
Ÿ
2Ÿ
@Ÿ
LŸ
bŸ
xŸ
ŒŸ
¢Ÿ
¸Ÿ
ÈŸ
ØŸ
ìŸ


 
* 
: 
L 
d 
t 
‚ 
Ž 
š 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
„¡
-¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>
@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
‚Ë
ŽË
˜Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
ŽÌ
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
ŽÍ
œÍ
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
ŒÎ
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
ŽÏ
žÏ
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
ŽÐ
šÐ
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
'Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
‚Ò
šÒ
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä›
î›
þ›
œ
œ
œ
(œ
6œ
Dœ
Pœ
Xœ
bœ
pœ
zœ
„œ
Žœ
˜œ
¢œ
®œ
¸œ
Âœ

Îœ

Úœ
êœ
øœ



2
B
P
^
t
Ž

¶
Æ
Ú
ô
ž
ž
*ž
:ž
Jž
Xž
dž
vž
Žž
ž
¼ž
Èž
Ôž
òž
Ÿ
Ÿ
2Ÿ
@Ÿ
LŸ
bŸ
xŸ
ŒŸ
¢Ÿ
¸Ÿ
ÈŸ
ØŸ
ìŸ


 
* 
: 
L 
d 
t 
‚ 
Ž 
š 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
„¡
-¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@






€

€

€€
€

€
€
€€

€€€
ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
„>

ƒH
-J

…T
•V
†W
£M

§V
·Y

•g
¦f
½c

¨w
µx
¥f
©|
µ{
€M#
„[
_2
Šf$
•i'
šr,
ˆh7
'j3
s<
™t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
ŠuM
-yD
o]
Œu]
¡}A
³}U
ƒmc
za
‡~v
"r
wŠ\
Z-y
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ˆˆÿøÿøÿøð
‹

ˆˆ‡ˆÿÿÿÿÿð
¹

ˆvnnÎgÿÿð
‹

fÎŽˆçìgÿÿÿð³€nnˆèèÎlhÿÿ‹°FÆŽèèîìfFÿøð·±fÎÎ|w|ŽÎÄÿÿð‹-lfçÿ÷nløÿð
ˆ»vNÆÿÿø|vtgÿÿð
‹‹<dgÿÿÿÿÿÿøð
¹·fÇ‡‡‡ˆxxxøÿð
x»FlìììæÆfFÿð
;‹tfnnnÎnFAÿð
w··EgÇgnÆdgøð

‹»wÿÿøvfÆGÿÿð

8‹wÿøìææGÿÿð

tc‹·ˆø÷n|fxÿð

gw»w‡f|çfÿÿð

wˆ·gŽxnuÿÿÿð

„xx»x‡Ž…oøø€

gˆˆ·x‡wÿûøˆ€

‡wˆ‹‡xˆÿˆxˆ€

ˆˆ‡‹xÿÿøÿˆ€

ÿøÿø‹ˆxÿ€

ÿÿÿÿÿø»‹ˆø

øÿøÿÿÿÿø€
*****

C:\WINDOWS\system32>

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@






€

€

€€
€

€
€
€€

€€€
ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
„>

ƒH
-J

…T
•V
†W
£M

§V
·Y

•g
¦f
½c

¨w
µx
¥f
©|
µ{
€M#
„[
_2
Šf$
•i'
šr,
ˆh7
'j3
s<
™t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
ŠuM
-yD
o]
Œu]
¡}A
³}U
ƒmc
za
‡~v
"r
wŠ\
Z-y
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ˆˆÿøÿøÿøð
‹

ˆˆ‡ˆÿÿÿÿÿð
¹

ˆvnnÎgÿÿð
‹

fÎŽˆçìgÿÿÿð³€nnˆèèÎlhÿÿ‹°FÆŽèèîìfFÿøð·±fÎÎ|w|ŽÎÄÿÿð‹-lfçÿ÷nløÿð
ˆ»vNÆÿÿø|vtgÿÿð
‹‹<dgÿÿÿÿÿÿøð
¹·fÇ‡‡‡ˆxxxøÿð
x»FlìììæÆfFÿð
;‹tfnnnÎnFAÿð
w··EgÇgnÆdgøð

‹»wÿÿøvfÆGÿÿð

8‹wÿøìææGÿÿð

tc‹·ˆø÷n|fxÿð

gw»w‡f|çfÿÿð

wˆ·gŽxnuÿÿÿð

„xx»x‡Ž…oøø€

gˆˆ·x‡wÿûøˆ€

‡wˆ‹‡xˆÿˆxˆ€

ˆˆ‡‹xÿÿøÿˆ€

ÿøÿø‹ˆxÿ€

ÿÿÿÿÿø»‹ˆø

øÿøÿÿÿÿø€
*****

C:\WINDOWS\system32>

No difference

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@






€

€

€€
€

€
€
€€

€€€
ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
„>

ƒH
-J

…T
•V
†W
£M

§V
·Y

•g
¦f
½c

¨w
µx
¥f
©|
µ{
€M#
„[
_2
Šf$
•i'
šr,
ˆh7
'j3
s<
™t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
ŠuM
-yD
o]
Œu]
¡}A
³}U
ƒmc
za
‡~v
"r
wŠ\
Z-y
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ˆˆÿøÿøÿøð
‹

ˆˆ‡ˆÿÿÿÿÿð
¹

ˆvnnÎgÿÿð
‹

fÎŽˆçìgÿÿÿð³€nnˆèèÎlhÿÿ‹°FÆŽèèîìfFÿøð·±fÎÎ|w|ŽÎÄÿÿð‹-lfçÿ÷nløÿð
ˆ»vNÆÿÿø|vtgÿÿð
‹‹<dgÿÿÿÿÿÿøð
¹·fÇ‡‡‡ˆxxxøÿð
x»FlìììæÆfFÿð
;‹tfnnnÎnFAÿð
w··EgÇgnÆdgøð

‹»wÿÿøvfÆGÿÿð

8‹wÿøìææGÿÿð

tc‹·ˆø÷n|fxÿð

gw»w‡f|çfÿÿð

wˆ·gŽxnuÿÿÿð

„xx»x‡Ž…oøø€

gˆˆ·x‡wÿûøˆ€

‡wˆ‹‡xˆÿˆxˆ€

ˆˆ‡‹xÿÿøÿˆ€

ÿøÿø‹ˆxÿ€

ÿÿÿÿÿø»‹ˆø

øÿøÿÿÿÿø€
*****

C:\WINDOWS\system32>
"'
¤'
¸'
Ì'
è'
ô'

(
(
&(
8(
R(
h(

*****

***** urlmon.dll

Nj
\j
lj
|j
Žj
j
°j
Âj
Ðj
äj
òj

k
k
k
4k
Hk
Zk
'k
¢k
¶k
Èk
Úk
ìk
ük
l
"l
:l
Pl
fl
zl
Šl
˜l
²l
Äl
Ôl

***** URLMON(3).DLL

t(
„(
'(
¢(
¶(
Æ(
Ö(
è(
ú(
)
)
*)
8)
H)
X)
l)
€)
')
¢)
¶)
È)
Ú)
ì)

*
*
**
@*
V*
j*
z*
ˆ*
š*

*****

Resync Failed. Files are too different.
***** urlmon.dll

èl
ül
m
m
.m
<m
Jm
hm
„m
žm
´m
¼m
Øm
êm
üm
n
n
0n
>n
Jn
Zn
hn
xn
ˆn
°n
Ên
än
òn
o
o
(o
@o
No
lo
€o
'o
¢o
²o
Âo
Òo
äo
øo
p
p
2p
Fp
^p
np
~p
'p
¤p
¾p
Ìp
Þp
êp
øp
q
"q
6q
Jq
\q
rq
†q
-q
¦q
¶q
Æq
Ôq
èq
öq
r
r
$r
4r
Jr
fr
xr
†r
'r
¨r
ºr
Ær
Úr
ìr
þr

s
s
*s
6s
Ds
Ps
\s
rs
s
žs
¬s
¾s
Ês
***** URLMON(3).DLL

ª*
¸*
Ô*
ò*
+
+
8+
N+
V+
~+
˜+
²+
Ê+
Ø+
ö+

,
,
2,
B,
R,
b,
r,
‚,
",
¨,
º,
Î,
æ,
ö,

-
-
,-
:-
J-
b-
t-
†-
ž-
¬-
¾-
Ú-
ê-
ü-
.
.
6.
H.
\.
v.
‚.
š.
¨.
À.
Ú.
è.
ú.
/
/
*/
>/
R/
f/
x/
Ž/
¢/
²/
Â/
Î/
ä/
ô/
0
0
$0
20
B0
R0
h0
†0
-0
¬0
È0
Ú0
è0
ô0

1
1
(1
<1
N1
`1
l1
v1
Š1
-1
¢1
°1
*****

C:\WINDOWS\system32>
á
á
$á
4á
Bá
Ná
Zá
pá
zá
á
®á
¾á
Ðá
Üá
ìá
øá
â
â
â
6â
Bâ
Xâ
fâ
râ
„â
šâ
***** OLE32(3).DLL

Þ
Þ
°Þ
ÄÞ
ÖÞ
êÞ

ß
ß
*ß
Bß
Rß
bß
pß
|ß
Šß
šß
¸ß
Æß
Öß
äß
ôß
à
à
6à
Hà
Zà
pà
|à
Œà
šà
¦à
²à
Èà
Òà
èà
á
á
(á
4á
Dá
Pá
\á
já
xá
Žá
šá
°á
¾á
Êá
Üá
òá

â
â
â
,â
Dâ
Vâ
jâ
~â
†â
šâ
*****

Resync Failed. Files are too different.
***** ole32.dll
¨â
´â
Äâ
Ôâ
ìâ
þâ
ã
&ã
.ã
Bã
Pã
fã
~ã
šã
Âã
Òã
âã
ôã
ä
ä
4ä
Nä
bä
nä
‚ä
'ä
®ä
Ää
Øä
ôä
å
å
(å
:å
Lå
\å
nå
„å
"å
¨å
ºå
Òå
äå

æ
æ
2æ
Næ
\æ
tæ
Œæ
¤æ
´æ
Ææ
Öæ
ìæ

ç
ç
ç
*ç
8ç
Fç
Zç
vç
„ç
'ç
ç
¶ç
Êç
àç
òç
è
è
(è
8è
Fè
Rè
dè
rè
|è
è
¨è
¸è
Îè
æè
öè
é
é
é
,é
>é
Té
bé
vé
†é
'é
é
®é
Êé
***** OLE32(3).DLL
¨â
¾â
Öâ
òâ
ã
*ã
:ã
Lã
`ã
rã
Œã
¦ã
ºã
Æã
Úã
êã
ä
ä
0ä
Lä
^ä
tä
€ä
'ä
¤ä
´ä
Æä
Üä
ìä

å
å
*å
<å
Xå
tå
Šå
¦å
´å
Ìå
äå
üå
æ
æ
.æ
Dæ
Xæ
læ
væ
‚æ
æ
žæ
²æ
Îæ
Üæ
êæ
øæ
ç
"ç
8ç
Jç
\ç
nç
€ç
ç
žç
ªç
¼ç
Êç
Ôç
èç

è
è
&è
>è
Nè
\è
hè
vè
„è
-è
¬è
ºè
Îè
Þè
êè
øè
é
"é
6é
Jé
hé
|é
Žé
¤é
®é
Äé
Öé
èé
*****

C:\WINDOWS\system32>

*


----------



## Phoenix Rising (Mar 9, 2009)

*@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
Ë
Ë
Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
Ì
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
Í
Í
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
Î
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
Ï
Ï
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
Ð
Ð
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
Ò
Ò
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä
î
þ



(
6
D
P
X
b
p
z



¢
®
¸
Â

Î

Ú
ê
ø



2
B
P
^
t


¶
Æ
Ú
ô


*
:
J
X
d
v


¼
È
Ô
ò


2
@
L
b
x

¢
¸
È
Ø
ì


 
* 
: 
L 
d 
t 
 
 
 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
¡
¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>
@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
Ë
Ë
Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
Ì
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
Í
Í
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
Î
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
Ï
Ï
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
Ð
Ð
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
Ò
Ò
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä
î
þ



(
6
D
P
X
b
p
z



¢
®
¸
Â

Î

Ú
ê
ø



2
B
P
^
t


¶
Æ
Ú
ô


*
:
J
X
d
v


¼
È
Ô
ò


2
@
L
b
x

¢
¸
È
Ø
ì


 
* 
: 
L 
d 
t 
 
 
 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
¡
¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>
@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
Ë
Ë
Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
Ì
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
Í
Í
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
Î
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
Ï
Ï
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
Ð
Ð
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
Ò
Ò
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä
î
þ



(
6
D
P
X
b
p
z



¢
®
¸
Â

Î

Ú
ê
ø



2
B
P
^
t


¶
Æ
Ú
ô


*
:
J
X
d
v


¼
È
Ô
ò


2
@
L
b
x

¢
¸
È
Ø
ì


 
* 
: 
L 
d 
t 
 
 
 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
¡
¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@


















ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
>

H
J

T
V
W
£M

§V
·Y

g
¦f
½c

¨w
µx
¥f
©|
µ{
M#
[
_2
f$
i'
r,
h7
j3
s<
t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
uM
yD
o]
u]
¡}A
³}U
mc
za
~v
r
w\
Zy
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ÿøÿøÿøð


ÿÿÿÿÿð
¹

vnnÎgÿÿð


fÎçìgÿÿÿð³nnèèÎlhÿÿ°FÆèèîìfFÿøð·±fÎÎ|w|ÎÄÿÿðlfçÿ÷nløÿð
»vNÆÿÿø|vtgÿÿð
<dgÿÿÿÿÿÿøð
¹·fÇxxxøÿð
x»FlìììæÆfFÿð
;tfnnnÎnFAÿð
w··EgÇgnÆdgøð

»wÿÿøvfÆGÿÿð

8wÿøìææGÿÿð

tc·ø÷n|fxÿð

gw»wf|çfÿÿð

w·gxnuÿÿÿð

xx»xoøø

g·xwÿûø

wxÿx

xÿÿøÿ

ÿøÿøxÿ

ÿÿÿÿÿø»ø

øÿøÿÿÿÿø
*****

C:\WINDOWS\system32>

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@


















ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
>

H
J

T
V
W
£M

§V
·Y

g
¦f
½c

¨w
µx
¥f
©|
µ{
M#
[
_2
f$
i'
r,
h7
j3
s<
t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
uM
yD
o]
u]
¡}A
³}U
mc
za
~v
r
w\
Zy
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ÿøÿøÿøð


ÿÿÿÿÿð
¹

vnnÎgÿÿð


fÎçìgÿÿÿð³nnèèÎlhÿÿ°FÆèèîìfFÿøð·±fÎÎ|w|ÎÄÿÿðlfçÿ÷nløÿð
»vNÆÿÿø|vtgÿÿð
<dgÿÿÿÿÿÿøð
¹·fÇxxxøÿð
x»FlìììæÆfFÿð
;tfnnnÎnFAÿð
w··EgÇgnÆdgøð

»wÿÿøvfÆGÿÿð

8wÿøìææGÿÿð

tc·ø÷n|fxÿð

gw»wf|çfÿÿð

w·gxnuÿÿÿð

xx»xoøø

g·xwÿûø

wxÿx

xÿÿøÿ

ÿøÿøxÿ

ÿÿÿÿÿø»ø

øÿøÿÿÿÿø
*****

C:\WINDOWS\system32>

No difference

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

ÿà

ÿ

(

@


















ÀÀÀ

ÿ

ÿ

ÿÿ
ÿ

ÿ
ÿ
ÿÿ

*****

Resync Failed. Files are too different.
***** url.dll



(
,

1
'
5$
41+
G

N
I%
Q(
Z3

H.
Y/
W9
g*

h8

v8

L7$
R;*
I>7
tI
VF6
wV+
fM3
fY2
wY9
9SK
JDA
[[email protected]
]WQ
c\V
qoT
Muf
xqj
>

H
J

T
V
W
£M

§V
·Y

g
¦f
½c

¨w
µx
¥f
©|
µ{
M#
[
_2
f$
i'
r,
h7
j3
s<
t<
¸e&
¦y,
¤m=
¦0
ÂZ

Âh
Ôm

Êv
Ô}
Æf
kL
uM
yD
o]
u]
¡}A
³}U
mc
za
~v
r
w\
Zy
***** URL(3).DLL

ÿÿÿ

ÿÿÿÿÿÿÿÿÿÿð

³¸¸ÿÿÿÿÿÿÿÿÿÿð
p
ÿøÿøÿøð


ÿÿÿÿÿð
¹

vnnÎgÿÿð


fÎçìgÿÿÿð³nnèèÎlhÿÿ°FÆèèîìfFÿøð·±fÎÎ|w|ÎÄÿÿðlfçÿ÷nløÿð
»vNÆÿÿø|vtgÿÿð
<dgÿÿÿÿÿÿøð
¹·fÇxxxøÿð
x»FlìììæÆfFÿð
;tfnnnÎnFAÿð
w··EgÇgnÆdgøð

»wÿÿøvfÆGÿÿð

8wÿøìææGÿÿð

tc·ø÷n|fxÿð

gw»wf|çfÿÿð

w·gxnuÿÿÿð

xx»xoøø

g·xwÿûø

wxÿx

xÿÿøÿ

ÿøÿøxÿ

ÿÿÿÿÿø»ø

øÿøÿÿÿÿø
*****

C:\WINDOWS\system32>
'
¤'
¸'
Ì'
è'
ô'

(
(
&(
8(
R(
h(

*****

***** urlmon.dll

Nj
\j
lj
|j
j
j
°j
Âj
Ðj
äj
òj

k
k
k
4k
Hk
Zk
k
¢k
¶k
Èk
Úk
ìk
ük
l
"l
:l
Pl
fl
zl
l
l
²l
Äl
Ôl

***** URLMON(3).DLL

t(
(
(
¢(
¶(
Æ(
Ö(
è(
ú(
)
)
*)
8)
H)
X)
l)
)
)
¢)
¶)
È)
Ú)
ì)

*
*
**
@*
V*
j*
z*
*
*

*****

Resync Failed. Files are too different.
***** urlmon.dll

èl
ül
m
m
.m
<m
Jm
hm
m
m
´m
¼m
Øm
êm
üm
n
n
0n
>n
Jn
Zn
hn
xn
n
°n
Ên
än
òn
o
o
(o
@o
No
lo
o
o
¢o
²o
Âo
Òo
äo
øo
p
p
2p
Fp
^p
np
~p
p
¤p
¾p
Ìp
Þp
êp
øp
q
"q
6q
Jq
\q
rq
q
q
¦q
¶q
Æq
Ôq
èq
öq
r
r
$r
4r
Jr
fr
xr
r
r
¨r
ºr
Ær
Úr
ìr
þr

s
s
*s
6s
Ds
Ps
\s
rs
s
s
¬s
¾s
Ês
***** URLMON(3).DLL

ª*
¸*
Ô*
ò*
+
+
8+
N+
V+
~+
+
²+
Ê+
Ø+
ö+

,
,
2,
B,
R,
b,
r,
,
,
¨,
º,
Î,
æ,
ö,

-
-
,-
:-
J-
b-
t-
-
-
¬-
¾-
Ú-
ê-
ü-
.
.
6.
H.
\.
v.
.
.
¨.
À.
Ú.
è.
ú.
/
/
*/
>/
R/
f/
x/
/
¢/
²/
Â/
Î/
ä/
ô/
0
0
$0
20
B0
R0
h0
0
0
¬0
È0
Ú0
è0
ô0

1
1
(1
<1
N1
`1
l1
v1
1
1
¢1
°1
*****

C:\WINDOWS\system32>
á
á
$á
4á
Bá
Ná
Zá
pá
zá
á
®á
¾á
Ðá
Üá
ìá
øá
â
â
â
6â
Bâ
Xâ
fâ
râ
â
â
***** OLE32(3).DLL

Þ
Þ
°Þ
ÄÞ
ÖÞ
êÞ

ß
ß
*ß
Bß
Rß
bß
pß
|ß
ß
ß
¸ß
Æß
Öß
äß
ôß
à
à
6à
Hà
Zà
pà
|à
à
à
¦à
²à
Èà
Òà
èà
á
á
(á
4á
Dá
Pá
\á
já
xá
á
á
°á
¾á
Êá
Üá
òá

â
â
â
,â
Dâ
Vâ
jâ
~â
â
â
*****

Resync Failed. Files are too different.
***** ole32.dll
¨â
´â
Äâ
Ôâ
ìâ
þâ
ã
&ã
.ã
Bã
Pã
fã
~ã
ã
Âã
Òã
âã
ôã
ä
ä
4ä
Nä
bä
nä
ä
ä
®ä
Ää
Øä
ôä
å
å
(å
:å
Lå
\å
nå
å
å
¨å
ºå
Òå
äå

æ
æ
2æ
Næ
\æ
tæ
æ
¤æ
´æ
Ææ
Öæ
ìæ

ç
ç
ç
*ç
8ç
Fç
Zç
vç
ç
ç
ç
¶ç
Êç
àç
òç
è
è
(è
8è
Fè
Rè
dè
rè
|è
è
¨è
¸è
Îè
æè
öè
é
é
é
,é
>é
Té
bé
vé
é
é
é
®é
Êé
***** OLE32(3).DLL
¨â
¾â
Öâ
òâ
ã
*ã
:ã
Lã
`ã
rã
ã
¦ã
ºã
Æã
Úã
êã
ä
ä
0ä
Lä
^ä
tä
ä
ä
¤ä
´ä
Æä
Üä
ìä

å
å
*å
<å
Xå
tå
å
¦å
´å
Ìå
äå
üå
æ
æ
.æ
Dæ
Xæ
læ
væ
æ
æ
æ
²æ
Îæ
Üæ
êæ
øæ
ç
"ç
8ç
Jç
\ç
nç
ç
ç
ç
ªç
¼ç
Êç
Ôç
èç

è
è
&è
>è
Nè
\è
hè
vè
è
è
¬è
ºè
Îè
Þè
êè
øè
é
"é
6é
Jé
hé
|é
é
¤é
®é
Äé
Öé
èé
*****

C:\WINDOWS\system32>

*


----------



## eddie5659 (Mar 19, 2001)

Well, that wasn't what I was expecting to see.......

Can you do it again, but this time just let me know which ones came up with each message. Looks like the copy/paste from the cmd doesn't work well 

I see that at least one file may be different, so just want to make sure 

Thanks

eddie


----------



## Phoenix Rising (Mar 9, 2009)

Ist one:
@

@.reloc

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

à

b

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

¶

*****

***** iertutil.dll

***** IERTUTIL(2)(3).DLL

@

B

*****

***** iertutil.dll

¤Ê
¬Ê
ºÊ
ÆÊ
ÔÊ
äÊ
îÊ
üÊ
Ë
Ë
Ë
&Ë
2Ë
:Ë
FË
PË
ZË
dË
nË
xË
‚Ë
ŽË
˜Ë
¢Ë
¬Ë
¶Ë
ÀË
ÊË
ÔË
ÞË

***** IERTUTIL(2)(3).DLL

*****

***** iertutil.dll

èË

***** IERTUTIL(2)(3).DLL

*****

Resync Failed. Files are too different.
***** iertutil.dll

ôË
Ì
Ì
6Ì
NÌ
ZÌ
lÌ
xÌ
ŽÌ
Ì
¶Ì
ÆÌ
ÒÌ
âÌ
ôÌ
Í
Í
*Í
6Í
BÍ
XÍ
hÍ
~Í
ŽÍ
œÍ
²Í
ÈÍ
ØÍ
ìÍ
þÍ
Î
Î
.Î
DÎ
ZÎ
nÎ
|Î
ŒÎ
ªÎ
ÄÎ
ÖÎ
èÎ
øÎ

Ï
&Ï
0Ï
>Ï
JÏ
XÏ
rÏ
ŽÏ
žÏ
´Ï
ÈÏ
ÞÏ
ìÏ
üÏ
Ð
Ð
,Ð
<Ð
HÐ
^Ð
tÐ
ŽÐ
šÐ
ªÐ
ºÐ
ÖÐ
æÐ
öÐ
Ñ
Ñ
,Ñ
BÑ
ZÑ
bÑ
~Ñ
'Ñ
¬Ñ
ÊÑ
ØÑ
êÑ
Ò
Ò
0Ò
JÒ
^Ò
nÒ
‚Ò
šÒ
°Ò
ÌÒ
êÒ
Ó
Ó
@Ó
XÓ
***** IERTUTIL(2)(3).DLL

ä›
î›
þ›
œ
œ
œ
(œ
6œ
Dœ
Pœ
Xœ
bœ
pœ
zœ
„œ
Žœ
˜œ
¢œ
®œ
¸œ
Âœ

Îœ

Úœ
êœ
øœ



2
B
P
^
t
Ž

¶
Æ
Ú
ô
ž
ž
*ž
:ž
Jž
Xž
dž
vž
Žž
ž
¼ž
Èž
Ôž
òž
Ÿ
Ÿ
2Ÿ
@Ÿ
LŸ
bŸ
xŸ
ŒŸ
¢Ÿ
¸Ÿ
ÈŸ
ØŸ
ìŸ


 
* 
: 
L 
d 
t 
‚ 
Ž 
š 
° 
¸ 
Ò 
æ 
¡
¡
4¡
J¡
\¡
„¡
-¡
¨¡
Ä¡
Ô¡
*****

C:\WINDOWS\system32>


----------



## eddie5659 (Mar 19, 2001)

Okay, stop there for now. I need to look at something, to make sure its bringing up the required stuff. Back in a bit


----------



## Phoenix Rising (Mar 9, 2009)

Ok for some reason select all works when I go back for copy it's grey and I do it anyway but don't know ifit just keeps coping the new one plus all the old as well. I'll await further instructions.


----------



## eddie5659 (Mar 19, 2001)

Okay, I've created a file that is similar to what you have, with the ()'s. Different filename, but its not in use at the moment 

So, this is what it looks like after I press Enter:










Now, I've noticed that on yours it was a different description, but then if you do this to paste it here:

Right-click and *SelectAll* Gives this:










Then, if you press Ctrl-C, it should copy it, to give you this:



> Microsoft Windows [Version 6.1.7601]
> Copyright (c) 2009 Microsoft Corporation. All rights reserved.
> 
> C:\Users\>cd..
> ...


You may have to do this a few times, seemed to take me 3 attempts. Then, in the thread, or in Notepad so its easy to see, press Ctrl-V to paste.

-----------

if it still doesn't work, just let me know which ones were okay and which aren't. We shouldn't need the screenshots, but it would be nice to see if it works or not


----------



## Phoenix Rising (Mar 9, 2009)

It says it's not recognized as an internal or external command. inoperable program or batch file


----------



## eddie5659 (Mar 19, 2001)

Strange. That's what comes up when you do the fc like you did before?

Okay, we'll just scan them manually, but they may be all okay.


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\System32\iertutil(2)(3).dll*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Then do the same with these:

C:\Windows\System32\wininet(5)(2).dll
C:\Windows\System32\urlmon(5)(2).dll
C:\Windows\System32\url(4)(2).dll
C:\Windows\System32\normaliz(3)(2).dll
C:\Windows\System32\url(3).dll
C:\Windows\System32\urlmon(3).dll
C:\Windows\System32\ole32(3).dll

-------

Also, can you start OTL and run a scan as follows:


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in

```
/md5start
wininet(5)(2).dll
wininet.dll
urlmon(5)(2).dll
urlmon.dll
url(4)(2).dll
url.dll
normaliz(3)(2).dll
normaliz.dll
url(3).dll
urlmon(3).dll
ole32(3).dll
ole32.dll
/md5stop
CREATERESTOREPOINT
```

Then click the *Run Scan* button at the top 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 

eddie


----------



## Phoenix Rising (Mar 9, 2009)

1st one:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:24:52 (CST)
Scanner results: Scanners did not find malware!
File Name : iertutil(2)(3).dll
File Size : 268288 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : eb9feaed8096a9deecfed39121dff591
SHA1 : e120933be1f483f9ed9592d1f5dfa78240806280
Online report : http://r.virscan.org/beb62a4900face00c66f72dc842bb955

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.35 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 2.95 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.25 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.50 -
Authentium 5.1.1 201201282031 2012-01-28 1.43 -
AVAST! 4.7.4 120129-0 2012-01-29 0.03 -
AVG 10.0.1405 2090/4774 2012-01-29 0.07 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.97 -
ClamAV 0.97.1 14370 2012-01-29 0.06 -
Comodo 5.1 11377 2012-01-28 2.15 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.07 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.51 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.78 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 0.20 -
Fortinet 4.2.257 15.146 2012-01-29 0.11 -
GData 22.3675 20120130 2012-01-30 5.23 -
ViRobot 20120128 2012.01.28 2012-01-28 0.63 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.21 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.04 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.92 -
McAfee 5400.1158 6604 2012-01-29 10.98 -
Microsoft 1.8001 2012.01.29 2012-01-29 3.56 -
NOD32 3.0.21 6835 2012-01-28 0.04 -
Panda 9.05.01 2012.01.29 2012-01-29 2.16 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.03 -
Quick Heal 11.00 2012.01.28 2012-01-28 1.01 -
Rising 20.0 23.93.02.01 2012-01-18 2.46 -
Sophos 3.27.0 4.73 2012-01-30 4.64 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.71 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.05 -
nProtect 20120127.02 11682090 2012-01-27 1.13 -
The Hacker 6.7.0.1 v00388 2012-01-27 0.51 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 5.38 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.02 -


----------



## Phoenix Rising (Mar 9, 2009)

2nd:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:31:13 (CST)
Scanner results: Scanners did not find malware!
File Name : wininet(5)(2).dll
File Size : 832512 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 5762e2f5c7b081f4251f92a5df99fccc
SHA1 : b30acf67121bcbe5632e882152c884d881fb3987
Online report : http://r.virscan.org/fc3f2159a9b207b91559a15a232cccf7

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.42 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 3.85 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.27 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.50 -
Authentium 5.1.1 201201282031 2012-01-28 1.46 -
AVAST! 4.7.4 120129-0 2012-01-29 0.08 -
AVG 10.0.1405 2090/4774 2012-01-29 0.08 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 4.02 -
ClamAV 0.97.1 14370 2012-01-29 0.19 -
Comodo 5.1 11377 2012-01-28 2.26 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.12 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.60 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.79 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 0.22 -
Fortinet 4.2.257 15.146 2012-01-29 0.11 -
GData 22.3675 20120130 2012-01-30 4.82 -
ViRobot 20120128 2012.01.28 2012-01-28 0.38 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.13 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.04 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.88 -
McAfee 5400.1158 6604 2012-01-29 10.99 -
Microsoft 1.8001 2012.01.29 2012-01-29 3.77 -
NOD32 3.0.21 6835 2012-01-28 0.08 -
Panda 9.05.01 2012.01.29 2012-01-29 2.45 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.04 -
Quick Heal 11.00 2012.01.28 2012-01-28 1.59 -
Rising 20.0 23.93.02.01 2012-01-18 2.56 -
Sophos 3.27.0 4.73 2012-01-30 4.64 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.82 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.07 -
nProtect 20120127.02 11682090 2012-01-27 1.28 -
The Hacker 6.7.0.1  v00388 2012-01-27 0.66 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.38 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.02 -


----------



## Phoenix Rising (Mar 9, 2009)

next one:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:34:44 (CST)
Scanner results: Scanners did not find malware!
File Name : url(4)(2).dll
File Size : 106496 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 6fa703896398327eeb6a4b0548456fe6
SHA1 : 9f2e3803c8dfa3451cb6b640dd2ef9951c036cf4
Online report : http://r.virscan.org/ba9f61757530e038f7662d7987e995e8

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.29 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 3.39 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.26 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.49 -
Authentium 5.1.1 201201282031 2012-01-28 1.44 -
AVAST! 4.7.4 120129-0 2012-01-29 0.01 -
AVG 10.0.1405 2090/4774 2012-01-29 0.08 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.98 -
ClamAV 0.97.1 14370 2012-01-29 0.03 -
Comodo 5.1 11377 2012-01-28 2.15 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.07 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.47 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.77 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 0.20 -
Fortinet 4.2.257 15.146 2012-01-29 0.10 -
GData 22.3675 20120130 2012-01-30 4.60 -
ViRobot 20120128 2012.01.28 2012-01-28 0.38 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.17 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.92 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.11 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.83 -
McAfee 5400.1158 6604 2012-01-29 10.98 -
Microsoft 1.8001 2012.01.29 2012-01-29 3.10 -
NOD32 3.0.21 6835 2012-01-28 0.03 -
Panda 9.05.01 2012.01.29 2012-01-29 2.18 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.04 -
Quick Heal 11.00 2012.01.28 2012-01-28 1.48 -
Rising 20.0 23.93.02.01 2012-01-18 2.34 -
Sophos 3.27.0 4.73 2012-01-30 4.68 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.87 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.05 -
nProtect 20120127.02 11682090 2012-01-27 1.29 -
The Hacker 6.7.0.1 v00388 2012-01-27 0.52 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.04 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.02 -


----------



## Phoenix Rising (Mar 9, 2009)

next:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:37:41 (CST)
Scanner results: Scanners did not find malware!
File Name : normaliz(3)(2).dll
File Size : 23552 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 10753a3adc3e39a3b10cc3f08e98e6b4
SHA1 : ecd1fc4ebcd524aefac77061a8c0b5e4a2a01a8d
Online report : http://r.virscan.org/bbb5413597f69fc8fbd4146fc6c2681a

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.29 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 2.84 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.25 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.52 -
Authentium 5.1.1 201201282031 2012-01-28 1.44 -
AVAST! 4.7.4 120129-0 2012-01-29 0.01 -
AVG 10.0.1405 2090/4774 2012-01-29 0.08 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.99 -
ClamAV 0.97.1 14370 2012-01-29 0.01 -
Comodo 5.1 11377 2012-01-28 2.09 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.04 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.48 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.77 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 12.49 -
Fortinet 4.2.257 15.146 2012-01-29 0.10 -
GData 22.3675 20120130 2012-01-30 4.52 -
ViRobot 20120128 2012.01.28 2012-01-28 0.38 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.17 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.98 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.91 -
McAfee 5400.1158 6604 2012-01-29 10.91 -
Microsoft 1.8001 2012.01.29 2012-01-29 3.11 -
NOD32 3.0.21 6835 2012-01-28 0.00 -
Panda 9.05.01 2012.01.29 2012-01-29 2.65 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.03 -
Quick Heal 11.00 2012.01.28 2012-01-28 0.94 -
Rising 20.0 23.93.02.01 2012-01-18 2.27 -
Sophos 3.27.0 4.73 2012-01-30 4.67 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.67 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.05 -
nProtect 20120127.02 11682090 2012-01-27 1.17 -
The Hacker 6.7.0.1 v00388 2012-01-27 0.52 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.06 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.04 -


----------



## Phoenix Rising (Mar 9, 2009)

next:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:40:49 (CST)
Scanner results: Scanners did not find malware!
File Name : url(3).dll
File Size : 106496 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 937b43b8b74c09cc8e3a9ab78b643ebc
SHA1 : 52152b6715fdadf937bf5b1d283dec1d3cb52239
Online report : http://r.virscan.org/87a9d69a11c9831ce642f35cc0f815fb

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.28 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 3.55 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.25 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.51 -
Authentium 5.1.1 201201282031 2012-01-28 1.44 -
AVAST! 4.7.4 120129-0 2012-01-29 0.01 -
AVG 10.0.1405 2090/4774 2012-01-29 0.08 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.98 -
ClamAV 0.97.1 14370 2012-01-29 0.03 -
Comodo 5.1 11377 2012-01-28 2.14 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.06 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.47 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.77 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 0.19 -
Fortinet 4.2.257 15.146 2012-01-29 0.11 -
GData 22.3675 20120130 2012-01-30 4.66 -
ViRobot 20120128 2012.01.28 2012-01-28 0.38 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.17 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.00 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.84 -
McAfee 5400.1158 6604 2012-01-29 10.97 -
Microsoft 1.8001 2012.01.29 2012-01-29 4.10 -
NOD32 3.0.21 6835 2012-01-28 0.03 -
Panda 9.05.01 2012.01.29 2012-01-29 2.10 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.03 -
Quick Heal 11.00 2012.01.28 2012-01-28 0.93 -
Rising 20.0 23.93.02.01 2012-01-18 2.35 -
Sophos 3.27.0 4.73 2012-01-30 4.67 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.81 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.05 -
nProtect 20120127.02 11682090 2012-01-27 1.14 -
The Hacker 6.7.0.1 v00388  2012-01-27 0.52 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.04 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.02 -


----------



## Phoenix Rising (Mar 9, 2009)

next:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 14:50:10 (CST)
Scanner results: Scanners did not find malware!
File Name : urlmon(3).dll
File Size : 1168896 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : da01583e2fe34e2f670167506fa5f1d3
SHA1 : 7df2de70642a2aca6065e4253533ef7ceb5b6e56
Online report : http://r.virscan.org/36a38b517a976a440d28a2f2a3e67686

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.32 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 3.61 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.26 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.52 -
Authentium 5.1.1 201201282031 2012-01-28 1.51 -
AVAST! 4.7.4 120129-0 2012-01-29 0.10 -
AVG 10.0.1405 2090/4774 2012-01-29 0.09 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.99 -
ClamAV 0.97.1 14370 2012-01-29 0.25 -
Comodo 5.1 11377 2012-01-28 2.17 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.40 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.59 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.81 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 7.32 -
Fortinet 4.2.257 15.146 2012-01-29 0.12 -
GData 22.3675 20120130 2012-01-30 4.92 -
ViRobot 20120128 2012.01.28 2012-01-28 0.41 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.12 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.98 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.95 -
McAfee 5400.1158 6604 2012-01-29 11.00 -
Microsoft 1.8001 2012.01.29 2012-01-29 5.97 -
NOD32 3.0.21 6835 2012-01-28 0.11 -
Panda 9.05.01 2012.01.29 2012-01-29 2.94 -
Trend Micro 9.500-1005 8.742.05 2012-01-29 0.03 -
Quick Heal 11.00 2012.01.28 2012-01-28 2.45 -
Rising 20.0 23.93.02.01 2012-01-18 1.19 -
Sophos 3.27.0 4.73 2012-01-30 4.62 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.90 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.07 -
nProtect 20120127.02 11682090 2012-01-27 1.26 -
The Hacker 6.7.0.1 v00388 2012-01-27 0.60 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.49 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.02 -


----------



## Phoenix Rising (Mar 9, 2009)

Last one:
VirSCAN.org Scanned Report :
Scanned time : 2012/01/29 15:00:57 (CST)
Scanner results: Scanners did not find malware!
File Name : ole32(3).dll
File Size : 1288192 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 7a6a7900b5e322763430ba6fd9a31224
SHA1 : 9c1934e436a2056853797697b4e6a060637097ed
Online report : http://r.virscan.org/d6776c299ba365c75201213c2a761985

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120130040213 2012-01-30 0.32 -
AhnLab V3 2012.01.30.00 2012.01.30 2012-01-30 5.05 -
AntiVir 8.2.8.44 7.11.21.204 2012-01-29 0.26 -
Antiy 2.0.18 20120126.15937943 2012-01-26 0.02 -
Arcavir 2011 201201290811 2012-01-29 3.50 -
Authentium 5.1.1 201201282031 2012-01-28 1.48 -
AVAST! 4.7.4 120129-0 2012-01-29 0.13 -
AVG 10.0.1405 2090/4774 2012-01-29 0.08 -
BitDefender 7.90123.7748062 7.40794 2012-01-30 3.98 -
ClamAV 0.97.1 14370 2012-01-29 0.30 -
Comodo 5.1 11377 2012-01-28 2.16 -
CP Secure 1.3.0.5 2012.01.27 2012-01-27 0.46 -
Dr.Web 7.0.0.11250 2012.01.30 2012-01-30 11.59 -
F-Prot 4.6.2.117 20120128 2012-01-28 0.82 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 12.54 -
Fortinet 4.2.257 15.146 2012-01-29 0.10 -
GData 22.3675 20120130 2012-01-30 4.66 -
ViRobot 20120128 2012.01.28 2012-01-28 0.38 -
Ikarus T3.1.32.20.0 2012.01.29.80359 2012-01-29 5.15 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.94 -
Kaspersky 5.5.10 2012.01.29 2012-01-29 0.12 -
KingSoft 2009.2.5.15 2012.1.29.9 2012-01-29 0.87 -
McAfee 5400.1158 6604 2012-01-29 11.05 -
Microsoft 1.8001 2012.01.29 2012-01-29 5.61 -
NOD32 3.0.21 6835 2012-01-28 0.12 -
Panda 9.05.01 2012.01.29 2012-01-29 2.16 -
Trend Micro 9.500-1005 8.742.06 2012-01-29 0.03 -
Quick Heal 11.00 2012.01.28 2012-01-28 1.37 -
Rising 20.0 23.93.02.01 2012-01-18 2.46 -
Sophos 3.27.0 4.73 2012-01-30 4.66 -
Sunbelt 3.9.2526.2 11472 2012-01-29 0.71 -
Symantec 1.3.0.24 20120128.009 2012-01-28 0.06 -
nProtect 20120127.02 11682090 2012-01-27 1.14 -
The Hacker 6.7.0.1 v00388 2012-01-27 0.53 -
VBA32 3.12.16.4 20120126.1159 2012-01-26 4.39 -
VirusBuster 5.4.1.7 14.1.190.0/75952022012-01-29 0.03 -

Here you goI hope it helps us out!


----------



## Phoenix Rising (Mar 9, 2009)

OTL log:
OTL logfile created on: 1/29/2012 3:11:31 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 396.14 Mb Available Physical Memory | 39.06% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 19.88 Gb Free Space | 53.38% Space Free | Partition Type: NTFS
Drive H: | 14.41 Gb Total Space | 2.96 Gb Free Space | 20.54% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
PRC - [2011/11/20 22:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/14 06:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 19:43:53 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/20 22:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 04:15:57 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/07/14 06:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 06:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 06:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/07/14 06:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 06:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 06:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,128,000 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 06:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,178,176 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011/07/14 06:21:12 | 008,248,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,072,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/07/14 06:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011/07/14 06:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011/07/14 06:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011/07/14 06:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,065,536 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,030,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011/01/30 15:27:22 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2011/01/30 15:27:22 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2011/01/30 15:27:20 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspudec_plugin.dll
MOD - [2011/01/30 15:27:20 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\librawvideo_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,081,408 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,053,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,047,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll
MOD - [2011/01/30 15:27:18 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll
MOD - [2011/01/30 15:27:14 | 000,047,104 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2011/01/30 15:27:14 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflacsys_plugin.dll
MOD - [2011/01/30 15:27:14 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libes_plugin.dll
MOD - [2011/01/30 15:27:14 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MOD - [2011/01/30 15:27:10 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_http_plugin.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/09/23 12:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\agrsmnt.sys -- (agrsm)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 87 E7 EC 3E CA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 16:25:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]

[2011/10/24 11:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions
[2012/01/21 15:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions
[2011/12/16 15:58:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011/10/11 18:24:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml
[2012/01/21 16:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/10/06 09:17:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/01/21 16:25:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/22 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:26:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 06:43:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MARK\My Documents\My Webs
[2012/01/24 17:03:36 | 000,000,000 | --SD | C] -- C:\123136641
[2012/01/24 16:47:04 | 000,000,000 | --SD | C] -- C:\123
[2012/01/22 16:00:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/21 16:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/21 16:25:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/21 15:59:28 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Desktop\JavaRa
[2012/01/21 15:53:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/21 15:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/21 15:35:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/20 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\dvdcss
[2012/01/20 06:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\SUPERAntiSpyware.com
[2012/01/20 06:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/20 04:47:48 | 014,161,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 03:41:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/16 12:34:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 07:39:52 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:04:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 09:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 09:33:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 17:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2012/01/10 23:42:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/06 07:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/01/06 07:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/01/06 07:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/01/05 07:05:57 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/01/02 23:24:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/02 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent-7.5(1).exe

========== Files - Modified Within 30 Days ==========

[2012/01/29 11:01:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MARK\cd
[2012/01/29 04:11:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/27 20:38:47 | 000,000,114 | ---- | M] () -- C:\WINDOWS\E
[2012/01/27 17:43:34 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 17:42:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/26 14:42:44 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/26 14:41:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 07:00:27 | 000,002,922 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI
[2012/01/24 16:51:01 | 000,023,204 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 16:49:23 | 000,015,713 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/22 23:33:09 | 115,272,552 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/22 08:43:39 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 17:03:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
[2012/01/21 16:17:52 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 16:06:05 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/20 05:52:58 | 014,161,512 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/17 04:37:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/16 12:46:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 12:20:38 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:28:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 10:06:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | M] () -- C:\ZB20120112110939001.xml
[2012/01/11 11:51:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/05 18:26:07 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:19 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2012/01/04 03:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/03 11:44:51 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Microsoft Word.lnk
[2012/01/03 01:58:00 | 000,502,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/03 01:58:00 | 000,086,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/03 01:11:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/02 19:43:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/01/29 10:59:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MARK\cd
[2012/01/24 16:41:43 | 000,015,713 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/24 16:41:18 | 000,023,204 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 07:13:42 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 16:04:35 | 115,272,552 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 08:43:30 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/17 04:29:39 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/15 10:06:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | C] () -- C:\ZB20120112110939001.xml
[2012/01/05 18:26:07 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:18 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2011/12/23 10:48:51 | 000,057,168 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2011/12/23 10:48:51 | 000,040,616 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2011/11/27 13:49:55 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/27 08:58:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 18:30:10 | 000,002,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/11/01 08:30:42 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/29 04:09:02 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2011/10/29 04:09:02 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/10/28 16:03:22 | 000,002,922 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/10/28 16:02:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/10/28 16:02:16 | 000,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/10/28 16:02:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2011/10/28 16:02:12 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2011/10/28 16:02:12 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011/10/28 15:28:11 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2011/10/28 15:28:11 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2011/10/27 06:09:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/10/27 06:08:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/27 06:08:58 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/23 04:43:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/23 04:43:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/23 04:43:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/23 04:43:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/23 04:43:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 21:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/10 14:27:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/10/04 08:08:07 | 000,069,456 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2011/10/04 08:08:07 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2011/10/04 08:08:06 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2011/10/04 08:08:06 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2011/09/28 11:11:41 | 000,060,368 | R--- | C] () -- C:\WINDOWS\ptdll16.dll
[2011/09/28 11:11:41 | 000,000,456 | R--- | C] () -- C:\WINDOWS\pthsp.dat
[2011/09/20 03:55:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/19 22:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/19 09:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 09:23:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 04:08:49 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/09/19 04:08:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2011/09/19 04:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/19 04:04:08 | 000,385,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/10 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,502,366 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,086,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 20:05:46 | 000,031,136 | ---- | C] () -- C:\WINDOWS\ptsnoop.exe

========== Custom Scans ==========

< MD5 for: NORMALIZ(3)(2).DLL >
[2009/01/07 18:20:36 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=10753A3ADC3E39A3B10CC3F08E98E6B4 -- C:\WINDOWS\system32\normaliz(3)(2).dll

< MD5 for: NORMALIZ.DLL >
[2009/01/07 18:20:36 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=10753A3ADC3E39A3B10CC3F08E98E6B4 -- C:\WINDOWS\system32\normaliz.dll

< MD5 for: OLE32(3).DLL >
[2010/07/16 06:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation) MD5=7A6A7900B5E322763430BA6FD9A31224 -- C:\WINDOWS\system32\ole32(3).dll

< MD5 for: OLE32.DLL >
[2004/08/10 06:00:00 | 001,281,536 | ---- | M] (Microsoft Corporation) MD5=4FE9D9FA62D020E35E0AC6D1AEEB96F0 -- C:\WINDOWS\$NtServicePackUninstall$\ole32.dll
[2011/11/01 10:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) MD5=6BAD1BED9872E62049E487FB91AE2F3A -- C:\WINDOWS\ERDNT\cache\ole32.dll
[2011/11/01 10:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) MD5=6BAD1BED9872E62049E487FB91AE2F3A -- C:\WINDOWS\system32\dllcache\ole32.dll
[2011/11/01 10:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) MD5=6BAD1BED9872E62049E487FB91AE2F3A -- C:\WINDOWS\system32\ole32.dll
[2010/07/16 06:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation) MD5=7A6A7900B5E322763430BA6FD9A31224 -- C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll
[2011/11/01 10:05:38 | 001,289,216 | ---- | M] (Microsoft Corporation) MD5=7D9DDE1AB4B00DDB173F5A16E9206517 -- C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[2010/07/16 06:04:26 | 001,289,216 | ---- | M] (Microsoft Corporation) MD5=8D51FB47062F2A1A9EFECCEF338A4C46 -- C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll
[2008/04/14 04:42:04 | 001,287,168 | ---- | M] (Microsoft Corporation) MD5=ECCE74BC6168375016450A86A164D976 -- C:\WINDOWS\$NtUninstallKB979687$\ole32.dll
[2008/04/14 04:42:04 | 001,287,168 | ---- | M] (Microsoft Corporation) MD5=ECCE74BC6168375016450A86A164D976 -- C:\WINDOWS\ServicePackFiles\i386\ole32.dll
[2008/04/13 18:12:02 | 001,287,168 | ---- | M] (Microsoft Corporation) MD5=ECCE74BC6168375016450A86A164D976 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ole32.dll

< MD5 for: URL(3).DLL >
[2011/08/17 15:32:17 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=937B43B8B74C09CC8E3A9AB78B643EBC -- C:\WINDOWS\system32\url(3).dll

< MD5 for: URL(4)(2).DLL >
[2011/10/31 17:43:21 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=6FA703896398327EEB6A4B0548456FE6 -- C:\WINDOWS\system32\url(4)(2).dll

< MD5 for: URL.DLL >
[2011/10/31 17:38:00 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=1D49C0C1D9B0AD7D21C0CA37E5BA64A9 -- C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\url.dll
[2007/08/13 17:44:30 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=245BC72B30F68BCF296B39C8BA1FD114 -- C:\WINDOWS\ie7updates\KB2586448-IE7\url.dll
[2011/06/23 12:36:30 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=33A766DD54C49C9E68B42F4D6391C080 -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\url.dll
[2008/04/14 04:42:10 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=510A6A4A66080B78190D8F0A53F9304B -- C:\WINDOWS\$NtUninstallKB2559049$\url.dll
[2008/04/14 04:42:10 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=510A6A4A66080B78190D8F0A53F9304B -- C:\WINDOWS\ServicePackFiles\i386\url.dll
[2008/04/13 18:12:08 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=510A6A4A66080B78190D8F0A53F9304B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\url.dll
[2011/08/17 15:30:10 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=68628290AFEB25CA5650B1EC00622A8A -- C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\url.dll
[2004/08/10 06:00:00 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=695FD15CC3ADCFEFF1DF454ABAC4249A -- C:\WINDOWS\$NtServicePackUninstall$\url.dll
[2011/10/31 17:43:21 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=6FA703896398327EEB6A4B0548456FE6 -- C:\WINDOWS\ie8\url.dll
[2011/11/04 13:19:40 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7C6824A5CBFE77B48DC191A022E3944A -- C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll
[2011/11/04 13:19:40 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7C6824A5CBFE77B48DC191A022E3944A -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\url.dll
[2011/08/22 17:47:42 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=8D21C567972B48D095864A703A7E06C5 -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
[2009/03/08 04:34:28 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=91617515AA185259694A1C4882080B99 -- C:\WINDOWS\ie8updates\KB2618444-IE8\url.dll
[2011/08/17 15:32:17 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=937B43B8B74C09CC8E3A9AB78B643EBC -- C:\WINDOWS\ie7updates\KB2618444-IE7\url.dll
[2011/06/21 12:18:34 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=BCAD18219D2A0EE0551B05AD2444AF05 -- C:\WINDOWS\ie7\url.dll
[2011/11/04 13:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=C69CA7B29773558095177D3B12434D1A -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\url.dll
[2011/11/04 13:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=C69CA7B29773558095177D3B12434D1A -- C:\WINDOWS\system32\dllcache\url.dll
[2011/11/04 13:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=C69CA7B29773558095177D3B12434D1A -- C:\WINDOWS\system32\url.dll
[2011/06/23 12:33:49 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=DA532C49D6661C150864E93158F5BD0E -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
[2011/06/23 12:33:49 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=DA532C49D6661C150864E93158F5BD0E -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\url.dll
[2011/06/21 12:17:06 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=EF88722727C8FF06BB327874EA041A85 -- C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\url.dll

< MD5 for: URLMON(3).DLL >
[2011/08/17 15:32:17 | 001,168,896 | ---- | M] (Microsoft Corporation) MD5=DA01583E2FE34E2F670167506FA5F1D3 -- C:\WINDOWS\system32\urlmon(3).dll

< MD5 for: URLMON(5)(2).DLL >
[2011/10/31 17:43:21 | 001,168,896 | ---- | M] (Microsoft Corporation) MD5=059BF56F31C691F1398B0F799B6ECCBB -- C:\WINDOWS\system32\urlmon(5)(2).dll

< MD5 for: URLMON.DLL >
[2009/03/08 04:34:56 | 001,206,784 | ---- | M] (Microsoft Corporation) MD5=05642AE6A7BDAA7541A7451F5A4C6512 -- C:\WINDOWS\ie8updates\KB982381-IE8\urlmon.dll
[2011/10/31 17:43:21 | 001,168,896 | ---- | M] (Microsoft Corporation) MD5=059BF56F31C691F1398B0F799B6ECCBB -- C:\WINDOWS\ie8\urlmon.dll
[2011/08/17 15:30:10 | 001,172,992 | ---- | M] (Microsoft Corporation) MD5=07736203407810F304BFA97128345BFC -- C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\urlmon.dll
[2004/08/10 06:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=19D0EAB2740080925F812FF36A2D6378 -- C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll
[2010/05/06 04:36:27 | 001,209,856 | ---- | M] (Microsoft Corporation) MD5=28A11881A04B8EEA7BBE1882651066C1 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
[2010/05/06 04:36:27 | 001,209,856 | ---- | M] (Microsoft Corporation) MD5=28A11881A04B8EEA7BBE1882651066C1 -- C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\urlmon.dll
[2010/04/16 10:09:08 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=456BB0B6A15FF96A2D8F760FEA3ACDFF -- C:\WINDOWS\$NtUninstallKB2559049$\urlmon.dll
[2011/11/04 13:20:51 | 001,212,416 | ---- | M] (Microsoft Corporation) MD5=496CE99BBBB7680323921DF30B405C36 -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\urlmon.dll
[2011/11/04 13:20:51 | 001,212,416 | ---- | M] (Microsoft Corporation) MD5=496CE99BBBB7680323921DF30B405C36 -- C:\WINDOWS\system32\dllcache\urlmon.dll
[2011/11/04 13:20:51 | 001,212,416 | ---- | M] (Microsoft Corporation) MD5=496CE99BBBB7680323921DF30B405C36 -- C:\WINDOWS\system32\urlmon.dll
[2010/04/16 10:01:00 | 000,628,736 | ---- | M] (Microsoft Corporation) MD5=4C2D1AF805E474BADB0221F17947D5AE -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\urlmon.dll
[2011/10/31 17:38:00 | 001,172,992 | ---- | M] (Microsoft Corporation) MD5=4E52458D88E2E3C75DFF7482468CD7A3 -- C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\urlmon.dll
[2011/06/23 12:36:30 | 001,212,416 | ---- | M] (Microsoft Corporation) MD5=58D950B59DD4A69A40F928A40ED1A667 -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\urlmon.dll
[2007/08/13 17:54:10 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5F0510D33E1B173F9803EC5C287F7CDA -- C:\WINDOWS\ie7updates\KB2586448-IE7\urlmon.dll
[2011/06/23 12:33:49 | 001,214,464 | ---- | M] (Microsoft Corporation) MD5=88CD5F15A63F359327682413D6C21C49 -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
[2011/06/23 12:33:49 | 001,214,464 | ---- | M] (Microsoft Corporation) MD5=88CD5F15A63F359327682413D6C21C49 -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\urlmon.dll
[1996/08/24 10:11:10 | 000,182,752 | ---- | M] (Microsoft Corporation) MD5=971F8746D874C3B8BC4F5F5DC6667917 -- C:\Program Files\PhotoDeluxe HE 3.1\URLMON.DLL
[2011/06/21 12:18:34 | 000,633,344 | ---- | M] (Microsoft Corporation) MD5=A809CAEADA7C35E4C04DB5BF23782AA4 -- C:\WINDOWS\ie7\urlmon.dll
[2011/11/04 13:19:40 | 001,214,464 | ---- | M] (Microsoft Corporation) MD5=AFB5B05B658C51E32EE0FD642D97C190 -- C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll
[2011/11/04 13:19:40 | 001,214,464 | ---- | M] (Microsoft Corporation) MD5=AFB5B05B658C51E32EE0FD642D97C190 -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\urlmon.dll
[2011/08/22 17:47:42 | 001,214,464 | ---- | M] (Microsoft Corporation) MD5=C959E26CF5AB9C0E68ED3A70386BDBD6 -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
[2011/08/17 15:32:17 | 001,168,896 | ---- | M] (Microsoft Corporation) MD5=DA01583E2FE34E2F670167506FA5F1D3 -- C:\WINDOWS\ie7updates\KB2618444-IE7\urlmon.dll
[2008/04/14 04:42:10 | 000,619,520 | ---- | M] (Microsoft Corporation) MD5=DD639FAE9C80EBB3B9E632202A9DEB54 -- C:\WINDOWS\$NtUninstallKB982381$\urlmon.dll
[2008/04/14 04:42:10 | 000,619,520 | ---- | M] (Microsoft Corporation) MD5=DD639FAE9C80EBB3B9E632202A9DEB54 -- C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
[2008/04/13 18:12:08 | 000,619,520 | ---- | M] (Microsoft Corporation) MD5=DD639FAE9C80EBB3B9E632202A9DEB54 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\urlmon.dll
[2010/05/06 04:41:52 | 001,209,344 | ---- | M] (Microsoft Corporation) MD5=E3AB3442249C4861C9D591F95330731F -- C:\WINDOWS\ie8updates\KB2618444-IE8\urlmon.dll
[2010/05/06 04:41:52 | 001,209,344 | ---- | M] (Microsoft Corporation) MD5=E3AB3442249C4861C9D591F95330731F -- C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\urlmon.dll
[2011/06/21 12:17:06 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=F91F39F2983BAC1B3A12630D4D34A847 -- C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\urlmon.dll

< MD5 for: WININET(5)(2).DLL >
[2011/10/31 17:43:21 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=5762E2F5C7B081F4251F92A5DF99FCCC -- C:\WINDOWS\system32\wininet(5)(2).dll

< MD5 for: WININET.DLL >
[2011/06/21 12:18:34 | 000,667,136 | ---- | M] (Microsoft Corporation) MD5=10D0068A5F17490B1DA6DFC6FB11EFF8 -- C:\WINDOWS\ie7\wininet.dll
[2011/08/22 17:47:42 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=19630AEBBFAEB06984CAB91848270AAF -- C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[2010/05/06 04:41:53 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=2D9C7B010409372C34F725DA5CCED083 -- C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll
[2010/05/06 04:41:53 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=2D9C7B010409372C34F725DA5CCED083 -- C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[2011/08/17 15:32:17 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=3688E2BBE543CC753809E462C3553188 -- C:\WINDOWS\ie7updates\KB2618444-IE7\wininet.dll
[2011/10/31 17:38:00 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4A23B5E3B92F5C54D3A04EA86FF9DC00 -- C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll
[2011/11/04 13:19:40 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=4E4716CAF514717814D07113AD0425B6 -- C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[2011/11/04 13:19:40 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=4E4716CAF514717814D07113AD0425B6 -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll
[2011/06/23 12:33:49 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=509CF67AE762A38E23A5455A0053853C -- C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[2011/06/23 12:33:49 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=509CF67AE762A38E23A5455A0053853C -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3QFE\wininet.dll
[2011/11/04 13:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=552263502EA8C24D301A0C43FF90B3ED -- C:\WINDOWS\ERDNT\cache\wininet.dll
[2011/11/04 13:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=552263502EA8C24D301A0C43FF90B3ED -- C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll
[2011/11/04 13:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=552263502EA8C24D301A0C43FF90B3ED -- C:\WINDOWS\system32\dllcache\wininet.dll
[2011/11/04 13:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=552263502EA8C24D301A0C43FF90B3ED -- C:\WINDOWS\system32\wininet.dll
[2011/10/31 17:43:21 | 000,832,512 | ---- | M] (Microsoft Corporation) MD5=5762E2F5C7B081F4251F92A5DF99FCCC -- C:\WINDOWS\ie8\wininet.dll
[2009/03/08 04:34:58 | 000,914,944 | ---- | M] (Microsoft Corporation) MD5=6CE32F7778061CCC5814D5E0F282D369 -- C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
[2011/08/17 15:30:10 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=6E388A1A8AA9EF62E6252530549940C1 -- C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll
[2008/04/14 04:42:10 | 000,666,112 | ---- | M] (Microsoft Corporation) MD5=7A4F775ABB2F1C97DEF3E73AFA2FAEDD -- C:\WINDOWS\$NtUninstallKB982381$\wininet.dll
[2008/04/14 04:42:10 | 000,666,112 | ---- | M] (Microsoft Corporation) MD5=7A4F775ABB2F1C97DEF3E73AFA2FAEDD -- C:\WINDOWS\ServicePackFiles\i386\wininet.dll
[2008/04/13 18:12:08 | 000,666,112 | ---- | M] (Microsoft Corporation) MD5=7A4F775ABB2F1C97DEF3E73AFA2FAEDD -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[2007/08/13 17:54:10 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=A4A0FC92358F39538A6494C42EF99FE9 -- C:\WINDOWS\ie7updates\KB2586448-IE7\wininet.dll
[2011/06/23 12:36:30 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=AF4EDDC6C0446FCE5681B5DED52B8F0E -- C:\WINDOWS\SoftwareDistribution\Download\7f651918941cb2f8c10af68c0500468a\SP3GDR\wininet.dll
[2010/04/16 10:09:09 | 000,667,136 | ---- | M] (Microsoft Corporation) MD5=B43B18FB0EB577856883E5A0708AB9EF -- C:\WINDOWS\$NtUninstallKB2559049$\wininet.dll
[2004/08/10 06:00:00 | 000,656,384 | ---- | M] (Microsoft Corporation) MD5=C0823FC5469663BA63E7DB88F9919D70 -- C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
[2010/05/06 04:36:27 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=C1490F68B44AF8B781F52F12F564625D -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[2010/05/06 04:36:27 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=C1490F68B44AF8B781F52F12F564625D -- C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[2010/04/16 10:01:00 | 000,668,672 | ---- | M] (Microsoft Corporation) MD5=C3052A99A24F462B418632A05328BB38 -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\wininet.dll
[2011/06/21 12:17:06 | 000,668,672 | ---- | M] (Microsoft Corporation) MD5=CE82C101C2DA9ADD36E325CC9844C9BC -- C:\WINDOWS\$hf_mig$\KB2559049\SP3QFE\wininet.dll

< End of report >
Only got one report will run again to double check!


----------



## eddie5659 (Mar 19, 2001)

No need, it tells me what I want to know in the one log, and that they're all okay 

So, lets just run the following, and then we're nearly there 

Download * Dr.Web CureIt* to the desktop. 

Doubleclick the *drweb-cureit.exe* file, then on *Start* and allow to run the express scan 
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan. 
Once the short scan has finished, chose the *Complete Scan*. 
Select all drives. A red dot shows which drives have been chosen. 
Click the green arrow







at the right, and the scan will start. 
Click *'Yes to all'* if it asks if you want to cure/move the file. 
When the scan has finished, look and see if you can click the following icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the *%userprofile%\DoctorWeb\quarantaine-folder* if it can't be cured. (this in case if we need samples) 
After selecting, in the *Dr.Web CureIt* menu on top, click file and choose save report list 
Save the report to your desktop. The report will be called *DrWeb.csv* 
*Close Dr.Web Cureit*. 
*Reboot your computer* to allow files that were in use to be moved/deleted during reboot. 
After reboot, post the contents of the log from *Dr.Web* you saved previously in your next reply. 
*NOTE*: _ During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on *X* in upper right corner._

-----------

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## Phoenix Rising (Mar 9, 2009)

I like Dr web CureIt I hope it down loads! ( it's downloading now). That's kind of how this all started. I was trying to down load a copy of Dr. D and it would said it wasn't a win 32 application ( I'm paraphrasing here). So I hope it work's this time when I have results I will post them.


----------



## eddie5659 (Mar 19, 2001)

Did you get it from the same place as I posted, or somewhere different?


----------



## Phoenix Rising (Mar 9, 2009)

With that link you sent it doesn't show a site, it goes straight to a save file box that pops up. But I did go to Dr Webs site direct, several times.
The files were either incomplete. corrupt or not a win 32 application or some such. That was with several types Java, some others of the like. Maybe something to with being or not a secure site, beats me..
I always use the owners site, more chance of picking up cooties going through a middle man I think. 
It's still down loading at only 64% I've got to head out in about 15 minutes so It will be this evening before I can run Dr web and get back to you.


----------



## Phoenix Rising (Mar 9, 2009)

Dr web came up no threars found.
Here is OTL log:

OTL logfile created on: 1/31/2012 12:16:09 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 755.68 Mb Available Physical Memory | 74.52% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 19.62 Gb Free Space | 52.68% Space Free | Partition Type: NTFS

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/14 06:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/21 20:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 20:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/23 04:15:57 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/07/14 06:21:22 | 001,712,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2011/07/14 06:21:22 | 001,137,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2011/07/14 06:21:22 | 001,108,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,368,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,325,120 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,078,848 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2011/07/14 06:21:22 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011/07/14 06:21:20 | 011,496,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2011/07/14 06:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2011/07/14 06:21:20 | 001,013,248 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,130,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2011/07/14 06:21:20 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,237,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,128,000 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2011/07/14 06:21:18 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011/07/14 06:21:16 | 001,776,128 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,338,432 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,135,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,052,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,048,640 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,046,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,039,936 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011/07/14 06:21:16 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,652,800 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,309,760 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,258,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,231,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,178,176 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,061,440 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,039,424 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,031,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
MOD - [2011/07/14 06:21:14 | 000,031,232 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2011/07/14 06:21:12 | 008,248,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,088,064 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,072,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,057,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,033,280 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2011/07/14 06:21:12 | 000,032,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011/07/14 06:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2011/07/14 06:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2011/07/14 06:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2011/07/14 06:21:10 | 000,090,112 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,065,536 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2011/07/14 06:21:10 | 000,030,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011/01/30 15:27:22 | 000,032,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2011/01/30 15:27:14 | 000,047,104 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/09/23 12:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\agrsmnt.sys -- (agrsm)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 87 E7 EC 3E CA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 16:25:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]

[2011/10/24 11:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions
[2012/01/21 15:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions
[2011/12/16 15:58:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011/10/11 18:24:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml
[2012/01/21 16:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/10/06 09:17:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/01/21 16:25:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/22 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:26:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 11:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\DoctorWeb
[2012/01/25 06:43:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MARK\My Documents\My Webs
[2012/01/24 17:03:36 | 000,000,000 | --SD | C] -- C:\123136641
[2012/01/24 16:47:04 | 000,000,000 | --SD | C] -- C:\123
[2012/01/22 16:00:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/21 16:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/21 16:25:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/21 15:59:28 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Desktop\JavaRa
[2012/01/21 15:53:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/21 15:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/21 15:35:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/20 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\dvdcss
[2012/01/20 06:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\SUPERAntiSpyware.com
[2012/01/20 06:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/20 04:47:48 | 014,161,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 03:41:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/16 12:34:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 07:39:52 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:04:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 09:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 09:33:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 17:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2012/01/10 23:42:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/06 07:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/01/06 07:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/01/06 07:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/01/05 07:05:57 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/01/02 23:24:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/02 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent-7.5(1).exe

========== Files - Modified Within 30 Days ==========

[2012/01/31 09:15:13 | 077,951,832 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe
[2012/01/31 06:59:14 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 06:30:13 | 000,002,922 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI
[2012/01/31 04:29:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/30 06:40:49 | 000,000,114 | ---- | M] () -- C:\WINDOWS\E
[2012/01/29 11:01:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MARK\cd
[2012/01/27 17:42:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/26 14:42:44 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/26 14:41:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 16:51:01 | 000,023,204 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 16:49:23 | 000,015,713 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/22 23:33:09 | 115,272,552 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/22 08:43:39 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 17:03:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
[2012/01/21 16:17:52 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 16:06:05 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/20 05:52:58 | 014,161,512 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/17 04:37:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/16 12:46:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 12:20:38 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:28:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 10:06:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | M] () -- C:\ZB20120112110939001.xml
[2012/01/11 11:51:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/05 18:26:07 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:19 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2012/01/04 03:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/03 11:44:51 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Microsoft Word.lnk
[2012/01/03 01:58:00 | 000,502,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/03 01:58:00 | 000,086,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/03 01:11:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/02 19:43:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/01/31 03:17:52 | 077,951,832 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe
[2012/01/29 10:59:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MARK\cd
[2012/01/24 16:41:43 | 000,015,713 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/24 16:41:18 | 000,023,204 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 07:13:42 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 16:04:35 | 115,272,552 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 08:43:30 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/17 04:29:39 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/15 10:06:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | C] () -- C:\ZB20120112110939001.xml
[2012/01/05 18:26:07 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:18 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2011/12/23 10:48:51 | 000,057,168 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2011/12/23 10:48:51 | 000,040,616 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2011/11/27 13:49:55 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/27 08:58:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 18:30:10 | 000,002,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/11/01 08:30:42 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/29 04:09:02 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2011/10/29 04:09:02 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/10/28 16:03:22 | 000,002,922 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/10/28 16:02:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/10/28 16:02:16 | 000,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/10/28 16:02:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2011/10/28 16:02:12 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2011/10/28 16:02:12 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011/10/28 15:28:11 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2011/10/28 15:28:11 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2011/10/27 06:09:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/10/27 06:08:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/27 06:08:58 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/23 04:43:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/23 04:43:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/23 04:43:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/23 04:43:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/23 04:43:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 21:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/10 14:27:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/10/04 08:08:07 | 000,069,456 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2011/10/04 08:08:07 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2011/10/04 08:08:06 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2011/10/04 08:08:06 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2011/09/28 11:11:41 | 000,060,368 | R--- | C] () -- C:\WINDOWS\ptdll16.dll
[2011/09/28 11:11:41 | 000,000,456 | R--- | C] () -- C:\WINDOWS\pthsp.dat
[2011/09/20 03:55:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/19 22:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/19 09:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 09:23:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 04:08:49 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/09/19 04:08:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2011/09/19 04:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/19 04:04:08 | 000,385,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/10 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,502,366 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,086,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 20:05:46 | 000,031,136 | ---- | C] () -- C:\WINDOWS\ptsnoop.exe

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Good to hear about DrWeb :up:

However, that's the wrong log. Its actually a very similar tool called OTS. Different log produced, just helps on the cleaning up 

----------

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## Phoenix Rising (Mar 9, 2009)

```
OTS logfile created on: 1/31/2012 4:21:25 PM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 19.62 Gb Free Space | 52.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARK-387473CC81
Current User Name: MARK
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\MARK\Desktop\OTS.exe -> [2012/01/31 16:18:43 | 000,646,144 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2011/11/20 22:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
vlc.exe -> C:\Program Files\VideoLAN\VLC\vlc.exe -> [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
msmpeng.exe -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation)
nmsaccessu.exe -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
hpqbam08.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe -> [2009/05/21 20:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.)
hpqste08.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe -> [2009/05/21 20:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.)
hpqgpc01.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe -> [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard)
agrsmsvc.exe -> C:\Program Files\LSI SoftModem\agrsmsvc.exe -> [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation)
msimn.exe -> C:\Program Files\Outlook Express\msimn.exe -> [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
npswf32.dll -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll -> [2012/01/02 19:43:53 | 008,527,008 | ---- | M] ()
mozjs.dll -> C:\Program Files\Mozilla Firefox\mozjs.dll -> [2011/11/20 22:04:51 | 001,989,592 | ---- | M] ()
gzlib.dll -> C:\Program Files\Google\Google Desktop Search\gzlib.dll -> [2011/09/23 04:15:57 | 000,034,816 | ---- | M] ()
libvorbis_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll -> [2011/07/14 06:21:22 | 001,712,128 | ---- | M] ()
libxml_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll -> [2011/07/14 06:21:22 | 001,137,664 | ---- | M] ()
libtaglib_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll -> [2011/07/14 06:21:22 | 001,108,992 | ---- | M] ()
libtheora_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll -> [2011/07/14 06:21:22 | 000,368,640 | ---- | M] ()
libswscale_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll -> [2011/07/14 06:21:22 | 000,325,120 | ---- | M] ()
libzip_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll -> [2011/07/14 06:21:22 | 000,078,848 | ---- | M] ()
libwaveout_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll -> [2011/07/14 06:21:22 | 000,046,592 | ---- | M] ()
libyuy2_i420_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll -> [2011/07/14 06:21:22 | 000,040,448 | ---- | M] ()
libvout_wrapper_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll -> [2011/07/14 06:21:22 | 000,038,912 | ---- | M] ()
libyuy2_i422_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll -> [2011/07/14 06:21:22 | 000,036,864 | ---- | M] ()
libyuvp_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll -> [2011/07/14 06:21:22 | 000,031,232 | ---- | M] ()
libugly_resampler_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll -> [2011/07/14 06:21:22 | 000,031,232 | ---- | M] ()
libqt4_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll -> [2011/07/14 06:21:20 | 011,496,448 | ---- | M] ()
libskins2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll -> [2011/07/14 06:21:20 | 002,169,856 | ---- | M] ()
libschroedinger_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll -> [2011/07/14 06:21:20 | 001,013,248 | ---- | M] ()
libspeex_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll -> [2011/07/14 06:21:20 | 000,130,048 | ---- | M] ()
libscaletempo_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll -> [2011/07/14 06:21:20 | 000,036,864 | ---- | M] ()
libstream_filter_rar_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll -> [2011/07/14 06:21:20 | 000,034,304 | ---- | M] ()
libsimple_channel_mixer_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll -> [2011/07/14 06:21:20 | 000,033,792 | ---- | M] ()
libscale_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll -> [2011/07/14 06:21:20 | 000,031,744 | ---- | M] ()
libstream_filter_record_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll -> [2011/07/14 06:21:20 | 000,031,232 | ---- | M] ()
libpng_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll -> [2011/07/14 06:21:18 | 000,237,568 | ---- | M] ()
libmp4_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll -> [2011/07/14 06:21:18 | 000,194,048 | ---- | M] ()
libmpgatofixed32_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll -> [2011/07/14 06:21:18 | 000,128,000 | ---- | M] ()
libplaylist_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll -> [2011/07/14 06:21:18 | 000,108,032 | ---- | M] ()
libmono_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll -> [2011/07/14 06:21:18 | 000,038,912 | ---- | M] ()
libmpeg_audio_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll -> [2011/07/14 06:21:18 | 000,037,888 | ---- | M] ()
liblibass_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll -> [2011/07/14 06:21:16 | 001,776,128 | ---- | M] ()
liblua_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll -> [2011/07/14 06:21:16 | 000,338,432 | ---- | M] ()
libi420_rgb_sse2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll -> [2011/07/14 06:21:16 | 000,135,680 | ---- | M] ()
libi420_rgb_mmx_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll -> [2011/07/14 06:21:16 | 000,073,728 | ---- | M] ()
libi420_rgb_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll -> [2011/07/14 06:21:16 | 000,052,224 | ---- | M] ()
libi420_yuy2_sse2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll -> [2011/07/14 06:21:16 | 000,048,640 | ---- | M] ()
libhotkeys_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll -> [2011/07/14 06:21:16 | 000,046,592 | ---- | M] ()
libi422_yuy2_sse2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll -> [2011/07/14 06:21:16 | 000,046,080 | ---- | M] ()
libi420_yuy2_mmx_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll -> [2011/07/14 06:21:16 | 000,039,936 | ---- | M] ()
libi420_yuy2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll -> [2011/07/14 06:21:16 | 000,038,400 | ---- | M] ()
libi422_yuy2_mmx_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll -> [2011/07/14 06:21:16 | 000,037,888 | ---- | M] ()
libi422_yuy2_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll -> [2011/07/14 06:21:16 | 000,036,352 | ---- | M] ()
liblpcm_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll -> [2011/07/14 06:21:16 | 000,035,840 | ---- | M] ()
libmemcpymmxext_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll -> [2011/07/14 06:21:16 | 000,033,792 | ---- | M] ()
libglobalhotkeys_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll -> [2011/07/14 06:21:16 | 000,033,792 | ---- | M] ()
libi422_i420_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll -> [2011/07/14 06:21:16 | 000,032,768 | ---- | M] ()
libgrey_yuv_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll -> [2011/07/14 06:21:16 | 000,032,768 | ---- | M] ()
libfreetype_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll -> [2011/07/14 06:21:14 | 000,652,800 | ---- | M] ()
libfaad_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll -> [2011/07/14 06:21:14 | 000,309,760 | ---- | M] ()
libflac_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll -> [2011/07/14 06:21:14 | 000,265,216 | ---- | M] ()
libfluidsynth_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll -> [2011/07/14 06:21:14 | 000,258,048 | ---- | M] ()
libdvdnav_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll -> [2011/07/14 06:21:14 | 000,231,424 | ---- | M] ()
libdshow_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll -> [2011/07/14 06:21:14 | 000,210,944 | ---- | M] ()
libdtstofloat32_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll -> [2011/07/14 06:21:14 | 000,178,176 | ---- | M] ()
libdirectx_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll -> [2011/07/14 06:21:14 | 000,067,072 | ---- | M] ()
libdirect3d_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll -> [2011/07/14 06:21:14 | 000,061,440 | ---- | M] ()
libfilesystem_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll -> [2011/07/14 06:21:14 | 000,039,424 | ---- | M] ()
libdts_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll -> [2011/07/14 06:21:14 | 000,039,424 | ---- | M] ()
libfake_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll -> [2011/07/14 06:21:14 | 000,037,376 | ---- | M] ()
libdtstospdif_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll -> [2011/07/14 06:21:14 | 000,032,256 | ---- | M] ()
libdolby_surround_decoder_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll -> [2011/07/14 06:21:14 | 000,032,256 | ---- | M] ()
libfloat32_mixer_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll -> [2011/07/14 06:21:14 | 000,031,744 | ---- | M] ()
libfolder_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll -> [2011/07/14 06:21:14 | 000,031,232 | ---- | M] ()
libdrawable_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll -> [2011/07/14 06:21:14 | 000,031,232 | ---- | M] ()
libavcodec_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll -> [2011/07/14 06:21:12 | 008,248,320 | ---- | M] ()
libavi_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll -> [2011/07/14 06:21:12 | 000,088,064 | ---- | M] ()
libasf_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll -> [2011/07/14 06:21:12 | 000,072,192 | ---- | M] ()
libblend_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll -> [2011/07/14 06:21:12 | 000,057,856 | ---- | M] ()
libaout_directx_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll -> [2011/07/14 06:21:12 | 000,046,592 | ---- | M] ()
libaraw_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll -> [2011/07/14 06:21:12 | 000,045,568 | ---- | M] ()
libaudio_format_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll -> [2011/07/14 06:21:12 | 000,041,472 | ---- | M] ()
libcdg_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll -> [2011/07/14 06:21:12 | 000,034,304 | ---- | M] ()
libaes3_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll -> [2011/07/14 06:21:12 | 000,033,280 | ---- | M] ()
libconverter_fixed_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll -> [2011/07/14 06:21:12 | 000,032,768 | ---- | M] ()
libvlccore.dll -> C:\Program Files\VideoLAN\VLC\libvlccore.dll -> [2011/07/14 06:21:10 | 002,263,552 | ---- | M] ()
vlc.exe -> C:\Program Files\VideoLAN\VLC\vlc.exe -> [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
libvlc.dll -> C:\Program Files\VideoLAN\VLC\libvlc.dll -> [2011/07/14 06:21:10 | 000,101,376 | ---- | M] ()
libaccess_bd_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll -> [2011/07/14 06:21:10 | 000,090,112 | ---- | M] ()
liba52tofloat32_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll -> [2011/07/14 06:21:10 | 000,065,536 | ---- | M] ()
liba52_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll -> [2011/07/14 06:21:10 | 000,036,352 | ---- | M] ()
liba52tospdif_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll -> [2011/07/14 06:21:10 | 000,030,720 | ---- | M] ()
libtrivial_channel_mixer_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll -> [2011/01/30 15:27:22 | 000,032,256 | ---- | M] ()
libbandlimited_resampler_plugin.dll -> C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll -> [2011/01/30 15:27:14 | 000,047,104 | ---- | M] ()
nmsaccessu.exe -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/14 04:42:00 | 000,014,336 | ---- | M] ()
dxmasf.dll -> C:\WINDOWS\system32\dxmasf.dll -> [2008/04/14 04:41:54 | 000,498,742 | ---- | M] ()
 
[Win32 Services - Safe List]
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation)
(NMSAccess) NMSAccess [Auto | Running] -> C:\Program Files\CDBurnerXP\NMSAccessU.exe -> [2010/03/04 22:38:00 | 000,071,096 | ---- | M] ()
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -> [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -> [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Disabled | Stopped] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -> [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Program Files\LSI SoftModem\agrsmsvc.exe -> [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation)
(Pctspk) PCTEL Speaker Phone [Disabled | Stopped] -> C:\WINDOWS\system32\pctspk.exe -> [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.)
 
[Driver Services - Safe List]
(DwProt) DrWeb Protection [File_System | Unknown | Running] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(StarOpen) StarOpen [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2009/11/12 13:48:56 | 000,005,504 | ---- | M] ()
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2005/09/23 12:26:40 | 001,094,751 | ---- | M] (Agere Systems)
(agrsm) Agere Modem Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\agrsmnt.sys -> [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems)
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\vpctcom.sys -> [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.)
(Vvoice) XP Vvoice [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\vvoice.sys -> [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.)
(Vmodem) XP Vmodem [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\vmodem.sys -> [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.)
(Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ptserlp.sys -> [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.)
(ATMhelpr) ATMhelpr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\ATMHELPR.SYS -> [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 22 87 E7 EC 3E CA CC 01  [binary data] -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search/?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\MARK\Application Data\Mozilla\FireFox\Profiles\ekm4ebjz.default\prefs.js -> 
network.proxy.type -> 0 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\MARK\Application Data\Mozilla\FireFox\Profiles\ekm4ebjz.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/01/21 16:25:47 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions -> [2011/10/24 11:06:30 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions -> [2012/01/21 15:41:13 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2) -> [2011/12/16 15:58:53 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 SearchResults.xml -> C:\Documents and Settings\MARK\Application Data\Mozilla\FireFox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml -> [2011/10/11 18:24:11 | 000,002,520 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2012/01/21 16:25:48 | 000,000,000 | ---D | M]
No name found   -> C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B} -> [2011/11/07 15:12:21 | 000,000,000 | ---D | M]
No name found   -> C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f} -> [2011/11/07 15:12:21 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -> [2011/10/06 09:17:47 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} -> [2012/01/21 16:25:49 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2011/11/07 15:12:21 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/01/22 11:48:10 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009/05/21 20:54:18 | 000,328,248 | ---- | M] (Hewlett-Packard Co.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2011/11/10 08:01:32 | 000,325,408 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009/05/21 20:54:18 | 000,509,496 | ---- | M] (Hewlett-Packard Co.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< MARK Startup Folder > -> C:\Documents and Settings\MARK\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/05/21 20:54:18 | 000,509,496 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316584026390 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> 
{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} [HKLM] -> http://xserv.dell.com/DellDriverScanner/DellSystem.CAB [DellSystem.Scanner] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab [Java Plug-in 1.6.0_30] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 11:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 18:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 18:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 05:22:32 | 000,016,896 | ---- | M] ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 05:22:36 | 001,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 21:16:32 | 000,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 21:16:32 | 000,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 17:57:00 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 05:22:30 | 000,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" ->  [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 20:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 21:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 19:09:24 | 001,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 19:09:24 | 001,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 20:54:18 | 000,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 17:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" ->  [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" ->  [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" ->  [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2009/05/21 18:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\FrostWire 5\FrostWire.exe" -> C:\Program Files\FrostWire 5\FrostWire.exe [C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire] -> [2011/11/19 09:36:52 | 000,466,944 | ---- | M] (FrostWire Group)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2009/05/14 05:22:32 | 000,016,896 | ---- | M] ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2009/05/14 05:22:36 | 001,762,816 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2009/05/21 21:16:32 | 000,626,488 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2009/05/21 21:16:32 | 000,768,312 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 17:57:00 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2009/05/14 05:22:30 | 000,277,504 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2009/05/21 20:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2009/05/21 21:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> [2009/05/21 19:09:24 | 001,131,832 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> [2009/05/21 19:09:24 | 001,049,400 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> [2009/05/21 20:54:18 | 000,024,632 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe] -> [2008/06/10 17:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\VideoLAN\VLC\vlc.exe" -> C:\Program Files\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player] -> [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" ->  [C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2011/09/19 09:26:31 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\MARK\Desktop\OTS.exe -> [2012/01/31 16:16:20 | 000,646,144 | ---- | C] (OldTimer Tools)
 DoctorWeb -> C:\Documents and Settings\MARK\DoctorWeb -> [2012/01/31 11:41:54 | 000,000,000 | ---D | C]
 My Webs -> C:\Documents and Settings\MARK\My Documents\My Webs -> [2012/01/25 06:43:02 | 000,000,000 | --SD | C]
 123136641 -> C:\123136641 -> [2012/01/24 17:03:36 | 000,000,000 | --SD | C]
 123 -> C:\123 -> [2012/01/24 16:47:04 | 000,000,000 | --SD | C]
 RECYCLER -> C:\RECYCLER -> [2012/01/22 16:00:57 | 000,000,000 | -HSD | C]
 Prefetch -> C:\WINDOWS\Prefetch -> [2012/01/21 16:58:32 | 000,000,000 | ---D | C]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2012/01/21 16:25:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.)
 JavaSetup6u30.exe -> C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe -> [2012/01/21 15:59:28 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.)
 JavaRa -> C:\Documents and Settings\MARK\Desktop\JavaRa -> [2012/01/21 15:57:49 | 000,000,000 | ---D | C]
 123.exe -> C:\Documents and Settings\MARK\Desktop\123.exe -> [2012/01/21 15:53:11 | 004,388,509 | R--- | C] (Swearware)
 SUPERAntiSpyware -> C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware -> [2012/01/21 15:43:22 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2012/01/21 15:43:13 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2012/01/21 15:35:25 | 000,000,000 | ---D | C]
 dvdcss -> C:\Documents and Settings\MARK\Application Data\dvdcss -> [2012/01/20 13:36:59 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\MARK\Application Data\SUPERAntiSpyware.com -> [2012/01/20 06:52:00 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2012/01/20 06:51:07 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.exe -> C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe -> [2012/01/20 04:47:48 | 014,161,512 | ---- | C] (SUPERAntiSpyware.com)
 OTL.exe -> C:\Documents and Settings\MARK\Desktop\OTL.exe -> [2012/01/18 03:41:15 | 000,584,192 | ---- | C] (OldTimer Tools)
 HijackThis.exe -> C:\Documents and Settings\MARK\Desktop\HijackThis.exe -> [2012/01/16 12:34:35 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 SysInfo.exe -> C:\Documents and Settings\MARK\Desktop\SysInfo.exe -> [2012/01/16 07:39:52 | 000,509,440 | ---- | C] (Tech Support Guy System)
 dds.com -> C:\Documents and Settings\MARK\Desktop\dds.com -> [2012/01/16 07:04:05 | 000,607,260 | R--- | C] (Swearware)
 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/01/15 09:33:58 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2012/01/15 09:33:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation)
 ltmoh -> C:\Program Files\ltmoh -> [2012/01/11 17:44:19 | 000,000,000 | ---D | C]
 PIF -> C:\WINDOWS\PIF -> [2012/01/10 23:42:45 | 000,000,000 | -H-D | C]
 CatRoot_bak -> C:\WINDOWS\System32\CatRoot_bak -> [2012/01/06 07:41:58 | 000,000,000 | ---D | C]
 URTTEMP -> C:\WINDOWS\System32\URTTEMP -> [2012/01/06 07:37:46 | 000,000,000 | ---D | C]
 Downloaded Installations -> C:\WINDOWS\Downloaded Installations -> [2012/01/06 07:36:19 | 000,000,000 | ---D | C]
 igfxres.dll -> C:\WINDOWS\System32\igfxres.dll -> [2012/01/05 07:05:57 | 000,139,264 | ---- | C] (Intel Corporation)
 ie8 -> C:\WINDOWS\ie8 -> [2012/01/02 23:24:07 | 000,000,000 | -H-D | C]
 LSI SoftModem -> C:\Program Files\LSI SoftModem -> [2012/01/02 17:25:50 | 000,000,000 | ---D | C]
 BitTorrent-7.5(1).exe -> C:\Program Files\BitTorrent-7.5(1).exe -> [2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.)
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\MARK\Desktop\OTS.exe -> [2012/01/31 16:18:43 | 000,646,144 | ---- | M] (OldTimer Tools)
 boot.ini -> C:\boot.ini -> [2012/01/31 12:24:13 | 000,000,327 | RHS- | M] ()
 drweb-cureit.exe -> C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe -> [2012/01/31 09:15:13 | 077,951,832 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/01/31 06:59:14 | 000,017,408 | ---- | M] ()
 ACROREAD.INI -> C:\WINDOWS\ACROREAD.INI -> [2012/01/31 06:30:13 | 000,002,922 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2012/01/31 04:29:39 | 000,000,424 | -H-- | M] ()
 E -> C:\WINDOWS\E -> [2012/01/30 06:40:49 | 000,000,114 | ---- | M] ()
 cd -> C:\Documents and Settings\MARK\cd -> [2012/01/29 11:01:50 | 000,000,000 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/01/26 14:42:44 | 000,013,696 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/01/26 14:41:26 | 000,002,048 | --S- | M] ()
 aswMBR.exe -> C:\Documents and Settings\MARK\Desktop\aswMBR.exe -> [2012/01/24 16:51:01 | 000,023,204 | ---- | M] ()
 tdsskiller.exe -> C:\Documents and Settings\MARK\Desktop\tdsskiller.exe -> [2012/01/24 16:49:23 | 000,015,713 | ---- | M] ()
 setup_11.0.0.1245.x01_2012_01_22_20_43.exe -> C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe -> [2012/01/22 23:33:09 | 115,272,552 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/01/22 11:48:10 | 000,000,027 | ---- | M] ()
 SystemLook.exe -> C:\Documents and Settings\MARK\Desktop\SystemLook.exe -> [2012/01/22 08:43:39 | 000,139,264 | ---- | M] ()
 User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job -> [2012/01/21 17:03:43 | 000,000,420 | -H-- | M] ()
 123.exe -> C:\Documents and Settings\MARK\Desktop\123.exe -> [2012/01/21 16:17:52 | 004,388,509 | R--- | M] (Swearware)
 JavaSetup6u30.exe -> C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe -> [2012/01/21 16:06:05 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.)
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/01/21 15:43:22 | 000,001,678 | ---- | M] ()
 SUPERAntiSpyware.exe -> C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe -> [2012/01/20 05:52:58 | 014,161,512 | ---- | M] (SUPERAntiSpyware.com)
 OTL.exe -> C:\Documents and Settings\MARK\Desktop\OTL.exe -> [2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools)
 gmer.zip -> C:\Documents and Settings\MARK\Desktop\gmer.zip -> [2012/01/17 04:37:13 | 000,294,216 | ---- | M] ()
 HijackThis.exe -> C:\Documents and Settings\MARK\Desktop\HijackThis.exe -> [2012/01/16 12:46:28 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 SysInfo.exe -> C:\Documents and Settings\MARK\Desktop\SysInfo.exe -> [2012/01/16 12:20:38 | 000,509,440 | ---- | M] (Tech Support Guy System)
 dds.com -> C:\Documents and Settings\MARK\Desktop\dds.com -> [2012/01/16 07:28:01 | 000,607,260 | R--- | M] (Swearware)
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/01/15 10:06:43 | 000,000,784 | ---- | M] ()
 ZB20120112110939001.xml -> C:\ZB20120112110939001.xml -> [2012/01/12 11:09:44 | 000,000,436 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/01/11 11:51:55 | 000,001,374 | ---- | M] ()
 Shortcut to Local Disk (C).lnk -> C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk -> [2012/01/05 18:26:07 | 000,000,293 | ---- | M] ()
 peoplepc.123.lnk -> C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk -> [2012/01/05 14:19:19 | 000,000,582 | ---- | M] ()
 MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2012/01/04 03:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation)
 Microsoft Word.lnk -> C:\Documents and Settings\MARK\Desktop\Microsoft Word.lnk -> [2012/01/03 11:44:51 | 000,002,483 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/01/03 01:58:00 | 000,502,366 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/01/03 01:58:00 | 000,086,832 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2012/01/03 01:11:48 | 000,000,815 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/01/02 19:43:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)
 
[Files - No Company Name]
 drweb-cureit.exe -> C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe -> [2012/01/31 03:17:52 | 077,951,832 | ---- | C] ()
 cd -> C:\Documents and Settings\MARK\cd -> [2012/01/29 10:59:12 | 000,000,000 | ---- | C] ()
 tdsskiller.exe -> C:\Documents and Settings\MARK\Desktop\tdsskiller.exe -> [2012/01/24 16:41:43 | 000,015,713 | ---- | C] ()
 aswMBR.exe -> C:\Documents and Settings\MARK\Desktop\aswMBR.exe -> [2012/01/24 16:41:18 | 000,023,204 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/01/24 07:13:42 | 000,017,408 | ---- | C] ()
 setup_11.0.0.1245.x01_2012_01_22_20_43.exe -> C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe -> [2012/01/22 16:04:35 | 115,272,552 | ---- | C] ()
 SystemLook.exe -> C:\Documents and Settings\MARK\Desktop\SystemLook.exe -> [2012/01/22 08:43:30 | 000,139,264 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/01/21 15:43:22 | 000,001,678 | ---- | C] ()
 gmer.zip -> C:\Documents and Settings\MARK\Desktop\gmer.zip -> [2012/01/17 04:29:39 | 000,294,216 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/01/15 10:06:43 | 000,000,784 | ---- | C] ()
 ZB20120112110939001.xml -> C:\ZB20120112110939001.xml -> [2012/01/12 11:09:44 | 000,000,436 | ---- | C] ()
 Shortcut to Local Disk (C).lnk -> C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk -> [2012/01/05 18:26:07 | 000,000,293 | ---- | C] ()
 peoplepc.123.lnk -> C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk -> [2012/01/05 14:19:18 | 000,000,582 | ---- | C] ()
 PPCOUNIN.exe -> C:\WINDOWS\System32\PPCOUNIN.exe -> [2011/12/23 10:48:51 | 000,057,168 | ---- | C] ()
 PPCClean.exe -> C:\WINDOWS\System32\PPCClean.exe -> [2011/12/23 10:48:51 | 000,040,616 | ---- | C] ()
 repository.xml -> C:\Documents and Settings\All Users\Application Data\repository.xml -> [2011/11/27 13:49:55 | 000,002,217 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/27 08:58:41 | 000,000,664 | ---- | C] ()
 mozver.dat -> C:\WINDOWS\mozver.dat -> [2011/11/07 18:30:10 | 000,002,309 | ---- | C] ()
 _delis32.ini -> C:\WINDOWS\_delis32.ini -> [2011/11/01 08:30:42 | 000,000,512 | ---- | C] ()
 hpoins40.dat.temp -> C:\WINDOWS\hpoins40.dat.temp -> [2011/10/29 04:09:02 | 000,192,311 | ---- | C] ()
 hpomdl40.dat.temp -> C:\WINDOWS\hpomdl40.dat.temp -> [2011/10/29 04:09:02 | 000,000,992 | ---- | C] ()
 ACROREAD.INI -> C:\WINDOWS\ACROREAD.INI -> [2011/10/28 16:03:22 | 000,002,922 | ---- | C] ()
 MSVCRT10.DLL -> C:\WINDOWS\System32\MSVCRT10.DLL -> [2011/10/28 16:02:16 | 000,210,944 | ---- | C] ()
 KPCMS.INI -> C:\WINDOWS\KPCMS.INI -> [2011/10/28 16:02:16 | 000,000,165 | ---- | C] ()
 ImgLibLead.dll -> C:\WINDOWS\System32\ImgLibLead.dll -> [2011/10/28 16:02:13 | 000,006,144 | ---- | C] ()
 Dc50ip32.dll -> C:\WINDOWS\System32\Dc50ip32.dll -> [2011/10/28 16:02:12 | 000,100,864 | ---- | C] ()
 Digita.sys -> C:\WINDOWS\System32\Digita.sys -> [2011/10/28 16:02:12 | 000,065,864 | ---- | C] ()
 hpoins40.dat -> C:\WINDOWS\hpoins40.dat -> [2011/10/28 15:28:11 | 000,192,311 | ---- | C] ()
 hpomdl40.dat -> C:\WINDOWS\hpomdl40.dat -> [2011/10/28 15:28:11 | 000,000,992 | ---- | C] ()
 VegaShEx.dll -> C:\WINDOWS\System32\VegaShEx.dll -> [2011/10/27 06:09:04 | 000,147,456 | ---- | C] ()
 Lffpx7.dll -> C:\WINDOWS\System32\Lffpx7.dll -> [2011/10/27 06:08:58 | 000,308,224 | ---- | C] ()
 Lfkodak.dll -> C:\WINDOWS\System32\Lfkodak.dll -> [2011/10/27 06:08:58 | 000,091,136 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/10/23 04:43:43 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/10/23 04:43:43 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2011/10/23 04:43:43 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2011/10/23 04:43:43 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2011/10/23 04:43:43 | 000,068,096 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2011/10/17 21:39:42 | 000,000,000 | ---- | C] ()
 OpPrintServer.INI -> C:\WINDOWS\OpPrintServer.INI -> [2011/10/10 14:27:47 | 000,000,000 | ---- | C] ()
 unPPC6000.exe -> C:\WINDOWS\System32\unPPC6000.exe -> [2011/10/04 08:08:07 | 000,069,456 | ---- | C] ()
 RegHero.exe -> C:\WINDOWS\System32\RegHero.exe -> [2011/10/04 08:08:07 | 000,034,136 | ---- | C] ()
 PPCInfo.exe -> C:\WINDOWS\System32\PPCInfo.exe -> [2011/10/04 08:08:06 | 000,255,312 | ---- | C] ()
 PopWait.exe -> C:\WINDOWS\System32\PopWait.exe -> [2011/10/04 08:08:06 | 000,029,008 | ---- | C] ()
 ptdll16.dll -> C:\WINDOWS\ptdll16.dll -> [2011/09/28 11:11:41 | 000,060,368 | R--- | C] ()
 pthsp.dat -> C:\WINDOWS\pthsp.dat -> [2011/09/28 11:11:41 | 000,000,456 | R--- | C] ()
 StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2011/09/20 03:55:21 | 000,005,504 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2011/09/19 22:33:31 | 000,000,376 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/09/19 09:28:57 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2011/09/19 09:23:31 | 000,021,640 | ---- | C] ()
 TrueSoft.dat -> C:\WINDOWS\System32\TrueSoft.dat -> [2011/09/19 04:08:49 | 000,001,536 | ---- | C] ()
 pthsp.dat -> C:\WINDOWS\System32\pthsp.dat -> [2011/09/19 04:08:46 | 000,000,456 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2011/09/19 04:07:18 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/09/19 04:04:08 | 000,385,824 | ---- | C] ()
 structuredqueryschematrivial.bin -> C:\WINDOWS\System32\structuredqueryschematrivial.bin -> [2008/05/26 21:59:42 | 000,018,904 | ---- | C] ()
 structuredqueryschema.bin -> C:\WINDOWS\System32\structuredqueryschema.bin -> [2008/05/26 21:59:40 | 000,106,605 | ---- | C] ()
 idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 10:51:02 | 000,020,698 | ---- | C] ()
 gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 10:48:48 | 000,030,628 | ---- | C] ()
 gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 10:48:28 | 000,031,698 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/10 06:00:00 | 013,107,200 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/10 06:00:00 | 000,673,088 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/10 06:00:00 | 000,502,366 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/10 06:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/10 06:00:00 | 000,218,003 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/10 06:00:00 | 000,086,832 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/10 06:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/10 06:00:00 | 000,028,626 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/10 06:00:00 | 000,004,569 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/10 06:00:00 | 000,004,461 | ---- | C] ()
 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/10 06:00:00 | 000,001,804 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/10 06:00:00 | 000,000,741 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 14:05:08 | 000,002,695 | ---- | C] ()
 ptsnoop.exe -> C:\WINDOWS\ptsnoop.exe -> [2002/03/13 20:05:46 | 000,031,136 | ---- | C] ()
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (DwProt) DrWeb Protection [File_System | Unknown | Running] -> 
[Registry - Safe List]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" -> [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe]
YN -> "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe]
YN -> "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" -> [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe]
YN -> "C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" -> [C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker]
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here


----------



## Phoenix Rising (Mar 9, 2009)

Here it is:

[Driver Services - Safe List]
Error: Unable to stop service DwProt!
Service\Driver key DwProt not found.
File not found.
[Registry - Safe List]
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Software Update\HPWUCli.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 01312012_170250


----------



## eddie5659 (Mar 19, 2001)

Excellent. How's the computer running now? Can your software update?

If so, we'll remove the tools we've used, but I'll wait until you reply 

eddie


----------



## Phoenix Rising (Mar 9, 2009)

Seems as If software is working ok! I have a few stray questions left possibly side effects from our journey. Here they are:

I was having trouble with my browser. My Internet Providers had me go to run> msconfig> and on the general tab uncheck load start up items. Normally it's not a place that I would go into and mess with. I know it could cause horrible results if you touch the wrong thing. But the point I'm making is it does make the browser work better. Unfortunately other are some things that would be convenient to have working at start up. I wonder what's in there that causes the browser to run slow or not well at all. 

Also when I use backspace it used to move pretty quickly, now when I use it moves slow one click at a time. I'm sure that something got reset through all this where do I go to reset that to a speed I like?
in my computer I have two areas in blue, I understand that means they're full. But it doesn't make sense, that drive is only at 53% it's got about half free. Also my wife's profile which has never been used, she doesn't care for computers much. It has less then 100 KB used on hers. Mine is not and if one should be it would be mine I use it almost exclusively. I have defraged, and clean disk, even went through my documents and thinned out any old or unnecessary stuff. I can send you a print screen off it but I don't know how to send it via tech guys.


----------



## Phoenix Rising (Mar 9, 2009)

the back and forward slow movement of the cursor seems to have righted itself, it seems to do that on and off! For now!


----------



## eddie5659 (Mar 19, 2001)

With regards to the startup stuff being disabled, was that how it was when you ran OTL here:

http://forums.techguy.org/8241486-post55.html

If so, you don't have any antivrus programs running, which is not a good thing. Can't believe an ISP suggested that.

Anyway, can you go back in and enable it, then post a fresh OTL log (only one will appear) so that I can see what can be disabled.

For the slowness, try this:

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean

---------

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------

I'll have a look at the harddrive bit after I've seen the OTL log


----------



## Phoenix Rising (Mar 9, 2009)

OTL LOG:
OTL logfile created on: 2/2/2012 5:00:42 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 567.76 Mb Available Physical Memory | 55.99% Memory free
2.38 Gb Paging File | 2.05 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 20.17 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
Drive H: | 14.41 Gb Total Space | 2.97 Gb Free Space | 20.62% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
PRC - [2011/11/20 22:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 19:43:53 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/20 22:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\agrsmnt.sys -- (agrsm)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 87 E7 EC 3E CA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 16:25:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]

[2011/10/24 11:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions
[2012/01/21 15:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions
[2011/12/16 15:58:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011/10/11 18:24:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml
[2012/01/21 16:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/10/06 09:17:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/01/21 16:25:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/22 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MARK\Start Menu\Programs\Startup\20111127.lnk = File not found
O4 - Startup: C:\Documents and Settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found
O4 - Startup: C:\Documents and Settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Documents and Settings\MARK\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.185 207.69.188.186
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:26:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 16:45:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\TFC.exe
[2012/01/31 17:02:50 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/01/31 16:16:20 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTS.exe
[2012/01/31 11:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\DoctorWeb
[2012/01/25 06:43:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MARK\My Documents\My Webs
[2012/01/24 17:03:36 | 000,000,000 | --SD | C] -- C:\123136641
[2012/01/24 16:47:04 | 000,000,000 | --SD | C] -- C:\123
[2012/01/22 16:00:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/21 16:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/21 16:25:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/21 16:25:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/01/21 15:59:28 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Desktop\JavaRa
[2012/01/21 15:53:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/21 15:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/21 15:35:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/20 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\dvdcss
[2012/01/20 06:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\SUPERAntiSpyware.com
[2012/01/20 06:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/20 04:47:48 | 014,161,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 03:41:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/16 12:34:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 07:39:52 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:04:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 09:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 09:33:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 17:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2012/01/10 23:42:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/06 07:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/01/06 07:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/01/06 07:36:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/01/05 07:05:57 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent-7.5(1).exe

========== Files - Modified Within 30 Days ==========

[2012/02/02 17:00:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/02 16:56:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/02 16:50:07 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 16:49:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/02 16:47:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\TFC.exe
[2012/01/31 16:18:43 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTS.exe
[2012/01/31 09:15:13 | 077,951,832 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe
[2012/01/31 06:59:14 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 06:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/31 06:30:13 | 000,002,922 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI
[2012/01/30 06:40:49 | 000,000,114 | ---- | M] () -- C:\WINDOWS\E
[2012/01/29 11:01:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MARK\cd
[2012/01/24 16:51:01 | 000,023,204 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 16:49:23 | 000,015,713 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/22 23:33:09 | 115,272,552 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/22 08:43:39 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 17:03:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
[2012/01/21 16:17:52 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\123.exe
[2012/01/21 16:06:05 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\MARK\Desktop\JavaSetup6u30.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/20 05:52:58 | 014,161,512 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\MARK\Desktop\SUPERAntiSpyware.exe
[2012/01/18 09:47:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/01/17 13:43:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/17 04:37:13 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/16 12:46:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MARK\Desktop\HijackThis.exe
[2012/01/16 12:20:38 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\MARK\Desktop\SysInfo.exe
[2012/01/16 07:28:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\MARK\Desktop\dds.com
[2012/01/15 10:06:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | M] () -- C:\ZB20120112110939001.xml
[2012/01/05 18:26:07 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:19 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2012/01/05 07:28:59 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\MARK\Start Menu\Programs\Startup\PandaUSBVaccine.lnk

========== Files Created - No Company Name ==========

[2012/02/02 17:00:35 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/02 17:00:35 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/02/02 17:00:35 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/02/02 17:00:35 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\MARK\Start Menu\Programs\Startup\20111127.lnk
[2012/02/02 17:00:35 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
[2012/02/02 17:00:35 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\MARK\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/02/02 17:00:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\MARK\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2012/01/31 03:17:52 | 077,951,832 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\drweb-cureit.exe
[2012/01/29 10:59:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MARK\cd
[2012/01/24 16:41:43 | 000,015,713 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\tdsskiller.exe
[2012/01/24 16:41:18 | 000,023,204 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\aswMBR.exe
[2012/01/24 07:13:42 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 16:04:35 | 115,272,552 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\setup_11.0.0.1245.x01_2012_01_22_20_43.exe
[2012/01/22 08:43:30 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\SystemLook.exe
[2012/01/21 15:43:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/17 04:29:39 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\gmer.zip
[2012/01/15 10:06:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 11:09:44 | 000,000,436 | ---- | C] () -- C:\ZB20120112110939001.xml
[2012/01/05 18:26:07 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\Shortcut to Local Disk (C).lnk
[2012/01/05 14:19:18 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\peoplepc.123.lnk
[2011/12/23 10:48:51 | 000,057,168 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2011/12/23 10:48:51 | 000,040,616 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2011/11/27 13:49:55 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/27 08:58:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 18:30:10 | 000,002,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/11/01 08:30:42 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/29 04:09:02 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2011/10/29 04:09:02 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/10/28 16:03:22 | 000,002,922 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/10/28 16:02:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/10/28 16:02:16 | 000,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/10/28 16:02:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2011/10/28 16:02:12 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2011/10/28 16:02:12 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011/10/28 15:28:11 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2011/10/28 15:28:11 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2011/10/27 06:09:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/10/27 06:08:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/27 06:08:58 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/23 04:43:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/23 04:43:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/23 04:43:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/23 04:43:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/23 04:43:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 21:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/10 14:27:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/10/04 08:08:07 | 000,069,456 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2011/10/04 08:08:07 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2011/10/04 08:08:06 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2011/10/04 08:08:06 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2011/09/28 11:11:41 | 000,060,368 | R--- | C] () -- C:\WINDOWS\ptdll16.dll
[2011/09/28 11:11:41 | 000,000,456 | R--- | C] () -- C:\WINDOWS\pthsp.dat
[2011/09/20 03:55:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/19 22:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/19 09:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 09:23:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 04:08:49 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/09/19 04:08:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2011/09/19 04:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/19 04:04:08 | 000,385,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/10 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,502,366 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,086,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 20:05:46 | 000,031,136 | ---- | C] () -- C:\WINDOWS\ptsnoop.exe

< End of report >

TFC LOG:
Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MARK
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 280925 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6941307 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 3268 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Twinkle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Twinkle(3)

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 60282 bytes
Process complete!

Total Files Cleaned = 7.00 mb


----------



## eddie5659 (Mar 19, 2001)

The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious.

Don't worry, you're not uninstalling these, just preventing them loading at startup

=========

HP Software Update - Related to Hewlett-Packard Software updates. If a shortcut doesn't exist, create your own and run it manually. Note: Located in \%Program Files%\Hewlett-Packard\HP Software Update. Not needed

MSC - Related to Microsoft Security Essentials. Real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Keep

Gadwin PrintScreen - Gadwin PrintScreen - utility to capture, print or save the current window. Not needed

InstallIQUpdater - Related to w3i.com Marketing software promoting the installation of additional software. Up to you

SUPERAntiSpyware - Uninstall, not needed

HP Digital Imaging Monitor - Related to Hewlett-Packard System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos from a camera, for example. Up to you

PandaUSBVaccine - Looks to be for this:

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

Up to you, but may be causing the slowness.

=========

Okay, for the one's that say Not Needed, do this:

Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are Not Needed, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK.

For the Up To You ones, that's exactly that. Its your choice if you need them. One way to do this, is after you've done the above with the Not Needed, is to go back to MSCONFIG, and untick one of them. Reboot, and see if all your 'normal' programs work okay. If, for instance your USB has a problem after unticking PandaUSBVaccine, then just go back in, retick it, and restart.


----------



## Phoenix Rising (Mar 9, 2009)

Ok that's all done I will have to slowly hunt down the others! Is that it besides removing the tools we've used to do all this work?


----------



## eddie5659 (Mar 19, 2001)

That's just your startup list. For the tools that we've used, we'll remove them, but I tend to wait until the user says its all okay, before we uninstall them 

If its all okay, I'll reply with the removal


----------



## Phoenix Rising (Mar 9, 2009)

I think were good, the only problem is the system config utility > load start up items. If it were up to me I'd leave it unchecked I just want to make sure who needs to be running so that they are. I can do a print screen and show you what's listed in there but can't figure out how to attach it! I will hunt down the one slowing down things it will take some trial and error to find it ...maybe with a little luck I 'll find it right off the bat and save me some searching.......sounds too easy probably not!


----------



## eddie5659 (Mar 19, 2001)

If you leave it all unticked, then you can't have any protection, as all antivirus programs need to be running at startup, to be better protected.

The list that I posted above is what you have running at startup, so I would start with those. Just do one at a time if you wish, restart and see how that goes with your normal programs that you use for a bit. If its still slow, untick the next and so on 

I'll reply in a min with the removal of tools


----------



## eddie5659 (Mar 19, 2001)

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
SystemLook 
aswMBR
TDSSKiller
drweb-cureit
*

==============================

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------------------------

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
*Install MVPS Hosts File* *From Here*
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can Find the Tutorial * *HERE*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are is a free one available for personal use:
*Online Armor Free*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## Phoenix Rising (Mar 9, 2009)

The otc wont run, it says it's not a win 32 application!


----------



## Phoenix Rising (Mar 9, 2009)

It worked the second time it's running now!


----------



## Phoenix Rising (Mar 9, 2009)

This here doesn't jive:


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
At this point the second line does not appear a box marked system properties pops up with no ay of carring out the rest of the instructions. So at this point the directions are no longer followable! Please advise what to do!

This stuff was already set correctly:


 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button.
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.


----------



## Phoenix Rising (Mar 9, 2009)

Having problems with this *Download and Install a HOSTS File *went there but can't find where to download the file. Here is a link to the page I'm viewing:http://winhelp2002.mvps.org/hosts.htm


----------



## Phoenix Rising (Mar 9, 2009)

All this stuff is still downloading. These below are better then Microsoft essentials that I'm using presently? I'm also sure that I shouldn't use more then one it will confuse things so which one do I keep and which of the three do I get rid of which has the best coverage? I just assumed the Microsoft would work good because it's made for their system and if nothing else they have a name to protect so it should be at least pretty good. Enlighten me on the others I know the names just haven't used them. Which one do you think is best and what to do with other two.


*AVG Anti-Virus*
*Avast Home Edition*


----------



## Phoenix Rising (Mar 9, 2009)

Sorry for so many questions but I'm not sure if this one I'm supposed to have running or maybe I clicked on the wrong thing while pages were opening they can be confusing. Anyway this wouldn't open here is a link to it: http://secunia.com/vulnerability_scanning/online/


----------



## Phoenix Rising (Mar 9, 2009)

still to be removed? SysInfo, Java, and Java Ra, Karparsky, and Hijack this log. Can I get rid of those too! Also need answers to past questions. Have downloaded and ran spyware blaster.


----------



## eddie5659 (Mar 19, 2001)

Sorry was working late last night, and been shopping most of the day. I'll reply to all this when I get home, as I'm round my friends at the moment, just checking my mail


----------



## Phoenix Rising (Mar 9, 2009)

Don't sweat it, I'm doing about the same stuff here. I have to run out to the shops too. Valentines day and all that. Just leave me the info and I will send you the results. We can do this pen pal style and knock this out pretty quickly.


----------



## eddie5659 (Mar 19, 2001)

Yep, same here for the weekend, only 2 days off work, so little time to get everything done, and reply here as well 



> The otc wont run, it says it's not a win 32 application!


Does this still come up for any other programs you try and run?



> Select Start > Control Panel then double-click on the System icon in the Control Panel.
> In the left-hand pane click on the System Protection option.


My mistake, this is for Windows 7, and you're on XP. See if this is better:

*Create Restore Point (Win XP)*

(Windows XP) 
1. Turn off System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
Check Turn off System Restore. 
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
UN-Check *Turn off System Restore*. 
Click Apply, and then click OK.

* Download and Install a HOSTS File *

I think I'll explain on a per version of Windows basis for the future, updating all my canned as I go thru the replies 

Updated now as follows:

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
*Install MVPS Hosts File* *From Here*

This download includes a simple batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP then copy the included updated HOSTS file to the proper location. For more information please see the readme.txt included in the download.

When you run the (mvps.bat) batch file XP users may see a prompt, simply click Run and continue. Once updated you should see another prompt that the task was completed. Some users may see a pop-up from certain Security programs about changes to the HOSTS file. Allow the change ... however if you see this pop-up at any other time ... investigate.

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can Find the Tutorial * *HERE*



> All this stuff is still downloading. These below are better then Microsoft essentials that I'm using presently? I'm also sure that I shouldn't use more then one it will confuse things so which one do I keep and which of the three do I get rid of which has the best coverage? I just assumed the Microsoft would work good because it's made for their system and if nothing else they have a name to protect so it should be at least pretty good. Enlighten me on the others I know the names just haven't used them. Which one do you think is best and what to do with other two.


I would still use MSE, as I'm now going to triple check on the post out reply I normally post, as its a generic one. As for the other two, I would suggest Avast, as AVG can be pretty conflicting with certain programs, espcially if you're a gamer like me. I actually use Avast free edition, very easy to disable when gaming and it doesn't use much memory.



> Sorry for so many questions but I'm not sure if this one I'm supposed to have running or maybe I clicked on the wrong thing while pages were opening they can be confusing. Anyway this wouldn't open here is a link to it: http://secunia.com/vulnerability_scanning/online/


It works for me, just checked. All it does is scan your system for know programs that are not patched uptodate, like Winamp etc.



> still to be removed? SysInfo, Java, and Java Ra, Karparsky, and Hijack this log. Can I get rid of those too! Also need answers to past questions. Have downloaded and ran spyware blaster.


Sysinfor, JavaRa and Hijackthis can be uninstalled. If you're talking about the actual logs produced by all, then yes they can go. Kaspersky should have self uninstalled, but if its still there, then remove it


----------



## Phoenix Rising (Mar 9, 2009)

*Install MVPS Hosts File* *From Here*
Went through all the steps for MVPS but not sure if it's right. What do I do with it when you open it there aren't a lot of options!

"I would still use MSE, as I'm now going to triple check on the post out reply I normally post, as its a generic one. As for the other two, I would suggest Avast, as AVG can be pretty"

So have two running at once isn't that kind of a no no?I thought they would mess each other up.


----------



## eddie5659 (Mar 19, 2001)

Sorry, my wording was a little wrong. I meant keep MSE, but if you did want to remove it and choose from the other two, Avast is my prefered one 

I'll look at the MVPS bit later today


----------



## Phoenix Rising (Mar 9, 2009)

So I have both which seems better MSE or avast? And then just disable the other one what.


----------



## Phoenix Rising (Mar 9, 2009)

So I like avast what do I do with the other one delete it .If I store it will be out date in a short time!


----------



## Phoenix Rising (Mar 9, 2009)

My avast says program awaiting registration please registrar Your protection will expire in 28 days You need to registrar the program to stay protected. I've tried doesn't seem to work but the program runs.


----------



## Phoenix Rising (Mar 9, 2009)

I was looking over some of avasts features. One called "Market" I clicked on and it said you must be connected to the internet to view this content. Sort of back where we started again. I'm not sure where we are at now.


----------



## Phoenix Rising (Mar 9, 2009)

I got a Firefox update it said I'm not connected to the internet also......when I most definitely am connected.


----------



## eddie5659 (Mar 19, 2001)

Avast is good, as it has other setting like a sandbox (which I disable straight away) but its useful for any strange programs you're not sure about. To disable it, open Avast, click on Additional Protection, Settings, and untick the box.

For MSE, you can leave it installed, just disable the realtime scanner. To do so:

•Open MSE and go to Settings > Real Time Protection.
•Then uncheck "Turn on real time protection". 
•Exit MSE when done.

Then, you can still update it when you want to run a scan, just to be doublesure.

For the register of Avast, it just wants an email and name, and that's all. You don't get an email saying it has the link to register the program.

I think its just so they can get some input from a person.

Avast Market is a new thing. I've just updated recently, and never looked at it before. Its only about extra protection, to pay for. Posting a screenie now:










--

Okay, give me a few mins to look over the thread, to see if I can see something extra.


----------



## eddie5659 (Mar 19, 2001)

Okay, had a look so lets see if these help 

First of all, which modem are you currently using?

Do you still have SystemLook installed? If not, get it as follows and run this scan:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:folderfind
*Copper HiSpeed
:regfind
*Copper HiSpeed
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

--------

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

List last 10 Event Viewer log
List Minidump Files.
Click *Go* and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

----------

Also, I wonder if its a corrupt file, so see if this helps:

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## Phoenix Rising (Mar 9, 2009)

Mini tool box log:
MiniToolBox by Farbar Version: 18-01-2012
Ran by MARK (administrator) on 13-02-2012 at 07:21:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/13/2012 02:16:12 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/11/2012 07:55:22 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/11/2012 01:43:09 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/09/2012 11:17:41 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.6866.0, faulting module olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error: (02/09/2012 11:17:30 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.6866.0, faulting module olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error: (02/09/2012 02:03:09 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/08/2012 02:02:42 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/07/2012 08:45:59 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/07/2012 08:40:56 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/07/2012 02:06:24 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

System errors:
=============
Error: (02/13/2012 02:16:10 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1812.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/12/2012 11:36:55 AM) (Source: Service Control Manager) (User: )
Description: The Agere Modem Driver service failed to start due to the following error: 
%%1118

Error: (02/12/2012 11:36:44 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/11/2012 10:23:02 PM) (Source: Service Control Manager) (User: )
Description: The Agere Modem Driver service failed to start due to the following error: 
%%1118

Error: (02/11/2012 10:22:55 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/11/2012 07:55:21 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1683.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/11/2012 01:43:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.119.1683.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/10/2012 07:50:12 AM) (Source: Service Control Manager) (User: )
Description: The Agere Modem Driver service failed to start due to the following error: 
%%1118

Error: (02/10/2012 07:49:57 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/09/2012 10:30:10 PM) (Source: Service Control Manager) (User: )
Description: The Agere Modem Driver service failed to start due to the following error: 
%%1118

Microsoft Office Sessions:
=========================
Error: (02/13/2012 02:16:12 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/11/2012 07:55:22 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80072efeendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/11/2012 01:43:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/09/2012 11:17:41 AM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.6866.0olconnector.dll2.0.2313.00000fd57

Error: (02/09/2012 11:17:30 AM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.6866.0olconnector.dll2.0.2313.00000fd57

Error: (02/09/2012 02:03:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/08/2012 02:02:42 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/07/2012 08:45:59 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/07/2012 08:40:56 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/07/2012 02:06:24 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

System look log:
SystemLook 30.07.11 by jpshortstuff
Log created at 07:20 on 13/02/2012 by MARK
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Copper HiSpeed"
No folders found.

========== regfind ==========

Searching for "*Copper HiSpeed"
No data found.

-= EOF =-
The avast let me register for one year then what happens, do I have to buy it or go back to MSE then? It seems I have friends that have used the free version for years how do they do that!

that host file thing apparently it downloaded do I need to run it or something or does it do it's own thing by itself?I followed the instructions Abox opened then a blue box opened and said it was updated press any other key and the box disapeared. Is that what should have happened?

the 
*sfc /scannow ran itself but didn't produce any log or anything like that. Is that correct procedure?*


----------



## eddie5659 (Mar 19, 2001)

The Avast is free always, I just keep re-registering yearly 

When you run the hosts file program, it does exatcly what you saw. To test to see if its been installed properly, open Windows Explorer and navigate to C:\Windows\System32\drivers\etc

In there, is the hosts file. You should have a HOSTS that is large, mine is 600kb. Then, there is one called HOSTS.MVP and another which is a SAM file.

Normally you would just have a 1kb file, but if you're curious what its blocking, and you're using XP so its easier than Win7, do this.

Right-click on the file, and select Open. From the list select Notepad, but make sure the *Always use the Selected Program is UNTICKED*

Then, open it and see the contents 

Also, it gives you details on certain one, for example in the UK we have a catchup webservice for a channel called Channel 4. If you search, it comes up with this:

127.0.0.1 realmedia.channel4.com #[affects channel4 video play]

That blocks the adverts, but also the playback. So, removing that entry lets the clip run 

--

SFC doesn't produce a log normally, but does the software update okay now?

Also, you have an Agere Modem that has problems starting. Is that one in use, as I've seen that this is disabled in Device Manager:

Broadcom NetXtreme 57xx Gigabit Controller


----------



## Phoenix Rising (Mar 9, 2009)

In there, is the hosts file. You should have a HOSTS that is large, mine is 600kb. Then, there is one called HOSTS.MVP and another which is a SAM file.

I have Host, hostmvp, Imhost ( scan file), networks, protocol, services listed under there.
When I open it it opens like a new download and asks me what do I want to use to open it with tried a couple none worked well. So obviously none of the rest fall in line either.

Also, you have an Agere Modem that has problems starting. Is that one in use, as I've seen that this is disabled in Device Manager:

That is the only modem installed and it hasn't been working up to par lately. It's supposed to alert me when an incoming call comes in and it's not. It would be nice to get it right again.
Not sure what this is or what to do with it:
Broadcom NetXtreme 57xx Gigabit Controller.

OK waiting for more instructions!

This does not show up:
Right-click on the file, and select Open. From the list select Notepad, but make sure the *Always use the Selected Program is UNTICKED*

Then, open it and see the contents


----------



## Phoenix Rising (Mar 9, 2009)

Is there a way I can send a screen shot? I want to show you what fire fox is doing I think it' a part of the not connected issue!


----------



## Phoenix Rising (Mar 9, 2009)

PS - also the browser is taking forever to open a page. It was working fine till we started removing programs an added that host file stuff. I don't know what's up but it's running almost as bad as it was in the beginning. Plus wont update programs . This all started a few days ago, other then your instructions I haven't done anything new since. I emptied Fire Foxes cache, went into run>cmd and flushed the DNS. Also tried running FF with add on's disabled in past add on's have caused issues like activating proxy settings...I checked it's all good in that department. Not sure what's happening but we were so close
also the netsh things: winsock catalog and reset txt log. ( this was well after all the problems i thought it would help it has before)! Very Very frustrating once again.


----------



## Phoenix Rising (Mar 9, 2009)

I have found by disabling all Firefox add ons it improves browsing capabilities by 90 % so something in there is a problem.I don't know what there aren't many selected but Ii don't know which one i need and which ones can be disabled. I only have 3 plug ins running two Java's, and shock-wave flash. No extensions are running at the present.
Here is FF Trouble shooting info:

* Application Basics *

Name Firefox Version 8.0.1 User Agent Mozilla/5.0 (Windows NT 5.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 Profile Directory Open Containing Folder Enabled Plugins aboutlugins Build Configuration about:buildconfig Crash Reports about:crashes * Extensions *

Name Version Enabled ID Add to Amazon Wish List [email protected] Smart Web [email protected]a Console6.0.27false{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Java Console6.0.30false{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} * Modified Preferences *

Name Value accessibility.typeaheadfind.flashBar0browser.places.smartBookmarksVersion2browser.startup.homepage_override.buildID20111120135848browser.startup.homepage_override.mstonerv:8.0.1extensions.lastAppVersion8.0.1general.useragent.extra.brc
gfx.blacklist.direct2d2gfx.blacklist.layers.direct3d102gfx.blacklist.layers.direct3d10-12gfx.direct2d.disabledtruelayers.acceleration.disabledtruenetwork.cookie.prefsMigratedtrueplaces.database.lastMaintenance1329403797places.history.expiration.transient_current_max_pages31899privacy.cpd.downloadsfalseprivacy.cpd.formdatafalseprivacy.cpd.historyfalseprivacy.cpd.sessionsfalseprivacy.donottrackheader.enabledtrueprivacy.sanitize.migrateFx3Prefstrueprivacy.sanitize.timeSpan0security.warn_viewing_mixedfalse * Graphics *

Adapter DescriptionIntel(R) 82945G Express Chipset FamilyVendor ID8086Device ID2772Adapter RAMUnknownAdapter Driversialmrnt5Driver Version6.14.10.4543Driver Date3-23-2006Vendor ID (GPU #2)8086Device ID (GPU #2)2776Adapter RAM (GPU #2)UnknownAdapter Drivers (GPU #2)UnknownDriver Version (GPU #2)6.14.10.4543Driver Date (GPU #2)3-23-2006WebGL RendererBlocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer.GPU Accelerated Windows0/1. Blocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer.


----------



## eddie5659 (Mar 19, 2001)

I'll have a look at this as soon as I get home tonight...in about 3hrs


----------



## Phoenix Rising (Mar 9, 2009)

That would be about 11:30 am here ( it's 8:39 am now), I figured about 12:00 my time was about your dinner time ( 6:00). Sounds good a lot to look over, as I find out or think of stuff I add it so I don't forget. I know it's a lot of little postings but thy could be significant.


----------



## eddie5659 (Mar 19, 2001)

Its okay, I prefer to have too much info than hardly anything, as something small and trivial may actually be the key 

Its 6pm here now, as I type, so here goes.

For the hosts, this is how I do it. Bear in mind this is Win 7, but the basics should be the same 

In the etc folder, rightick on the Hosts and select Open:










A box will appear:










Select Open, and then this list should appear:










Now, in case you don't have that option, you may have the 'search online for a program' box appear, select Browse or Choose from a list (can't remember which it is) but its not the online option.

Then, select Notepad, and you may get another one of these, and just select Open:










-----

For the Agere Modem, can you tell me the model and model number it is. Also, if you can tell me the driver number, that would be great. To do so, go to Control Panel | System | Device Manager. In there, locate the modem, right-click on it and select Properties, then Driver tab.

Also, whilst you're in the device manager, is there anything with a X or ! showing?

---

Broadcom NetXtreme 57xx Gigabit Controller is showing as disabled in Device Manager, but I wonder if its part of the motherboard, as your modem takes over, this is disabled.

--

For the screenshot, if you take it by pressing Prt Scr button, normally on the top right of the keyboard. Then, go to Paint, right-click and select Paste. Save as a jpg if possible, bmp is okay as well if the only option. Then, you can either upload to Photobucket, or just upload it here 

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to the screenshot.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










---

The hosts file update may cause a bit of slowness, but it shouldn't be noticible.

---

Is it just happening on Firefox? Does IE have the same problems? I'm going to grab someone that knows about Firefox to have a look at the latest replies, but he can't reply in here as only those with a shield can.

In the meantime, I'll wait for the other bits from you 

eddie


----------



## Phoenix Rising (Mar 9, 2009)

Ok refresh my memory how do I get to the etc file again it's been a few days and I forgot where that was.


----------



## Phoenix Rising (Mar 9, 2009)

Never mind I went back and found it let me run this stuff and get you some results.
Yeah I thought it would be better with more information it's tuff when you do it long distance sort Like Stevie wondering it!


----------



## Phoenix Rising (Mar 9, 2009)

Ok once again ( it's coming back to me now) it's wanting to know what program to use to open it!


----------



## Phoenix Rising (Mar 9, 2009)

control panel> system . device manager not there!


----------



## Phoenix Rising (Mar 9, 2009)

I'm looking at these instructions and you are assuming I know how to get to these spots. I've never used paint in 11 years haven't figured out how to control it so Ive ignored it. For Go advanced button never used it either didn't know what it was for. I will look into it. I 'm in Device manager now. The x or ! isn't listed that way in device manager. I don't know where I would find them listed. that way in device manager We're talking apples and oranges here it would be nice if we could do this over the phone but the long distance bill would eat my lunch.


----------



## Phoenix Rising (Mar 9, 2009)

I have the modem box handy would the info from that be helpful?


----------



## Phoenix Rising (Mar 9, 2009)

Here is a print screen of the data sheet off the modem I hope it worked:


----------



## Phoenix Rising (Mar 9, 2009)

Her are two screen shots of the Firefox issue:


----------



## Phoenix Rising (Mar 9, 2009)

Lets try again:


----------



## Phoenix Rising (Mar 9, 2009)

I don't know why they wont transfer maybe they're in a different format I will work on it!


----------



## eddie5659 (Mar 19, 2001)

Hi

Working today, at this time, joy!!!

I'll look at this at 3ish today, but the screenshot for the modem worked. To get to Pain, go to Start | Programs | Accessories, and it should be in there


----------



## eddie5659 (Mar 19, 2001)

Sorry for the latesness, internet problems at home. Not connection, but Sky telling BT I'm switching, and I haven't even spoken to Sky before.

Trying to sort that out on the phone drags you down, but will look at this tonight


----------



## eddie5659 (Mar 19, 2001)

Okay, back now. This is the problems I was having if you want a laugh:

http://forums.techguy.org/random-discussion/159019-eddies-soapbox-15.html

Anyhoo, here we go 

For the Firefox, I have a few questions after I asked someone:

What are the plugins? (We'll do that in a min)
Are there only 3 plug-ins installed?
When did trouble start?
After add-on was installed or upgrade?
After FF was upgraded.
What happens if FF is run in safe mode?

And does it happen with Internet Explorer?

So, I know that you said it was plugins, but looking in Firefox on mine, I only have Extensions. To get to them, I click on Tools | AddOns:










In there, can you tell me if its Extensions or Addons, and if so, which version of each.

The details here:

http://forums.techguy.org/8259801-post95.html

That you posted look to be Extensions:



> Name Version Enabled ID Add to Amazon Wish List [email protected] Smart Web [email protected]a Console6.0.27false{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}Java Console6.0.30false{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Modified Preferences


So, as mentioned above, if you can tell me which you have that would be great 

-

For the Device Manager, if you found it it should look something like this:










if you had a X or !, grabbing one off the web as mine are all okay:



















So, seeing them should be quite easy. If none are showing, then there are none 

--

For the modem, I can see which driver may be needed. However, when you're in Device Manager, can you do the following:

I'm doing the following off my network adapter but it should be the same principle for the modem:

Firstly, expand the + to show the modem:










In there will be the details of the modem.

Then, right-click and select Properties, followed by Driver tab:



















Now, I think your Properties isn't as full as mine with its 7 tabs 

In there, tell me the Driver provider, date and version.

--

Are you still having problems with the Firefox screenshots? Can you not do the same as you did for the modem details?

eddie


----------



## Phoenix Rising (Mar 9, 2009)

*Firefox troubleshooting info: *

*Application Basics *

Name Firefox Version 10.0.2 User Agent Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Profile Directory Open Containing Folder Enabled Plugins aboutlugins Build Configuration about:buildconfig Crash Reports about:crashes Memory Use about:memory * Extensions *

Name Version Enabled ID Add to Amazon Wish List [email protected] Smart Web [email protected] * Modified Preferences *

Name Value accessibility.typeaheadfind.flashBar0browser.places.smartBookmarksVersion2browser.startup.homepage_override.buildID20120215223356browser.startup.homepage_override.mstonerv:10.0.2extensions.lastAppVersion10.0.2general.useragent.extra.brc
gfx.blacklist.direct2d2gfx.blacklist.layers.direct3d102gfx.blacklist.layers.direct3d10-12gfx.blacklist.layers.direct3d92gfx.blacklist.layers.opengl2gfx.blacklist.suggested-driver-version6.14.10.4926gfx.blacklist.webgl.angle2gfx.blacklist.webgl.msaa2gfx.blacklist.webgl.opengl2gfx.direct2d.disabledtruelayers.acceleration.disabledtruenetwork.cookie.prefsMigratedtrueplaces.database.lastMaintenance1329856128places.history.expiration.transient_current_max_pages26584privacy.cpd.downloadsfalseprivacy.cpd.formdatafalseprivacy.cpd.historyfalseprivacy.cpd.sessionsfalseprivacy.donottrackheader.enabledtrueprivacy.sanitize.migrateFx3Prefstrueprivacy.sanitize.timeSpan0security.warn_viewing_mixedfalse * Graphics *

Adapter DescriptionIntel(R) 82945G Express Chipset FamilyVendor ID8086Device ID2772Adapter RAMUnknownAdapter Driversialmrnt5Driver Version6.14.10.4543Driver Date3-23-2006Vendor ID (GPU #2)8086Device ID (GPU #2)2776Adapter RAM (GPU #2)UnknownAdapter Drivers (GPU #2)UnknownDriver Version (GPU #2)6.14.10.4543Driver Date (GPU #2)3-23-2006WebGL RendererBlocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer. 
GPU Accelerated Windows


----------



## Phoenix Rising (Mar 9, 2009)

What are the plugins? (We'll do that in a min) see trouble shooting info. XP has extensions and plug ins
Are there only 3 plug-ins installed? Because so far I found i need those three to make stuff work right.
When did trouble start? not sure few months ago maybe.
After add-on was installed or upgrade?
After FF was upgraded. possible but again not sure but when I was running a very old version ( say 4. something) it was better.
What happens if FF is run in safe mode? i have done that before but don'rt know how to do that now. ( use to be listed under programs> Firefox not anymore).

And does it happen with Internet Explorer? Seems as if not so it's a firefox thing I guess since it's not common to both.


----------



## Phoenix Rising (Mar 9, 2009)

Under the driver tab it alkl says unknown except for digital signer. Below is the actual information and below thatis screen shot of a screen of add ons.
modem driver: Modem type: LSI PCI-SV92PP Soft Modem
PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&5855BE9&0&10F0
driver date: 8/13/2009
Provider:LSI
verion: 2.2.98.0
digital signer: Microsoft Windows Hardware Compatibility Publisher


----------



## Phoenix Rising (Mar 9, 2009)

Got this when I tried to attach some screen shoots so I don't know what to do here it's not like an email where you just send an attachment. Here is the message I get when I try:

Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.


----------



## Phoenix Rising (Mar 9, 2009)

* Application Basics *

Name Firefox Version 10.0.2 User Agent  Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Profile Directory Open Containing Folder Enabled Plugins aboutlugins Build Configuration about:buildconfig Crash Reports about:crashes Memory Use about:memory * Extensions *

Name Version Enabled ID Add to Amazon Wish List [email protected] Smart Web [email protected] * Modified Preferences *

Name Value accessibility.typeaheadfind.flashBar0browser.places.smartBookmarksVersion2browser.startup.homepage_override.buildID20120215223356browser.startup.homepage_override.mstonerv:10.0.2extensions.lastAppVersion10.0.2general.useragent.extra.brc
gfx.blacklist.direct2d2gfx.blacklist.layers.direct3d102gfx.blacklist.layers.direct3d10-12gfx.blacklist.layers.direct3d92gfx.blacklist.layers.opengl2gfx.blacklist.suggested-driver-version6.14.10.4926gfx.blacklist.webgl.angle2gfx.blacklist.webgl.msaa2gfx.blacklist.webgl.opengl2gfx.direct2d.disabledtruelayers.acceleration.disabledtruenetwork.cookie.prefsMigratedtrueplaces.database.lastMaintenance1329856128places.history.expiration.transient_current_max_pages26584privacy.cpd.downloadsfalseprivacy.cpd.formdatafalseprivacy.cpd.historyfalseprivacy.cpd.sessionsfalseprivacy.donottrackheader.enabledtrueprivacy.sanitize.migrateFx3Prefstrueprivacy.sanitize.timeSpan0security.warn_viewing_mixedfalse * Graphics *

Adapter DescriptionIntel(R) 82945G Express Chipset FamilyVendor ID8086Device ID2772Adapter RAMUnknownAdapter Driversialmrnt5Driver Version6.14.10.4543Driver Date3-23-2006Vendor ID (GPU #2)8086Device ID (GPU #2)2776Adapter RAM (GPU #2)UnknownAdapter Drivers (GPU #2)UnknownDriver Version (GPU #2)6.14.10.4543Driver Date (GPU #2)3-23-2006WebGL RendererBlocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer.GPU Accelerated Windows0/1. Blocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer.


----------



## Phoenix Rising (Mar 9, 2009)

*Shockwave Flash*

File: NPSWF32.dllVersion: 11.1.102.55 Shockwave Flash 11.1 r102 MIME Type Description Suffixes application/x-shockwave-flash Adobe Flash movie swf application/futuresplash FutureSplash movie spl *Java Deployment Toolkit 6.0.300.12*

File: npdeployJava1.dllVersion: 6.0.300.12 NPRuntime Script Plug-in Library for Java(TM) Deploy MIME Type Description Suffixes application/java-deployment-toolkit

*Java(TM) Platform SE 6 U30*

File: npjp2.dllVersion: 6.0.300.12 Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers MIME Type Description Suffixes application/x-java-applet Java Applet 
application/x-java-bean JavaBeans 
application/x-java-vm

application/x-java-applet;version=1.1.1

application/x-java-bean;version=1.1.1

application/x-java-applet;version=1.1

application/x-java-bean;version=1.1

application/x-java-applet;version=1.2

application/x-java-bean;version=1.2

application/x-java-applet;version=1.1.3

application/x-java-bean;version=1.1.3

application/x-java-applet;version=1.1.2

application/x-java-bean;version=1.1.2

application/x-java-applet;version=1.3

application/x-java-bean;version=1.3

application/x-java-applet;version=1.2.2

application/x-java-bean;version=1.2.2

application/x-java-applet;version=1.2.1

application/x-java-bean;version=1.2.1

application/x-java-applet;version=1.3.1

application/x-java-bean;version=1.3.1

application/x-java-applet;version=1.4

application/x-java-bean;version=1.4

application/x-java-applet;version=1.4.1

application/x-java-bean;version=1.4.1

application/x-java-applet;version=1.4.2

application/x-java-bean;version=1.4.2

application/x-java-applet;version=1.5

application/x-java-bean;version=1.5

application/x-java-applet;version=1.6

application/x-java-bean;version=1.6

application/x-java-applet;jpi-version=1.6.0_30

application/x-java-bean;jpi-version=1.6.0_30


----------



## Phoenix Rising (Mar 9, 2009)

It works much better when you do it right. I ws trying to enter them here where i'm typing instead of under attach files .....Duh!


----------



## Phoenix Rising (Mar 9, 2009)

Well and they didn't transfer either this sucks!


----------



## Phoenix Rising (Mar 9, 2009)

Hey Eddie you still out there, I hadn't heard from you in a while? I'm not rushing you but I'm looking forward to fixing this problem.


----------



## eddie5659 (Mar 19, 2001)

Sorry, been a bit tied up with trying to sort the internet out here and I was away all weekend.

I'm back now,a nd will be in full force from now on 

Let me just re-read some of the posts you posted, so I can get an overall picture....back in a few mins


----------



## eddie5659 (Mar 19, 2001)

Okay, gone back thru it all, so lets see if we can get this sorted 

====================



> PS - also the browser is taking forever to open a page. It was working fine till we started removing programs an added that host file stuff. I don't know what's up but it's running almost as bad as it was in the beginning. Plus wont update programs . This all started a few days ago, other then your instructions I haven't done anything new since. I emptied Fire Foxes cache, went into run>cmd and flushed the DNS. Also tried running FF with add on's disabled in past add on's have caused issues like activating proxy settings...I checked it's all good in that department. Not sure what's happening but we were so close


We can reset the Hosts file, so its just normal again, however I would suggest keeping SpywareBlaster as its memory usage is small. If you want to do that, using OTL run this code:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following



> :Files
> ipconfig /flushdns /c
> :Commands
> [purity]
> ...



Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------------

Also, you mentioned this a bit back. Is this still showing as full:



> in my computer I have two areas in blue, I understand that means they're full. But it doesn't make sense, that drive is only at 53% it's got about half free. Also my wife's profile which has never been used, she doesn't care for computers much. It has less then 100 KB used on hers. Mine is not and if one should be it would be mine I use it almost exclusively. I have defraged, and clean disk, even went through my documents and thinned out any old or unnecessary stuff. I can send you a print screen off it but I don't know how to send it via tech guys.


---------------
Can you see if this helps, as you still have those files with () and wonder if they need re-registering. This is mainly for IE, but curious if it will help.

Go to Start - Run (type each line below separately, then press OK)

regsvr32 normaliz.dll
regsvr32 ole32.dll
regsvr32 url.dll
regsvr32 urlmon.dll
regsvr32 wininet.dll
regsvr32 Shdocvw.dll
regsvr32 Oleaut32.dll
regsvr32 Urlmon.dll

Note: you should see a brief message after each entry.
Reboot and test IE - New Window, repost with your results.

------------

For the "not a win 32 application error's", is this just happening with tools off the web, or any programs?

------------



> also the netsh things: winsock catalog and reset txt log. ( this was well after all the problems i thought it would help it has before)! Very Very frustrating once again.


Are you talking about the OTL logs that are produced? Just a bit lost there 

------------


> Adapter DescriptionIntel(R) 82945G Express Chipset FamilyVendor ID8086Device ID2772Adapter RAMUnknownAdapter Driversialmrnt5Driver Version6.14.10.4543Driver Date3-23-2006Vendor ID (GPU #2)8086Device ID (GPU #2)2776Adapter RAM (GPU #2)UnknownAdapter Drivers (GPU #2)UnknownDriver Version (GPU #2)6.14.10.4543Driver Date (GPU #2)3-23-2006WebGL RendererBlocked for your graphics driver version. Try updating your graphics driver to version 6.14.10.4926 or newer.
> GPU Accelerated Windows


You say this is your graphics:

Intel(R) 82945G Express Chipset Family, 224 Mb

I'll have a look for an updated driver. If you go back to the device manager and under Display will be the graphics details. Same again with the driver tab, so I can see which version you have 

---

I'll check out the versions of Extensions that you have as well at the same time


----------



## Phoenix Rising (Mar 9, 2009)

I haven't heard from you in weeks, guess you just got tired of this so I will figure this out myself! thanks anyway.


----------



## eddie5659 (Mar 19, 2001)

I replied on the 26th, just above your reply, with some things to try out


----------



## Phoenix Rising (Mar 9, 2009)

Well I'm guessing that we are still working on this? I had gotten no notification that you posted an answer last I heard from you was the 22 of Feb that's a week +, and had no idea what was going on except I was swinging in the breeze and was in worse shape then when I started this thread. If you still want to do this I will post the results you asked for.

This is the results of otl:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MARK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\MARK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: MARK
->Temp folder emptied: 267388735 bytes
->Temporary Internet Files folder emptied: 46197465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75156657 bytes
->Flash cache emptied: 1255 bytes

User: NetworkService
->Temp folder emptied: 142044 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Twinkle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Twinkle(3)

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1556992 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1910521 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1495158 bytes

Total Files Cleaned = 376.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: MARK
->Java cache emptied: 0 bytes

User: NetworkService

User: Twinkle

User: Twinkle(3)

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: MARK
->Flash cache emptied: 0 bytes

User: NetworkService

User: Twinkle

User: Twinkle(3)

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_011009

Files\Folders moved on Reboot...

Graphics is listed as:
Intel(R) 82945G Express Chipset Family, 224 Mb

When you say driver tab the only one I see is disc drivers if that's the one you want it is:
WDC WD400BD-75MAO

For the "not a win 32 application error's", is this just happening with tools off the web, or any programs?
iT'S USUALLY WHEN i HAVE A SOFTWARE PROGRAM OR TOOLS OF THE WEB, A fresh download or an update on software ie java, anti virus etc. Also it will tell me that I'm not connected to the internet when I good and well I am.

Registry entries deleted on Reboot...

I have IE working good, You posted this out of context I have no ida what this is in reference to

"also the netsh things: winsock catalog and reset txt log. ( this was well after all the problems i thought it would help it has before)! Very Very frustrating once again." Are you talking about the OTL logs that are produced? 
No the run> cmd> clean up stuff ip config /flush dns, netsch winsock reset catalog, and netsch int ip reset resetlog.txt

in my computer I have two areas in blue let me clarify this! Under the "My Computer tab when you open it lists C drive and other things. Those listed are in blue and my wifes profile documents ( which have never been used she wont use computers that's why I can't understand how it could be full.

I will run the .dll items that will take a little longer.


----------



## Phoenix Rising (Mar 9, 2009)

Ok I got two kinds of results good or unsucessful. The unsucsessful got a reoly of this:
So and so was loaded but the dll register server entry point could not be registered" So here they are with either good or un after each one:

regsvr32 normaliz.dll unsuccessful
regsvr32 ole32.dll
regsvr32 url.dll unsuccessful
regsvr32 urlmon.dll good
regsvr32 wininet.dll unsuccessful
regsvr32 Shdocvw.dll good
regsvr32 Oleaut32.dll good
regsvr32 Urlmon.dll good


I think that answered all your questions let me know if I covered all of them.


----------



## Phoenix Rising (Mar 9, 2009)

regsvr32 ole32.dll good


----------



## Phoenix Rising (Mar 9, 2009)

I've noticed I'm not getting notices from tech guys when you post stuff seems they were going to the spam file ( I've been using web mail lately) I went in and corrected the settings think it should be ok I will know when you reply back. Sorry for original message but this really kind of s#@ks and the longer it stays around the more it does.


----------



## eddie5659 (Mar 19, 2001)

I understand your feeling on this, especially with the lack of emails not getting thru. I get that sometimes, and log in to find most of my threads with answers 

I'm going to see if some of the Trusted Advisors that specialise in other things can help on this, as it looks like it may not be malware related.

Back very soon


----------



## Phoenix Rising (Mar 9, 2009)

OTL Log:
OTL logfile created on: 3/2/2012 1:03:48 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 562.92 Mb Available Physical Memory | 55.51% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.25 Gb Free Space | 57.05% Space Free | Partition Type: NTFS
Drive F: | 7.32 Gb Total Space | 2.07 Gb Free Space | 28.22% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 00:59:30 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
PRC - [2012/02/16 08:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/06 22:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/01 16:52:04 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 08:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 04:15:57 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/05/21 21:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 21:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 21:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2012/03/01 23:51:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E57EBC1D-D928-4854-9A05-43663BA05A82}\MpKsl157ec2ee.sys -- (MpKsl157ec2ee)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/29 23:44:22 | 001,269,584 | R--- | M] (Agere Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\agrsmnt.sys -- (agrsm)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [1997/06/17 03:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 B5 2E CA FB F7 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/01 17:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/28 17:52:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 04:27:51 | 000,000,000 | ---D | M]

[2011/10/24 11:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Extensions
[2012/02/11 15:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions
[2011/12/16 15:58:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011/10/11 18:24:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Mozilla\Firefox\Profiles\ekm4ebjz.default\searchplugins\SearchResults.xml
[2012/03/01 17:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}
[2011/11/07 15:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/02/16 08:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 16:43:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012/02/16 04:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 04:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/11 22:41:10 | 000,610,008 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16254 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1316584026390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F878303-5EDB-4CD9-B20D-B3ED07963D40}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D417CFBF-17C2-4497-BE1F-7529CFFD300D}: NameServer = 207.69.188.167 207.69.188.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MARK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:26:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/12 11:09:04 | 000,000,163 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 00:53:31 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/03/01 23:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeerBlock
[2012/03/01 23:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/03/01 20:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/03/01 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/01 17:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/01 16:44:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/01 16:44:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/01 16:44:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/01 16:44:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/01 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/01 07:16:36 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MARK\My Documents\MicrosoftFixit.wu.Run.exe
[2012/02/27 12:51:46 | 000,000,000 | ---D | C] -- C:\KODAK
[2012/02/26 05:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Start Menu\Programs\FrostWire 5
[2012/02/21 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\My Documents\Coby Media Manager
[2012/02/21 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Application Data\Coby Media Manager
[2012/02/21 19:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\Start Menu\Programs\Coby Media Manager
[2012/02/21 19:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Coby
[2012/02/13 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/02/12 00:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DocucomRes6
[2012/02/12 00:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\My Documents\ScanSoft PDF Converter 3.0
[2012/02/12 00:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/02/12 00:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2012/02/10 06:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/10 06:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/09 11:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/09 11:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/09 03:25:29 | 000,000,000 | --SD | C] -- C:\123300171
[2012/02/03 06:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MARK\My Documents\Clip Art
[2011/10/24 17:20:38 | 005,960,560 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent-7.5(1).exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/02 00:59:30 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MARK\Desktop\OTL.exe
[2012/03/01 23:49:44 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\PeerBlock.lnk
[2012/03/01 23:33:26 | 000,131,171 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\avast_free_antivirus_setup.exe
[2012/03/01 22:34:42 | 000,002,412 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI
[2012/03/01 21:43:57 | 002,273,334 | ---- | M] () -- C:\Documents and Settings\MARK\My Documents\print screen image 2.bmp
[2012/03/01 21:39:56 | 002,273,334 | ---- | M] () -- C:\Documents and Settings\MARK\My Documents\Print screen image.bmp
[2012/03/01 20:33:28 | 001,857,488 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\install_easyshare.exe
[2012/03/01 19:24:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/01 19:19:42 | 000,012,624 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/01 19:19:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/01 17:39:12 | 000,499,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/01 17:39:12 | 000,085,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/01 17:36:14 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/01 17:36:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/01 17:05:41 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2012/03/01 16:54:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/01 16:52:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/01 16:43:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/01 16:43:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/01 16:43:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/01 16:43:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/01 16:43:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/01 16:41:01 | 000,012,624 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/03/01 16:28:43 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81969CA2-9E4D-44D0-807F-521568EC106E}.job
[2012/03/01 11:34:38 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 07:13:16 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\peoplepc123.lnk
[2012/02/28 17:35:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/28 08:34:55 | 000,043,299 | ---- | M] () -- C:\Documents and Settings\MARK\My Documents\rachel2.jpg
[2012/02/26 05:28:38 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.2.lnk
[2012/02/26 05:28:38 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\MARK\Desktop\FrostWire 5.3.2.lnk
[2012/02/17 03:06:33 | 000,385,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 03:02:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/11 22:41:10 | 000,610,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2012/02/11 22:41:10 | 000,610,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/02/11 03:28:40 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/02/10 06:21:24 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\MARK\My Documents\SpywareBlaster.lnk
[2012/02/09 11:39:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce751c0f1d746.job
[2012/02/08 08:59:56 | 000,000,114 | ---- | M] () -- C:\WINDOWS\E
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 23:49:44 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\PeerBlock.lnk
[2012/03/01 23:31:23 | 000,131,171 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\avast_free_antivirus_setup.exe
[2012/03/01 21:43:57 | 002,273,334 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\print screen image 2.bmp
[2012/03/01 21:39:56 | 002,273,334 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\Print screen image.bmp
[2012/03/01 20:15:46 | 001,857,488 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\install_easyshare.exe
[2012/03/01 17:36:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/01 17:36:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/01 17:36:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/01 07:16:43 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\SpywareBlaster.lnk
[2012/03/01 07:16:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\Malwarebytes Anti-Malware.lnk
[2012/02/29 07:13:16 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\peoplepc123.lnk
[2012/02/28 08:34:54 | 000,043,299 | ---- | C] () -- C:\Documents and Settings\MARK\My Documents\rachel2.jpg
[2012/02/26 05:28:38 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\MARK\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.2.lnk
[2012/02/26 05:28:38 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\MARK\Desktop\FrostWire 5.3.2.lnk
[2012/02/16 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/09 11:39:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce751c0f1d746.job
[2012/01/24 07:13:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\MARK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 10:48:51 | 000,057,168 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2011/12/23 10:48:51 | 000,040,616 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2011/11/27 13:49:55 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/27 08:58:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 18:30:10 | 000,002,309 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/11/01 08:30:42 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/10/29 04:09:02 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat.temp
[2011/10/29 04:09:02 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2011/10/28 16:03:22 | 000,002,412 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/10/28 16:02:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/10/28 16:02:16 | 000,000,165 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/10/28 16:02:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2011/10/28 16:02:12 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2011/10/28 16:02:12 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2011/10/28 15:28:11 | 000,192,311 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2011/10/28 15:28:11 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2011/10/27 06:09:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/10/27 06:08:58 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/27 06:08:58 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/17 21:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/10 14:27:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/10/04 08:08:07 | 000,069,456 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2011/10/04 08:08:07 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2011/10/04 08:08:06 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2011/10/04 08:08:06 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2011/09/28 11:11:41 | 000,060,368 | R--- | C] () -- C:\WINDOWS\ptdll16.dll
[2011/09/28 11:11:41 | 000,000,456 | R--- | C] () -- C:\WINDOWS\pthsp.dat
[2011/09/20 03:55:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/09/19 22:33:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/19 09:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 09:23:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/19 04:08:49 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/09/19 04:08:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2011/09/19 04:07:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/19 04:04:08 | 000,385,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [emptyjava] >

< [EMPTYFLASH] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Extrsa:
TL Extras logfile created on: 3/2/2012 1:03:48 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\MARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 562.92 Mb Available Physical Memory | 55.51% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.25 Gb Free Space | 57.05% Space Free | Partition Type: NTFS
Drive F: | 7.32 Gb Total Space | 2.07 Gb Free Space | 28.22% Space Free | Partition Type: FAT32

Computer Name: MARK-387473CC81 | User Name: MARK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management 
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*isabled:VLC media player -- ()
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2D2CAE5D-FFCF-4D97-B7D6-F1AB49A00EEA}" = Coby Media Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36BFC0A0-7F4E-11D4-950D-00609733D4AD}" = JamCam 3.0 Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"FrostWire 5" = FrostWire 5.3.2
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = HSP56 MicroModem Drivers
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PowerShell" = Windows PowerShell(TM) 1.0
"T-Shirt Creator 32" = T-Shirt Creator 32
"VLC media player" = VLC media player 1.1.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2012 9:08:25 AM | Computer Name = MARK-387473CC81 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error - 3/1/2012 9:08:35 AM | Computer Name = MARK-387473CC81 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error - 3/1/2012 9:08:48 AM | Computer Name = MARK-387473CC81 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error - 3/1/2012 9:08:58 AM | Computer Name = MARK-387473CC81 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error - 3/1/2012 9:09:10 AM | Computer Name = MARK-387473CC81 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
olconnector.dll, version 2.0.2313.0, fault address 0x0000fd57.

Error - 3/1/2012 12:32:25 PM | Computer Name = MARK-387473CC81 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 
download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 3/1/2012 6:31:28 PM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2012 6:31:29 PM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2012 9:21:12 PM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2012 3:02:35 AM | Computer Name = MARK-387473CC81 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.34.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/1/2012 6:20:08 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/1/2012 6:20:17 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 3/1/2012 6:38:53 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/1/2012 6:39:08 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 3/1/2012 6:57:47 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/1/2012 6:57:58 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 3/1/2012 9:17:18 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/1/2012 9:17:27 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

Error - 3/1/2012 9:19:29 PM | Computer Name = MARK-387473CC81 | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/1/2012 9:19:39 PM | Computer Name = MARK-387473CC81 | Source = Service Control Manager | ID = 7000
Description = The Agere Modem Driver service failed to start due to the following
error: %%1118

< End of report >


----------



## eddie5659 (Mar 19, 2001)

I see that you've posted here:

http://forums.techguy.org/web-email/1043482-firefox-wacked-out.html

Looks like throoper is helping you pretty well, and it looks like it may be related to the issues you're having overall.

It may be better to continue in that thread, and I'll subscribe, as I'd like to know the outcome. I'm not that 'up' on firefox, so extra info for me is a good thing 

He's had a look at this thread already, as he has access here (he's a trusted advisor) so he knows the overall problem 

eddie


----------

