[Pakqua]

Hi I recently logged onto my PC to find myself flooded with virus's. I use 3 anti-spyware/virus removers. Avira, Malwarebytes, and Ad-aware. And running all 3 one after another I was still unable to remove my problem. Avira pop's up those alerts. I get about 16 of them all at once and it massivly slows my PC. I quarentine them and tried to removed them with Avira with no luck. Any help would be greatly appreciated. Here is my OTL log.



OTL logfile created on: 11/17/2010 4:13:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Frosty\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 252.82 Gb Free Space | 77.58% Space Free | Partition Type: NTFS

Computer Name: GIMPY-UCW8YG8L9 | User Name: Frosty | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Frosty\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Frosty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Frosty\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\w6h4l.dll ()
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\opengl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\glu32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MyOwnSuperheroIEService) -- C:\Program Files\MyOwnSuperheroIE\bar\1.bin\cwbarsvc.exe (MyOwnSuperhero)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)


========== Driver Services (SafeList) ==========

DRV - (wddwov) -- C:\WINDOWS\System32\drivers\negwdfep.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Frosty\LOCALS~1\Temp\catchme.sys File not found
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl (CyberLink Corp.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ADM8511) -- C:\WINDOWS\system32\drivers\ADM8511.SYS (ADMtek Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.windstream.net/
IE - HKCU\..\URLSearchHook: {432cad96-6aa6-407a-ab37-6cfdcd73f377} - C:\Program Files\MyOwnSuperheroIE\bar\1.bin\cwSrcAs.dll (MyOwnSuperhero)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {099d6cb1-22b0-7b8e-60ba-934ad1d4f697}:4.6.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/07 04:47:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 16:47:49 | 000,000,000 | ---D | M]

[2010/07/18 03:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Mozilla\Extensions
[2010/07/18 03:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Mozilla\Extensions\[email protected]
[2010/11/16 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Mozilla\Firefox\Profiles\os65891m.default\extensions
[2010/07/28 18:27:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Frosty\Application Data\Mozilla\Firefox\Profiles\os65891m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/16 19:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/29 20:25:54 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{099d6cb1-22b0-7b8e-60ba-934ad1d4f697}

O1 HOSTS File: ([2003/03/31 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\w6h4l.dll) - {B1BA20C1-A503-59BD-F412-03B53A2C8951} - C:\WINDOWS\system32\w6h4l.dll ()
O3 - HKLM\..\Toolbar: (MyOwnSuperhero) - {3bcf580a-adca-4b91-86e0-3898010003e6} - C:\Program Files\MyOwnSuperheroIE\bar\1.bin\cwbar.dll (MyOwnSuperhero)
O3 - HKCU\..\Toolbar\WebBrowser: (MyOwnSuperhero) - {3BCF580A-ADCA-4B91-86E0-3898010003E6} - C:\Program Files\MyOwnSuperheroIE\bar\1.bin\cwbar.dll (MyOwnSuperhero)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HNUmlHXl/yx\Frosty\LOCALS~1\Temp\2691712324.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\2691712324.exe ()
O4 - HKLM..\Run: [HNUmlHXl+01 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Documents and Settings\Frosty\Local Settings\Temp\1958441968.exe ()
O4 - HKLM..\Run: [HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1958441968.exe ()
O4 - HKLM..\Run: [HNUmlHXl7yz (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Documents and Settings\Frosty\Local Settings\Temp\1014106942.exe ()
O4 - HKLM..\Run: [HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1014106942.exe ()
O4 - HKLM..\Run: [HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1339473956.exe ()
O4 - HKLM..\Run: [HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\82117690.exe ()
O4 - HKLM..\Run: [HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\2514721048.exe ()
O4 - HKLM..\Run: [HNUmlHXlhb] C:\Documents and Settings\Frosty\Local Settings\Temp\debug.exe ()
O4 - HKLM..\Run: [HNUmlHXlkc] C:\Documents and Settings\Frosty\Local Settings\Temp\cmd.exe ()
O4 - HKLM..\Run: [HNUmlHXlmc] C:\Documents and Settings\Frosty\Local Settings\Temp\mdm.exe ()
O4 - HKLM..\Run: [HNUmlHXlne] C:\Documents and Settings\Frosty\Local Settings\Temp\lsass.exe ()
O4 - HKLM..\Run: [HNUmlHXlo+] C:\Documents and Settings\Frosty\Local Settings\Temp\avp32.exe ()
O4 - HKLM..\Run: [HNUmlHXloc] C:\Documents and Settings\Frosty\Local Settings\Temp\avp.exe ()
O4 - HKLM..\Run: [HNUmlHXlora] C:\Documents and Settings\Frosty\Local Settings\Temp\iexplarer.exe ()
O4 - HKLM..\Run: [HNUmlHXlotc] C:\Documents and Settings\Frosty\Local Settings\Temp\hexdump.exe ()
O4 - HKLM..\Run: [HNUmlHXlprc] C:\DOCUME~1\Frosty\LOCALS~1\Temp\install.exe File not found
O4 - HKLM..\Run: [HNUmlHXlq+] C:\Documents and Settings\Frosty\Local Settings\Temp\win32.exe ()
O4 - HKLM..\Run: [HNUmlHXlqb] C:\Documents and Settings\Frosty\Local Settings\Temp\winamp.exe ()
O4 - HKLM..\Run: [HNUmlHXlqc] C:\Documents and Settings\Frosty\Local Settings\Temp\win.exe ()
O4 - HKLM..\Run: [HNUmlHXlqe] C:\Documents and Settings\Frosty\Local Settings\Temp\setup.exe ()
O4 - HKLM..\Run: [HNUmlHXlqse] C:\Documents and Settings\Frosty\Local Settings\Temp\winlogon.exe ()
O4 - HKLM..\Run: [HNUmlHXlqvc] C:\Documents and Settings\Frosty\Local Settings\Temp\svchost.exe ()
O4 - HKLM..\Run: [HNUmlHXlqW] C:\Documents and Settings\Frosty\Local Settings\Temp\drweb.exe ()
O4 - HKLM..\Run: [HNUmlHXlrxc] C:\Documents and Settings\Frosty\Local Settings\Temp\spoolsv.exe ()
O4 - HKLM..\Run: [HNUmlHXlsPc] C:\Documents and Settings\Frosty\Local Settings\Temp\nvsvc32.exe ()
O4 - HKLM..\Run: [HNUmlHXlud] C:\Documents and Settings\Frosty\Local Settings\Temp\system.exe ()
O4 - HKLM..\Run: [HNUmlHXlupc] C:\Documents and Settings\Frosty\Local Settings\Temp\sysedit.exe ()
O4 - HKLM..\Run: [MKaoc] C:\WINDOWS\debug.exe ()
O4 - HKLM..\Run: [MKasc] C:\WINDOWS\drweb.exe ()
O4 - HKLM..\Run: [MKbta] C:\WINDOWS\install.exe ()
O4 - HKLM..\Run: [MKbtc] C:\WINDOWS\hexdump.exe ()
O4 - HKLM..\Run: [MKcuc] C:\WINDOWS\lsass.exe ()
O4 - HKLM..\Run: [MKcucdtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiw4UI/DiNKjEhtosWLGB1WlLiRYsMp/zoKFHmQZMaQJVF2pGZy5UCT
J2PKXAjzJESBEGvO5IgSoU6dO4P6LEiy6MuJNf1AzHlzZEqnBl1CbVhRJMueI12yrCq0q9dUQpVO
/XcTaMFUV09ufYq1qFmvcLFqBEs1IVenFf2kaho1Kl25FIFaPUoN7c+4iP96jCnW516ahdNeNNqX
4ErJiDNbfom27dGDqcC+NViW6MDGJQ17Hkv06l27ZC0brilVc9zRoCeiRthYscDOkwEzrKh4rXDb
w4MW9r25L/OSfkA+JDjlMVrfb10DhkkyJ8u9YjHv/8SNfCB20wafF+TLmy81veI1MgavF/XGw+UX
/1PdPLfl+ymJRhZqU5T22oBHhbZXXqtFxZ1KpCkloVKzPdXSfp/BxhpyxmVI0F+1CeebhHupt597
fzXF3n+jkVgfc5HR5Fl8HMa0lXHdHVdVYWeluN6EON2kV2ib5RQbiwilUqBeSw73nkIAuqZdfl7d
x595sBGXnl5Q0hcacSsqBp9kLkqI1FUmmkYjlf2BqFGHO6b1JWwKKgifXWIBx+RjK3kX3YRmHteX
lR11diBKFU5J2JF1PQllQ8A5eWOHLy035HVfEhlSYb0llGlCL7pYIpcY8YjZnT5hNlpxb/lhlJJT
TP+BQnRprplkpnXWKWGB34E65m8uKZjVVmUqteMUk066qbLfTepqstBGm+tyJepqZ2ShXZqrj7LF
6q2sseKq4Ht0TYvpddSKW62Sf1a3ra77zSYutYC+OCenjzE6qnXYGoauvLKKuZ14gx0U3ZLZrUdQ
dCiAG2vDDUtXZ7zZbsfWc+8pVaCmxLFkrFVg1dtYn8RmSyGFmGLLaaBnmUpNw0YaCaybqf4Ha6x+
RPzlYU29/C3OB3vLXsUfTkTziUu6qilO5tU3YcbFqbajxn9SvbR/ZFVLKcOnVUqeU+OOBF6BQi95
9cIvgdswiDmD+9yQiC46lceuGrzrRsXC9y81yO7/nZV5Zbcr+KFMc5YXkCg0nFdktYU4rJsiDVk2
zrwe5Z7DVh2suKc8Rgpa1UHuKjKFKoO1dHhEJotp0m6aXN2K5lVocMTvfQ2slNPt5a7us25cNHXg
9hyS2rBDWCd37PpelOBUTzjuVXXHudxrB+vdmsYZdzSmo7zJmmdslG16nWlpXhfuS4HibdK33X1r
HrnZFnV2SIDCVK/Np0m4Ft2u2kd1oVuZDcqylbrfEUVJDdsUZDynJk/hJFbp4s1m3hMx9vAteB4K
yb7sFTayRUcyK/MgSHpFqNlIz0pVC1ryAiWsZ0WmbnL5y858hizWfOdsDwofU87XH7yVxFso6E4F
/y2ykecBalQiQxi60mKrZYmPXT1bC6AG9KynBVBlC4tVSWLElgbeClbFUxhgGKZFrvAtYl50YNOY
JzoPWm1ULywOejQYGrIByGuqkR3emqc3bMkKBVAxVRdnxBo7IS1NOKEN+wqyyKEkiUyjc94UuUIq
isFrW6ep3KMoFTvYQaSOEJQafVg2x0EJ6zf78d10fNK2WTGSdo5UCIhE2C7grPAm+RKU5X7DpJNt
UDQk3A+aBLkb+vFuMHv7TiSt9kTSkAWClemaImE5kIfVMCOMS6G7sDLKT9qFOeD805VuNDE+raks
PNLYNUv5PhOKx1i78lLQIMUWa46QLInT4obIR/8tNCFNf8v6Dtlw1rjYiYYuIoFibGQ4w5lhaENi
KQsa57ZKsTGOcQdkSeCoth6zXHBzN6sOZDD6SKohyyTdjMgpz0IrVI7Pawr8W2WagsAwLgSRAb3R
IbFksIa07VsQKw1eSCqoFzIvQ/TRpCxpKshUijSRGuSkMPUozIUtRXFyrMvF0qO76iynP4ySJRC/
5cJSMfFEQLLbxuYkoh4WUZzDxNRwdpYkbwELOUsJFzCJGlaFkBFiilniRd15QxPmj2wYg2FVPpUX
9awkeU9kq3ZOOFW+7idxMMwlWOU2x7OS5YI1PBSDcCM0m950R/R7XNJceEIavVRGzzQWWHlkw/f/
ZeU6mpPtQ5VTNIUCxbRQoZXj9imstPCKtvTzoIDmorQZNqtZhoHr/rj5mYIl9D1/hNjGYDfcNDpF
ck/dp/AgQ0Qu7rEtRiWRRFAUQYumxWoXja8wr0gwmmHXmhXcG07t8lVY4RS4DdrsbXEE1ZiqJGPa
whZWQpUr0DxPp81bbMdINT+VQXewGUscxJD5LshBiLYQsatRfAgXywYJUgUbcDKzJD6UMi9bdgQg
QxBZGLO1Vln/quzS0PInhgDYaLaSmYDHQi4Kzyu+ZuzQSjVIS+UeMJq3a9B1O/uUdY3ryhf6bH6K
CalLRXV89zLOEufKMQIO6TKPnbFKLVLJrv0m/1PUEqNQDlUgJ+GkRGDrp9RaJju8UOyrBoWQnxGa
R4SuRpDh414GbYvS7k4Lrz4lUtQwWlgWEW6upUNuepAkJcOisssPYSDa1pyZHGatPgmSb0JTZ1gh
PyqaptMayCbF1naWazD2Ow46U0Oee255VBk1FKj2CskSx/m5KBUXeu4Iqi0t2s0O2S8RP0OfYRU2
q4L+rJjpYiC2FFS/dzzlu2grWZkiVydGupeBSaMVNcEQLvuKk3s11BqYaFaW0BJ1knTs2EwXUquD
5EnhBJ4kuClrZjhN8mtM0ubnXpneBZ1gczyqJhidxnSDQsn96N1XjAwpem9VmqYbBWgHkXNr0v8+
18hfPbGRzkzBsftQmfDFF2kP3COhalDYNshZhy4O3OqbOPjIp+zuLjzbd17urTJkttVSKJBG+XHH
Z5zLlrz2Vi8a8HN9HCCm5vjVM7mSVZ1GIpDASOWX3i3XS9Ujz4XIwv1CdSVpo+/aITvg7IRyhFLY
PNCMnDLW+bOeIiJ1x6y8xSd3yMe5lGuDlYtFfcamPKcIW78fLUdSWdCYefs8Pjd1i1sX8ILMxOWb
99XonwFU0pS6z4hTeXxHL/BdhP1mfXOkiTaKlqLunHVe+v0hxcIzm1KFHzmXmE2XkdcVqUhKA/7D
6dG0nW16FciRVX74x3/5v+aVsn5tH9zg534hfuD0ab3PRPpIGaSre46o0nn72VTvsPznT//6o12X
CgkIADs===] C:\WINDOWS\lsass.exe ()
O4 - HKLM..\Run: [MKee] C:\WINDOWS\user.exe ()
O4 - HKLM..\Run: [MKeg] C:\WINDOWS\smss.exe ()
O4 - HKLM..\Run: [MKerb] C:\WINDOWS\taskmgr.exe ()
O4 - HKLM..\Run: [MKese] C:\WINDOWS\svchost.exe ()
O4 - HKLM..\Run: [MKetc] C:\WINDOWS\sysedit.exe ()
O4 - HKLM..\Run: [MKexe] C:\WINDOWS\system.exe File not found
O4 - HKLM..\Run: [MKfa] C:\WINDOWS\win.exe ()
O4 - HKLM..\Run: [MKfPc] C:\WINDOWS\win16.exe ()
O4 - HKLM..\Run: [MKfpe] C:\WINDOWS\winamp.exe ()
O4 - HKLM..\Run: [MKZe] C:\WINDOWS\avp.exe ()
O4 - HKLM..\Run: [MKZSc] C:\WINDOWS\avp32.exe ()
O4 - HKLM..\Run: [MyOwnSuperheroIE Browser Plugin Loader] C:\Program Files\MyOwnSuperheroIE\bar\1.bin\cwbrmon.exe (MyOwnSuperhero)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [uPc+MV0NKMOJsiv] C:\WINDOWS\System32\e18d1m11w.DLL ()
O4 - HKLM..\Run: [uPc+MV0NoqmaXms] C:\WINDOWS\System32\culnjcnzxz.DLL ()
O4 - HKLM..\Run: [uPc+MV0Np0aCxl] C:\WINDOWS\System32\jjunyvsl.DLL ()
O4 - HKLM..\Run: [uPc+MV0NrdaXms] C:\WINDOWS\System32\vtfmxa.DLL ()
O4 - HKLM..\Run: [uPc+MV0NuQaGuo] C:\WINDOWS\System32\syp6p1j.DLL ()
O4 - HKCU..\Run: [AV7] C:\Program Files\AV7\antivirus7.exe File not found
O4 - HKCU..\Run: [HNUGROXRssc] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe File not found
O4 - HKCU..\Run: [HNUmlHXl/yx\Frosty\LOCALS~1\Temp\2691712324.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\2691712324.exe ()
O4 - HKCU..\Run: [HNUmlHXl+01 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Documents and Settings\Frosty\Local Settings\Temp\1958441968.exe ()
O4 - HKCU..\Run: [HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1958441968.exe ()
O4 - HKCU..\Run: [HNUmlHXl7yz (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Documents and Settings\Frosty\Local Settings\Temp\1014106942.exe ()
O4 - HKCU..\Run: [HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1014106942.exe ()
O4 - HKCU..\Run: [HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\1339473956.exe ()
O4 - HKCU..\Run: [HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\82117690.exe ()
O4 - HKCU..\Run: [HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\2514721048.exe ()
O4 - HKCU..\Run: [HNUmlHXlhb] C:\Documents and Settings\Frosty\Local Settings\Temp\debug.exe ()
O4 - HKCU..\Run: [HNUmlHXlk+] C:\Documents and Settings\Frosty\Local Settings\Temp\gdi32.exe ()
O4 - HKCU..\Run: [HNUmlHXlkc] C:\Documents and Settings\Frosty\Local Settings\Temp\cmd.exe ()
O4 - HKCU..\Run: [HNUmlHXlkc1\Frosty\LOCALS~1\Temp\cmd.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\cmd.exe ()
O4 - HKCU..\Run: [HNUmlHXlmc] C:\Documents and Settings\Frosty\Local Settings\Temp\mdm.exe ()
O4 - HKCU..\Run: [HNUmlHXlmc1\Frosty\LOCALS~1\Temp\mdm.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\mdm.exe ()
O4 - HKCU..\Run: [HNUmlHXlne] C:\Documents and Settings\Frosty\Local Settings\Temp\lsass.exe ()
O4 - HKCU..\Run: [HNUmlHXlo+] C:\Documents and Settings\Frosty\Local Settings\Temp\avp32.exe ()
O4 - HKCU..\Run: [HNUmlHXloc] C:\Documents and Settings\Frosty\Local Settings\Temp\avp.exe ()
O4 - HKCU..\Run: [HNUmlHXlora] C:\Documents and Settings\Frosty\Local Settings\Temp\iexplarer.exe ()
O4 - HKCU..\Run: [HNUmlHXlotc] C:\Documents and Settings\Frosty\Local Settings\Temp\hexdump.exe ()
O4 - HKCU..\Run: [HNUmlHXlprc] C:\DOCUME~1\Frosty\LOCALS~1\Temp\install.exe File not found
O4 - HKCU..\Run: [HNUmlHXlpsc] C:\Documents and Settings\Frosty\Local Settings\Temp\taskmgr.exe ()
O4 - HKCU..\Run: [HNUmlHXlq+] C:\Documents and Settings\Frosty\Local Settings\Temp\win32.exe ()
O4 - HKCU..\Run: [HNUmlHXlq+1\Frosty\LOCALS~1\Temp\win16.exe] C:\DOCUME~1\Frosty\LOCALS~1\Temp\win16.exe File not found
O4 - HKCU..\Run: [HNUmlHXlqb] C:\Documents and Settings\Frosty\Local Settings\Temp\winamp.exe ()
O4 - HKCU..\Run: [HNUmlHXlqb1\Frosty\LOCALS~1\Temp\winamp.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\winamp.exe ()
O4 - HKCU..\Run: [HNUmlHXlqc] C:\Documents and Settings\Frosty\Local Settings\Temp\win.exe ()
O4 - HKCU..\Run: [HNUmlHXlqe] C:\Documents and Settings\Frosty\Local Settings\Temp\setup.exe ()
O4 - HKCU..\Run: [HNUmlHXlqf] C:\Documents and Settings\Frosty\Local Settings\Temp\user.exe ()
O4 - HKCU..\Run: [HNUmlHXlqse] C:\Documents and Settings\Frosty\Local Settings\Temp\winlogon.exe ()
O4 - HKCU..\Run: [HNUmlHXlqvc] C:\Documents and Settings\Frosty\Local Settings\Temp\svchost.exe ()
O4 - HKCU..\Run: [HNUmlHXlqW] C:\Documents and Settings\Frosty\Local Settings\Temp\drweb.exe ()
O4 - HKCU..\Run: [HNUmlHXlrxc] C:\Documents and Settings\Frosty\Local Settings\Temp\spoolsv.exe ()
O4 - HKCU..\Run: [HNUmlHXlsPc] C:\Documents and Settings\Frosty\Local Settings\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [HNUmlHXlsPc\Frosty\LOCALS~1\Temp\nvsvc32.exe] C:\Documents and Settings\Frosty\Local Settings\Temp\nvsvc32.exe ()
O4 - HKCU..\Run: [HNUmlHXlud] C:\Documents and Settings\Frosty\Local Settings\Temp\system.exe ()
O4 - HKCU..\Run: [HNUmlHXlupc] C:\Documents and Settings\Frosty\Local Settings\Temp\sysedit.exe ()
O4 - HKCU..\Run: [MKaoc] C:\WINDOWS\debug.exe ()
O4 - HKCU..\Run: [MKasc] C:\WINDOWS\drweb.exe ()
O4 - HKCU..\Run: [MKayc] C:\WINDOWS\csrss.exe File not found
O4 - HKCU..\Run: [MKaycNDOWS\csrss.exe] C:\WINDOWS\csrss.exe File not found
O4 - HKCU..\Run: [MKaZ] C:\WINDOWS\cmd.exe File not found
O4 - HKCU..\Run: [MKbMc] C:\WINDOWS\gdi32.exe File not found
O4 - HKCU..\Run: [MKbta] C:\WINDOWS\install.exe ()
O4 - HKCU..\Run: [MKbtc] C:\WINDOWS\hexdump.exe ()
O4 - HKCU..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe File not found
O4 - HKCU..\Run: [MKcrc] C:\WINDOWS\login.exe File not found
O4 - HKCU..\Run: [MKcuc] C:\WINDOWS\lsass.exe ()
O4 - HKCU..\Run: [MKcucdtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiw4UI/DiNKjEhtosWLGB1WlLiRYsMp/zoKFHmQZMaQJVF2pGZy5UCT
J2PKXAjzJESBEGvO5IgSoU6dO4P6LEiy6MuJNf1AzHlzZEqnBl1CbVhRJMueI12yrCq0q9dUQpVO
/XcTaMFUV09ufYq1qFmvcLFqBEs1IVenFf2kaho1Kl25FIFaPUoN7c+4iP96jCnW516ahdNeNNqX
4ErJiDNbfom27dGDqcC+NViW6MDGJQ17Hkv06l27ZC0brilVc9zRoCeiRthYscDOkwEzrKh4rXDb
w4MW9r25L/OSfkA+JDjlMVrfb10DhkkyJ8u9YjHv/8SNfCB20wafF+TLmy81veI1MgavF/XGw+UX
/1PdPLfl+ymJRhZqU5T22oBHhbZXXqtFxZ1KpCkloVKzPdXSfp/BxhpyxmVI0F+1CeebhHupt597
fzXF3n+jkVgfc5HR5Fl8HMa0lXHdHVdVYWeluN6EON2kV2ib5RQbiwilUqBeSw73nkIAuqZdfl7d
x595sBGXnl5Q0hcacSsqBp9kLkqI1FUmmkYjlf2BqFGHO6b1JWwKKgifXWIBx+RjK3kX3YRmHteX
lR11diBKFU5J2JF1PQllQ8A5eWOHLy035HVfEhlSYb0llGlCL7pYIpcY8YjZnT5hNlpxb/lhlJJT
TP+BQnRprplkpnXWKWGB34E65m8uKZjVVmUqteMUk066qbLfTepqstBGm+tyJepqZ2ShXZqrj7LF
6q2sseKq4Ht0TYvpddSKW62Sf1a3ra77zSYutYC+OCenjzE6qnXYGoauvLKKuZ14gx0U3ZLZrUdQ
dCiAG2vDDUtXZ7zZbsfWc+8pVaCmxLFkrFVg1dtYn8RmSyGFmGLLaaBnmUpNw0YaCaybqf4Ha6x+
RPzlYU29/C3OB3vLXsUfTkTziUu6qilO5tU3YcbFqbajxn9SvbR/ZFVLKcOnVUqeU+OOBF6BQi95
9cIvgdswiDmD+9yQiC46lceuGrzrRsXC9y81yO7/nZV5Zbcr+KFMc5YXkCg0nFdktYU4rJsiDVk2
zrwe5Z7DVh2suKc8Rgpa1UHuKjKFKoO1dHhEJotp0m6aXN2K5lVocMTvfQ2slNPt5a7us25cNHXg
9hyS2rBDWCd37PpelOBUTzjuVXXHudxrB+vdmsYZdzSmo7zJmmdslG16nWlpXhfuS4HibdK33X1r
HrnZFnV2SIDCVK/Np0m4Ft2u2kd1oVuZDcqylbrfEUVJDdsUZDynJk/hJFbp4s1m3hMx9vAteB4K
yb7sFTayRUcyK/MgSHpFqNlIz0pVC1ryAiWsZ0WmbnL5y858hizWfOdsDwofU87XH7yVxFso6E4F
/y2ykecBalQiQxi60mKrZYmPXT1bC6AG9KynBVBlC4tVSWLElgbeClbFUxhgGKZFrvAtYl50YNOY
JzoPWm1ULywOejQYGrIByGuqkR3emqc3bMkKBVAxVRdnxBo7IS1NOKEN+wqyyKEkiUyjc94UuUIq
isFrW6ep3KMoFTvYQaSOEJQafVg2x0EJ6zf78d10fNK2WTGSdo5UCIhE2C7grPAm+RKU5X7DpJNt
UDQk3A+aBLkb+vFuMHv7TiSt9kTSkAWClemaImE5kIfVMCOMS6G7sDLKT9qFOeD805VuNDE+raks
PNLYNUv5PhOKx1i78lLQIMUWa46QLInT4obIR/8tNCFNf8v6Dtlw1rjYiYYuIoFibGQ4w5lhaENi
KQsa57ZKsTGOcQdkSeCoth6zXHBzN6sOZDD6SKohyyTdjMgpz0IrVI7Pawr8W2WagsAwLgSRAb3R
IbFksIa07VsQKw1eSCqoFzIvQ/TRpCxpKshUijSRGuSkMPUozIUtRXFyrMvF0qO76iynP4ySJRC/
5cJSMfFEQLLbxuYkoh4WUZzDxNRwdpYkbwELOUsJFzCJGlaFkBFiilniRd15QxPmj2wYg2FVPpUX
9awkeU9kq3ZOOFW+7idxMMwlWOU2x7OS5YI1PBSDcCM0m950R/R7XNJceEIavVRGzzQWWHlkw/f/
ZeU6mpPtQ5VTNIUCxbRQoZXj9imstPCKtvTzoIDmorQZNqtZhoHr/rj5mYIl9D1/hNjGYDfcNDpF
ck/dp/AgQ0Qu7rEtRiWRRFAUQYumxWoXja8wr0gwmmHXmhXcG07t8lVY4RS4DdrsbXEE1ZiqJGPa
whZWQpUr0DxPp81bbMdINT+VQXewGUscxJD5LshBiLYQsatRfAgXywYJUgUbcDKzJD6UMi9bdgQg
QxBZGLO1Vln/quzS0PInhgDYaLaSmYDHQi4Kzyu+ZuzQSjVIS+UeMJq3a9B1O/uUdY3ryhf6bH6K
CalLRXV89zLOEufKMQIO6TKPnbFKLVLJrv0m/1PUEqNQDlUgJ+GkRGDrp9RaJju8UOyrBoWQnxGa
R4SuRpDh414GbYvS7k4Lrz4lUtQwWlgWEW6upUNuepAkJcOisssPYSDa1pyZHGatPgmSb0JTZ1gh
PyqaptMayCbF1naWazD2Ow46U0Oee255VBk1FKj2CskSx/m5KBUXeu4Iqi0t2s0O2S8RP0OfYRU2
q4L+rJjpYiC2FFS/dzzlu2grWZkiVydGupeBSaMVNcEQLvuKk3s11BqYaFaW0BJ1knTs2EwXUquD
5EnhBJ4kuClrZjhN8mtM0ubnXpneBZ1gczyqJhidxnSDQsn96N1XjAwpem9VmqYbBWgHkXNr0v8+
18hfPbGRzkzBsftQmfDFF2kP3COhalDYNshZhy4O3OqbOPjIp+zuLjzbd17urTJkttVSKJBG+XHH
Z5zLlrz2Vi8a8HN9HCCm5vjVM7mSVZ1GIpDASOWX3i3XS9Ujz4XIwv1CdSVpo+/aITvg7IRyhFLY
PNCMnDLW+bOeIiJ1x6y8xSd3yMe5lGuDlYtFfcamPKcIW78fLUdSWdCYefs8Pjd1i1sX8ILMxOWb
99XonwFU0pS6z4hTeXxHL/BdhP1mfXOkiTaKlqLunHVe+v0hxcIzm1KFHzmXmE2XkdcVqUhKA/7D
6dG0nW16FciRVX74x3/5v+aVsn5tH9zg534hfuD0ab3PRPpIGaSre46o0nn72VTvsPznT//6o12X
CgkIADs===] C:\WINDOWS\lsass.exe ()
O4 - HKCU..\Run: [MKcucNDOWS\lsass.exe] C:\WINDOWS\lsass.exe ()
O4 - HKCU..\Run: [MKcZ] C:\WINDOWS\mdm.exe ()
O4 - HKCU..\Run: [MKdw+] C:\WINDOWS\nvsvc32.exe File not found
O4 - HKCU..\Run: [MKee] C:\WINDOWS\user.exe ()
O4 - HKCU..\Run: [MKeg] C:\WINDOWS\smss.exe ()
O4 - HKCU..\Run: [MKerb] C:\WINDOWS\taskmgr.exe ()
O4 - HKCU..\Run: [MKese] C:\WINDOWS\svchost.exe ()
O4 - HKCU..\Run: [MKeta] C:\WINDOWS\services.exe File not found
O4 - HKCU..\Run: [MKetc] C:\WINDOWS\sysedit.exe ()
O4 - HKCU..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe ()
O4 - HKCU..\Run: [MKevc] C:\WINDOWS\setup.exe ()
O4 - HKCU..\Run: [MKexe] C:\WINDOWS\system.exe File not found
O4 - HKCU..\Run: [MKfa] C:\WINDOWS\win.exe ()
O4 - HKCU..\Run: [MKfaINDOWS\win.exe] C:\WINDOWS\win.exe ()
O4 - HKCU..\Run: [MKfPc] C:\WINDOWS\win16.exe ()
O4 - HKCU..\Run: [MKfpe] C:\WINDOWS\winamp.exe ()
O4 - HKCU..\Run: [MKfre] C:\WINDOWS\wininst.exe File not found
O4 - HKCU..\Run: [MKfsc] C:\WINDOWS\winlogon.exe File not found
O4 - HKCU..\Run: [MKZe] C:\WINDOWS\avp.exe ()
O4 - HKCU..\Run: [MKZSc] C:\WINDOWS\avp32.exe ()
O4 - HKCU..\Run: [Ptujifinoh] C:\WINDOWS\sdodmot.DLL (ArcSoft Inc.)
O4 - HKCU..\Run: [uPc+MV0NKMOJsiv] C:\WINDOWS\System32\e18d1m11w.DLL ()
O4 - HKCU..\Run: [uPc+MV0NoqmaXms] C:\WINDOWS\System32\culnjcnzxz.DLL ()
O4 - HKCU..\Run: [uPc+MV0Np0aCxl] C:\WINDOWS\System32\jjunyvsl.DLL ()
O4 - HKCU..\Run: [uPc+MV0NrdaXms] C:\WINDOWS\System32\vtfmxa.DLL ()
O4 - HKCU..\Run: [uPc+MV0NuQaGuo] C:\WINDOWS\System32\syp6p1j.DLL ()
O4 - Startup: C:\Documents and Settings\Frosty\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Frosty\Start Menu\Programs\Startup\The Simpsons Unleashed.lnk = C:\Program Files\The Simpsons Unleashed\The Simpsons Unleashed.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frosty\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1282691912078 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {B1BA20C1-A503-59BD-F412-03B53A2C8951} - uawhr987ry38w7rhawuig673fef - C:\WINDOWS\system32\w6h4l.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Frosty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frosty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/15 10:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 19:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frosty\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/11/08 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 16:12:37 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Frosty\Desktop\Shortcut to OTL.exe.lnk
[2010/11/17 16:07:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/17 15:40:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/17 15:40:05 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\avp.exe
[2010/11/17 15:40:04 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\lsass.exe
[2010/11/17 15:38:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/17 15:22:25 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/17 15:03:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1214440339-2147200963-1004UA.job
[2010/11/17 14:34:51 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\setup.exe
[2010/11/17 14:25:42 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\mdm.exe
[2010/11/17 14:23:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{13105BE0-0878-41DA-B332-A4CDF28F8E53}.job
[2010/11/17 14:22:25 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/17 14:17:46 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\debug.exe
[2010/11/17 14:17:17 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\spoolsv.exe
[2010/11/17 14:17:14 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\smss.exe
[2010/11/17 14:17:12 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\install.exe
[2010/11/17 14:17:12 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\avp32.exe
[2010/11/17 14:17:08 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\win16.exe
[2010/11/17 14:17:08 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\sysedit.exe
[2010/11/17 14:17:07 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\user.exe
[2010/11/17 14:17:07 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\svchost.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\win.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\taskmgr.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\drweb.exe
[2010/11/17 14:17:04 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\hexdump.exe
[2010/11/17 14:17:03 | 000,036,356 | -H-- | M] () -- C:\WINDOWS\winamp.exe
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/16 20:19:18 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/16 18:30:18 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/16 18:01:09 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/16 16:53:38 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/16 16:47:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/16 14:59:19 | 000,463,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/16 14:59:19 | 000,078,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/16 14:21:35 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/16 14:21:33 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\e18d1m11w.dll
[2010/11/16 14:21:32 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\w6h4l.dll
[2010/11/16 14:21:31 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\culnjcnzxz.dll
[2010/11/16 14:21:30 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\rucher02.dll
[2010/11/16 14:21:29 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\jjunyvsl.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\u34jm73.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\syp6p1j.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\fr2w4.dll
[2010/11/16 14:21:05 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\vtfmxa.dll
[2010/11/16 14:21:05 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\ivdr9.dll
[2010/11/15 23:18:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/15 18:03:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1214440339-2147200963-1004Core.job
[2010/11/15 00:51:01 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Frosty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 19:22:13 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/11/08 19:20:05 | 001,050,861 | ---- | M] () -- C:\Documents and Settings\Frosty\My Documents\pandora_2_0_5.air
[2010/11/04 19:03:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Frosty\Desktop\Google Chrome.lnk
[2010/11/04 19:03:51 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Frosty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/24 21:23:27 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/21 14:39:10 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Frosty\Desktop\DivX Movies.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 16:12:37 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Frosty\Desktop\Shortcut to OTL.exe.lnk
[2010/11/17 16:02:30 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Frosty\Start Menu\Programs\Startup\The Simpsons Unleashed.lnk
[2010/11/17 16:02:28 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/11/17 16:02:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Frosty\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/11/17 15:40:04 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\lsass.exe
[2010/11/17 14:34:51 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\setup.exe
[2010/11/17 14:25:42 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\mdm.exe
[2010/11/17 14:17:46 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\debug.exe
[2010/11/17 14:17:17 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\spoolsv.exe
[2010/11/17 14:17:16 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\avp.exe
[2010/11/17 14:17:14 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\smss.exe
[2010/11/17 14:17:12 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\install.exe
[2010/11/17 14:17:12 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\avp32.exe
[2010/11/17 14:17:08 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\win16.exe
[2010/11/17 14:17:08 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\sysedit.exe
[2010/11/17 14:17:07 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\user.exe
[2010/11/17 14:17:07 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\svchost.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\win.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\taskmgr.exe
[2010/11/17 14:17:06 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\drweb.exe
[2010/11/17 14:17:04 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\hexdump.exe
[2010/11/17 14:17:03 | 000,036,356 | -H-- | C] () -- C:\WINDOWS\winamp.exe
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 14:21:34 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/16 14:21:33 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\e18d1m11w.dll
[2010/11/16 14:21:32 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\w6h4l.dll
[2010/11/16 14:21:31 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\culnjcnzxz.dll
[2010/11/16 14:21:30 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\rucher02.dll
[2010/11/16 14:21:29 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\jjunyvsl.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\u34jm73.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\syp6p1j.dll
[2010/11/16 14:21:28 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\fr2w4.dll
[2010/11/16 14:21:05 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\vtfmxa.dll
[2010/11/16 14:21:05 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\ivdr9.dll
[2010/11/08 19:22:13 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk
[2010/11/08 19:19:57 | 001,050,861 | ---- | C] () -- C:\Documents and Settings\Frosty\My Documents\pandora_2_0_5.air
[2010/07/30 22:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2010/07/27 22:53:16 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Frosty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 02:18:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/04 14:46:31 | 000,346,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/12 04:36:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2010/02/12 04:33:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/02/12 04:10:06 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/08 14:40:20 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/07 17:26:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/01/15 00:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/03 12:18:04 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/06/12 04:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2010/03/06 21:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/09/15 09:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/05/31 23:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/27 03:54:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/09 16:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/12 04:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\acccore
[2010/06/20 21:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Avnex
[2010/06/13 21:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\com.fox.simpsons.simpsonsgags.8DB2FB41E3AF9617470F9C3E78FDAAA51EF66383.1
[2010/11/08 19:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/05/02 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Dealio
[2010/10/19 00:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\FrostWire
[2010/05/07 01:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Screaming Bee
[2010/05/02 18:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Search Settings
[2010/07/07 02:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\TS3Client
[2010/07/18 03:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Vivox
[2010/01/16 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\WinBatch
[2010/02/09 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Windows Desktop Search
[2010/02/09 16:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frosty\Application Data\Windows Search
[2010/11/17 15:40:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/17 14:22:25 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/17 15:22:25 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/16 18:30:18 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/16 18:01:09 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/16 14:21:35 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/16 20:19:18 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/17 14:16:49 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/17 14:23:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{13105BE0-0878-41DA-B332-A4CDF28F8E53}.job

========== Purity Check ==========



< End of report >

[Advertisements]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  %systemroot%\prefetch\*.*
  C:\WINDOWS\tasks\At*.job
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Rorschach112]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  %systemroot%\prefetch\*.*
  C:\WINDOWS\tasks\At*.job
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Pakqua]

OK here are my OTM and Combofix logs.


All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Frosty\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Frosty\My Documents\Downloads\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\1014106942.EXE-2F299247.pf moved successfully.
C:\WINDOWS\prefetch\1339473956.EXE-0633C8C7.pf moved successfully.
C:\WINDOWS\prefetch\1458765450.EXE-01A14227.pf moved successfully.
C:\WINDOWS\prefetch\1709459460.EXE-371B5A2F.pf moved successfully.
C:\WINDOWS\prefetch\1851403492.EXE-26B9BE77.pf moved successfully.
C:\WINDOWS\prefetch\1958441968.EXE-2429294C.pf moved successfully.
C:\WINDOWS\prefetch\2057351886.EXE-1C58817B.pf moved successfully.
C:\WINDOWS\prefetch\207475432.EXE-2277DDCF.pf moved successfully.
C:\WINDOWS\prefetch\2293747242.EXE-326FD460.pf moved successfully.
C:\WINDOWS\prefetch\2475407876.EXE-1E416BFA.pf moved successfully.
C:\WINDOWS\prefetch\2514721048.EXE-27425418.pf moved successfully.
C:\WINDOWS\prefetch\2691712324.EXE-0FF2C622.pf moved successfully.
C:\WINDOWS\prefetch\3102381010.EXE-1AC2B6C9.pf moved successfully.
C:\WINDOWS\prefetch\328100432.EXE-24E5E774.pf moved successfully.
C:\WINDOWS\prefetch\4016748696.EXE-05F15EEA.pf moved successfully.
C:\WINDOWS\prefetch\4283300302.EXE-2EC01457.pf moved successfully.
C:\WINDOWS\prefetch\82117690.EXE-330EAF6F.pf moved successfully.
C:\WINDOWS\prefetch\AAWTRAY.EXE-1858AE3F.pf moved successfully.
C:\WINDOWS\prefetch\AAWWSC.EXE-248CAA52.pf moved successfully.
C:\WINDOWS\prefetch\AD-AWAREADMIN.EXE-102E374C.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ATTRIB.CFXXE-18D70E5B.pf moved successfully.
C:\WINDOWS\prefetch\AVCENTER.EXE-1A970FA0.pf moved successfully.
C:\WINDOWS\prefetch\AVGNT.EXE-200FEF40.pf moved successfully.
C:\WINDOWS\prefetch\AVNOTIFY.EXE-05ED5FD8.pf moved successfully.
C:\WINDOWS\prefetch\AVP.EXE-1610F1F4.pf moved successfully.
C:\WINDOWS\prefetch\AVP32.EXE-1951DC8A.pf moved successfully.
C:\WINDOWS\prefetch\AVSCAN.EXE-07FC469C.pf moved successfully.
C:\WINDOWS\prefetch\AVWSC.EXE-0283F9DD.pf moved successfully.
C:\WINDOWS\prefetch\BLIZZARD DOWNLOADER.EXE-2BA4DC1A.pf moved successfully.
C:\WINDOWS\prefetch\BRS.EXE-32B4A93E.pf moved successfully.
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-19B06A08.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-19B06A0B.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-19B06A0C.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-19B06A0F.pf moved successfully.
C:\WINDOWS\prefetch\CLEANMGR.EXE-1F86EA8E.pf moved successfully.
C:\WINDOWS\prefetch\CMD.CFXXE-12A6B182.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\COMBOFIX (1).EXE-2A002FF1.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-013DBFB5.pf moved successfully.
C:\WINDOWS\prefetch\CSC.EXE-01730C27.pf moved successfully.
C:\WINDOWS\prefetch\CSCRIPT.CFXXE-2F5062B6.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\CURSECLIENT.EXE-2E50EEAA.pf moved successfully.
C:\WINDOWS\prefetch\CVTRES.EXE-2329DCD5.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DRWEB.EXE-39DA6CE7.pf moved successfully.
C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\DXDIAG.EXE-220E128D.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
C:\WINDOWS\prefetch\GDI32.EXE-0FAA248A.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-118840FE.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-0AA2C073.pf moved successfully.
C:\WINDOWS\prefetch\GREP.CFXXE-005CE245.pf moved successfully.
C:\WINDOWS\prefetch\GRPCONV.EXE-111CD845.pf moved successfully.
C:\WINDOWS\prefetch\GSAR.CFXXE-064C1B3A.pf moved successfully.
C:\WINDOWS\prefetch\GUARDGUI.EXE-00ECD849.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\HEXDUMP.EXE-33D84F99.pf moved successfully.
C:\WINDOWS\prefetch\HIDEC.EXE-3B166DB3.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-0A31FE70.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-12915967.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf moved successfully.
C:\WINDOWS\prefetch\ITUNESHELPER.EXE-15823303.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-25206883.pf moved successfully.
C:\WINDOWS\prefetch\LAUNCHER.EXE-32675156.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MDM.EXE-271CDEDE.pf moved successfully.
C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-25E13438.pf moved successfully.
C:\WINDOWS\prefetch\MSHTA.EXE-331DF029.pf moved successfully.
C:\WINDOWS\prefetch\N.PIF-1B75D06C.pf moved successfully.
C:\WINDOWS\prefetch\NIRCMD.CFXXE-351E2F5E.pf moved successfully.
C:\WINDOWS\prefetch\NIRCMDB.EXE-143CC1C1.pf moved successfully.
C:\WINDOWS\prefetch\NIRCMDC.CFXXE-1A395113.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\PDVD9SERV.EXE-1A739224.pf moved successfully.
C:\WINDOWS\prefetch\PEV.CFXXE-3B65BD28.pf moved successfully.
C:\WINDOWS\prefetch\PEV.EXE-2937A365.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2B4EA1CB.pf moved successfully.
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf moved successfully.
C:\WINDOWS\prefetch\RMBR.CFXXE-2738B6F9.pf moved successfully.
C:\WINDOWS\prefetch\RTHDCPL.EXE-06918CFA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-13B752D6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1831A4F3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1EE676D0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-24B756CC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-29DDBC53.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2C0D0645.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2EFE8888.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-322C2CF7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3792C62D.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-37D488DD.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-411FC557.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNONCE.EXE-2803F297.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf moved successfully.
C:\WINDOWS\prefetch\SED.CFXXE-384BB311.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-380393E3.pf moved successfully.
C:\WINDOWS\prefetch\SMSS.EXE-3092D7B5.pf moved successfully.
C:\WINDOWS\prefetch\SNMP.EXE-0E0E1166.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\SWREG.CFXXE-16776A8B.pf moved successfully.
C:\WINDOWS\prefetch\SWREG.EXE-0937BD77.pf moved successfully.
C:\WINDOWS\prefetch\SWXCACLS.CFXXE-1ECB3953.pf moved successfully.
C:\WINDOWS\prefetch\SYSTEM.EXE-0E44EF1F.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
C:\WINDOWS\prefetch\UNSECAPP.EXE-1A95A33B.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-2577D203.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\VENTRILO.EXE-3662F3B0.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWSSEARCH.EXE-20C0F767.pf moved successfully.
C:\WINDOWS\prefetch\WMIAPSRV.EXE-1E2270A5.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WOW.EXE-02137854.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 266558 bytes
->Temporary Internet Files folder emptied: 3075230 bytes
->Flash cache emptied: 57575 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Frosty
->Temp folder emptied: 116925121 bytes
->Temporary Internet Files folder emptied: 14518123 bytes
->Java cache emptied: 40870441 bytes
->FireFox cache emptied: 39062489 bytes
->Google Chrome cache emptied: 408230357 bytes
->Flash cache emptied: 2265363 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 133759891 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2277774 bytes
%systemroot%\System32 .tmp files removed: 2932753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8920681 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 25524048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 762.00 mb

Unable to start service SrService!

OTM by OldTimer - Version 3.1.17.2 log created on 11172010_164417








ComboFix 10-11-17.01 - Frosty 11/17/2010 17:17:10.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2246 [GMT -5:00]
Running from: c:\documents and settings\Frosty\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Frosty\LOCALS~1\Temp\avp32.exe
c:\docume~1\Frosty\LOCALS~1\Temp\svchost.exe
c:\docume~1\Frosty\LOCALS~1\Temp\win16.exe
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\All Users\Desktop\FLV Direct Player.lnk
c:\documents and settings\Frosty\Application Data\Dealio
c:\documents and settings\Frosty\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Frosty\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\AV7
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\windows\avp.exe
c:\windows\avp32.exe
c:\windows\cmd.exe
c:\windows\csrss.exe
c:\windows\debug.exe
c:\windows\drweb.exe
c:\windows\explorer(2).exe
c:\windows\gdi32.exe
c:\windows\hexdump.exe
c:\windows\install.exe
c:\windows\lsass.exe
c:\windows\mdm.exe
c:\windows\sdodmot.dll
c:\windows\setup.exe
c:\windows\smss.exe
c:\windows\spoolsv.exe
c:\windows\svchost.exe
c:\windows\sysedit.exe
c:\windows\system.exe
c:\windows\system32\7a121d92-b3b8-f473-08a7-ae0dcba5a152.exe
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\res\widgets.xml
c:\windows\system32\config\systemprofile\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\windows\system32\culnjcnzxz.dll
c:\windows\system32\e18d1m11w.dll
c:\windows\system32\fr2w4.dll
c:\windows\system32\ivdr9.dll
c:\windows\system32\jjunyvsl.dll
c:\windows\system32\rucher02.dll
c:\windows\system32\syp6p1j.dll
c:\windows\system32\u34jm73.dll
c:\windows\system32\vtfmxa.dll
c:\windows\system32\w6h4l.dll
c:\windows\taskmgr.exe
c:\windows\user.exe
c:\windows\win.exe
c:\windows\win16.exe
c:\windows\winamp.exe
c:\windows\wininst.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 21:44 . 2010-11-17 21:44 -------- dc----w- C:\_OTM
2010-11-16 21:13 . 2010-11-16 21:13 -------- dc----w- c:\documents and settings\Administrator
2010-11-09 00:22 . 2010-11-09 00:22 -------- dc----w- c:\documents and settings\Frosty\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
2010-11-09 00:22 . 2010-11-09 00:22 -------- dc----w- c:\program files\Pandora
2010-11-06 16:37 . 2010-11-06 16:37 103864 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37 . 2010-11-06 16:37 103864 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( [email protected]_22.28.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 05:46 . 2006-12-02 05:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2010-07-31 03:32 . 2010-07-31 03:35 17719 c:\windows\War3Unin.dat
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(9).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(8).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(7).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(6).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(5).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(4).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(3).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(21).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(20).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(2).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(19).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(18).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(17).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(16).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(15).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(14).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(13).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(12).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(11).drv
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud(10).drv
+ 2010-01-16 21:44 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2010-01-16 21:44 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-02-09 17:42 . 2007-07-31 18:52 57344 c:\windows\system32\spool\drivers\w32x86\3\hpuac5mu.dll
+ 2009-03-03 17:18 . 2010-01-12 09:35 80416 c:\windows\system32\RtNicProp32.dll
+ 2010-01-16 03:44 . 2010-08-24 23:13 46856 c:\windows\system32\Restore\rstrlog.dat
+ 2010-08-24 23:35 . 2009-03-03 17:18 73728 c:\windows\system32\ReinstallBackups\0018\DriverFiles\RtNicProp32.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 68592 c:\windows\system32\pxinsa64.exe
+ 2010-02-12 09:23 . 2010-06-09 23:01 72176 c:\windows\system32\pxhpinst.exe
+ 2010-02-12 09:23 . 2010-06-09 23:01 68080 c:\windows\system32\pxcpya64.exe
+ 2003-03-31 19:00 . 2010-11-16 19:59 78638 c:\windows\system32\perfc009.dat
- 2003-03-31 19:00 . 2010-02-10 08:01 78638 c:\windows\system32\perfc009.dat
+ 2010-07-10 09:38 . 2010-07-10 09:38 61440 c:\windows\system32\OpenCL.dll
+ 2010-07-09 20:24 . 2010-07-09 20:24 81920 c:\windows\system32\nvwddi.dll
+ 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2010-03-07 02:53 . 2010-03-07 02:53 29480 c:\windows\system32\msxml3a.dll
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-06-17 09:11 . 2010-06-17 09:11 13132 c:\windows\system32\mlfcache.dat
+ 2010-03-03 03:04 . 2010-06-19 07:54 15880 c:\windows\system32\lsdelete.exe
- 2010-03-03 03:04 . 2010-03-02 08:56 15880 c:\windows\system32\lsdelete.exe
- 2003-03-31 19:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2010-01-15 05:51 . 2010-06-15 14:11 95072 c:\windows\system32\FNTCACHE.DAT
- 2010-01-15 05:51 . 2010-02-08 13:47 95072 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-07 09:45 . 2010-04-20 00:47 41984 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaapl.sys
+ 2010-09-07 09:45 . 2010-04-20 00:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-15 07:56 . 2010-06-15 07:54 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2010-08-06 20:12 . 2008-04-14 04:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2002-08-29 01:32 . 2008-04-14 04:15 49408 c:\windows\system32\drivers\stream.sys
- 2002-08-29 01:32 . 2008-04-14 05:15 49408 c:\windows\system32\drivers\stream.sys
+ 2010-02-12 09:23 . 2010-06-09 23:01 45648 c:\windows\system32\drivers\PxHelp20.sys
- 2010-02-27 08:54 . 2010-02-04 15:53 64288 c:\windows\system32\drivers\Lbd.sys
+ 2010-02-27 08:54 . 2010-06-15 07:54 64288 c:\windows\system32\drivers\Lbd.sys
+ 2010-02-07 17:13 . 2008-04-14 04:15 60160 c:\windows\system32\drivers\drmk.sys
- 2010-02-07 17:13 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2010-03-04 20:42 . 2010-03-05 21:14 56816 c:\windows\system32\drivers\avgntflt.sys
+ 2010-03-10 19:29 . 2010-03-10 19:29 94208 c:\windows\system32\dpl100.dll
+ 2010-07-27 22:44 . 2010-07-27 22:44 91424 c:\windows\system32\dnssd.dll
- 2010-02-08 13:14 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-02-08 13:14 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-06 20:12 . 2008-04-14 04:15 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2002-08-29 01:32 . 2008-04-14 04:15 49408 c:\windows\system32\dllcache\stream.sys
- 2002-08-29 01:32 . 2008-04-14 05:15 49408 c:\windows\system32\dllcache\stream.sys
- 2010-02-08 13:14 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-02-08 13:14 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 09:33 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 09:33 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-02-07 17:13 . 2008-04-14 05:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2010-02-07 17:13 . 2008-04-14 04:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2010-01-15 15:34 . 2010-11-16 21:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-15 15:34 . 2010-01-17 03:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-15 15:34 . 2010-01-17 03:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-29 17:53 . 2010-11-16 21:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2003-03-31 19:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2003-03-31 19:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-06-14 05:37 . 2010-06-14 05:38 87702 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2010-05-05 14:05 . 2010-05-05 14:05 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-05-05 14:38 . 2010-05-05 14:38 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-11-09 02:36 . 2010-11-09 02:36 28160 c:\windows\Installer\5ab7c39b.msi
+ 2010-11-09 00:22 . 2010-11-09 00:22 21504 c:\windows\Installer\5a3d5174.msi
+ 2010-07-01 04:04 . 2010-07-01 04:04 38400 c:\windows\Installer\34e06cc8.msi
+ 2010-03-07 02:54 . 2010-03-07 02:54 75497 c:\windows\Installer\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\ARPPRODUCTICON.exe
+ 2010-07-01 04:04 . 2010-10-27 01:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-12-22 01:09 . 2009-12-22 01:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 06:57 . 2009-12-22 06:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-22 01:02 . 2009-12-22 01:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 04:21 . 2009-12-22 04:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-22 04:37 . 2009-12-22 04:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 23:39 . 2009-12-21 23:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 23:27 . 2009-12-21 23:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 23:27 . 2009-12-21 23:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-02-08 13:17 . 2010-02-08 13:17 69120 c:\windows\assembly\temp\096VWDM3GP\CustomMarshalers.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7ab4c8aa\System.Drawing.Design.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_add8c6f9\CustomMarshalers.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-13 07:07 . 2010-06-13 07:07 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-13 07:06 . 2010-06-13 07:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2010-02-07 23:12 . 2010-02-07 23:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-13 07:10 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-06-13 07:10 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-13 07:07 . 2008-04-14 10:41 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-06-13 07:07 . 2008-04-14 10:41 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-06-13 07:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2010-06-13 07:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981332-IE8\update\spcustom.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981332-IE8\spmsg.dll
+ 2010-06-13 07:11 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-06-13 07:11 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-13 07:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-13 07:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-13 07:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-06-12 09:14 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-06-13 07:11 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-13 07:10 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-13 07:10 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-06-13 07:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-06-13 07:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-03-10 08:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-10 08:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-07-31 03:32 . 2010-07-31 03:32 2829 c:\windows\War3Unin.pif
+ 2010-08-06 20:12 . 2001-08-18 02:36 5632 c:\windows\system32\ptpusb.dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(9).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(8).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(7).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(6).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(5).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(4).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(3).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(21).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(20).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(2).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(19).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(18).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(17).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(16).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(15).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(14).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(13).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(12).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(11).dll
+ 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser(10).dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2010-02-12 09:23 . 2010-06-09 23:01 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2010-02-07 17:13 . 2008-04-14 09:41 4096 c:\windows\system32\dllcache\ksuser.dll
- 2010-02-07 17:13 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2010-05-05 14:07 . 2010-05-05 14:07 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-02-08 13:17 . 2010-02-08 13:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-07-31 03:32 . 2010-07-31 03:32 126976 c:\windows\War3Unin.exe
+ 2010-06-13 07:10 . 2008-04-14 10:42 221184 c:\windows\system32\wmpns.dll
+ 2003-03-31 19:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2003-03-31 19:00 . 2008-04-14 10:42 176640 c:\windows\system32\wintrust(5).dll
+ 2003-03-31 19:00 . 2008-04-14 10:42 176640 c:\windows\system32\wintrust(2).dll
+ 2003-03-31 19:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust(2)(2).dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
- 2003-03-31 19:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll
+ 2003-03-31 19:00 . 2009-12-21 19:14 916480 c:\windows\system32\wininet(2).dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 100848 c:\windows\system32\vxblock.dll
+ 2003-03-31 19:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2003-03-31 19:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
+ 2010-02-09 17:42 . 2007-12-03 23:56 302592 c:\windows\system32\spool\drivers\w32x86\3\hpzpr5mu.dll
+ 2010-02-09 17:42 . 2007-12-03 23:55 790528 c:\windows\system32\spool\drivers\w32x86\3\hpzev5mu.dll
+ 2010-02-09 17:42 . 2007-12-03 23:57 235008 c:\windows\system32\spool\drivers\w32x86\3\hpzc35mu.dll
+ 2010-02-09 17:42 . 2007-12-03 23:17 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c5mu.dll
+ 2010-02-09 17:42 . 2007-06-29 16:56 113664 c:\windows\system32\spool\drivers\w32x86\3\hpfrs5mu.dll
+ 2010-02-09 17:42 . 2007-08-10 15:06 356352 c:\windows\system32\spool\drivers\w32x86\3\hpfig5mu.dll
+ 2010-02-09 17:42 . 2007-06-29 16:55 326144 c:\windows\system32\spool\drivers\w32x86\3\hpfie5mu.dll
+ 2010-02-09 17:42 . 2006-11-30 16:14 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2010-08-24 23:35 . 2009-11-27 12:20 177152 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Rtenicxp.sys
+ 2010-02-12 09:23 . 2010-06-09 23:01 440816 c:\windows\system32\pxwave.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 219632 c:\windows\system32\pxmas.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 126448 c:\windows\system32\pxinsi64.exe
+ 2010-02-12 09:23 . 2010-06-09 23:01 567792 c:\windows\system32\pxdrv.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 123888 c:\windows\system32\pxcpyi64.exe
+ 2010-02-12 09:23 . 2010-06-09 23:01 133616 c:\windows\system32\pxafs.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 698864 c:\windows\system32\px.dll
+ 2010-08-06 20:12 . 2008-04-14 09:42 159232 c:\windows\system32\ptpusd.dll
+ 2003-03-31 19:00 . 2010-11-16 19:59 463136 c:\windows\system32\perfh009.dat
- 2003-03-31 19:00 . 2010-02-10 08:01 463136 c:\windows\system32\perfh009.dat
- 2003-03-31 19:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2010-07-09 20:24 . 2010-07-09 20:24 155752 c:\windows\system32\nvsvc32.exe
+ 2010-07-09 20:24 . 2010-07-09 20:24 110696 c:\windows\system32\nvmctray.dll
+ 2010-07-09 20:24 . 2010-07-09 20:24 277608 c:\windows\system32\nvmccs.dll
+ 2010-08-24 23:36 . 2010-08-24 23:36 232968 c:\windows\system32\nvdrsdb1.bin
+ 2010-08-24 23:36 . 2010-08-24 23:36 232968 c:\windows\system32\nvdrsdb0.bin
+ 2010-07-09 20:24 . 2010-07-09 20:24 145000 c:\windows\system32\nvcolor.exe
+ 2010-07-10 09:38 . 2010-07-10 09:38 236136 c:\windows\system32\nvcodins.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 236136 c:\windows\system32\nvcod.dll
+ 2009-08-06 23:23 . 2009-08-06 23:23 215904 c:\windows\system32\muweb.dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
- 2003-03-31 19:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2010-06-20 21:47 . 2010-06-20 21:48 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-03-08 02:47 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe
+ 2010-03-08 02:47 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2010-03-08 02:47 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
+ 2010-01-15 15:31 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2010-01-15 15:31 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2003-03-31 19:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 19:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2003-03-31 19:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2003-03-31 19:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2003-03-31 19:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2003-03-31 19:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2009-11-27 12:20 . 2010-03-08 14:41 220112 c:\windows\system32\drivers\Rtenicxp.sys
+ 2010-02-07 17:13 . 2008-04-14 04:49 146048 c:\windows\system32\drivers\portcls.sys
- 2010-02-07 17:13 . 2008-04-14 05:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2003-03-31 19:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-07-27 22:44 . 2010-07-27 22:44 197920 c:\windows\system32\dnssdX.dll
+ 2010-07-27 22:44 . 2010-07-27 22:44 107808 c:\windows\system32\dns-sd.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-03-08 09:34 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2009-03-08 09:33 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2010-02-07 17:13 . 2008-04-14 04:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2010-02-07 17:13 . 2008-04-14 05:49 146048 c:\windows\system32\dllcache\portcls.sys
- 2009-03-08 09:34 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-02-08 13:14 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-07 19:05 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
- 2002-08-29 02:13 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2002-08-29 02:13 . 2008-04-14 04:46 141056 c:\windows\system32\dllcache\ks.sys
- 2010-02-08 08:20 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-08 08:20 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-08 13:14 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 09:31 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 09:31 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-12 09:13 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 19:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2010-03-06 02:54 . 2009-10-11 09:17 411368 c:\windows\system32\deploytk.dll
+ 2003-03-31 19:00 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd.dll
- 2003-03-31 19:00 . 2008-04-14 10:39 285696 c:\windows\system32\atmfd.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 136568 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2010-05-05 14:05 . 2010-05-05 14:05 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-05-05 14:36 . 2010-05-05 14:36 467224 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1157609.exe
+ 2010-05-05 14:08 . 2010-05-05 14:08 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-05-05 14:06 . 2010-05-05 14:06 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 753152 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2010-05-05 14:05 . 2010-05-05 14:05 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2010-05-05 14:37 . 2010-05-05 14:37 213272 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2010-05-05 14:07 . 2010-05-05 14:07 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2003-03-31 19:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-07 02:53 . 2010-03-07 02:53 331264 c:\windows\Installer\fd0c3c7.msi
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\47b0a4e.msp
+ 2010-07-03 03:28 . 2010-07-03 03:28 367104 c:\windows\Installer\3f0cc916.msi
+ 2010-09-07 14:58 . 2010-09-07 14:58 737280 c:\windows\Installer\2d45d324.msi
+ 2010-09-07 09:44 . 2010-09-07 09:44 807936 c:\windows\Installer\2c271b05.msi
+ 2010-09-07 09:50 . 2010-09-07 09:50 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
+ 2010-09-22 22:10 . 2010-09-22 22:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2009-12-21 23:35 . 2009-12-21 23:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-22 01:05 . 2009-12-22 01:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 23:34 . 2009-12-21 23:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-10 00:18 . 2009-11-10 00:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-22 01:02 . 2009-12-22 01:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 23:43 . 2009-12-21 23:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 06:57 . 2009-12-22 06:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 23:15 . 2009-12-21 23:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-22 00:32 . 2009-12-22 00:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-22 00:15 . 2009-12-22 00:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-13 07:09 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-13 07:09 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-13 07:09 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-13 07:09 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-13 07:09 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-13 07:09 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-13 07:09 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-13 07:07 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-02-07 19:05 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-02-08 13:17 . 2010-02-08 13:17 303104 c:\windows\assembly\temp\UJ8PEB0TQN\System.Runtime.Remoting.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_78b08393\System.Drawing.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8bd29192\System.Drawing.Design.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9a91762c\CustomMarshalers.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-13 07:09 . 2010-06-13 07:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-13 07:19 . 2010-06-13 07:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-13 07:20 . 2010-06-13 07:20 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-13 07:08 . 2010-06-13 07:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-13 07:20 . 2010-06-13 07:20 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-13 07:20 . 2010-06-13 07:20 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-02-07 23:12 . 2010-02-07 23:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-13 07:10 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-06-13 07:11 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-06-13 07:11 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-06-13 07:11 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-13 07:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-13 07:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-13 07:12 . 2008-04-14 10:39 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-06-13 07:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-06-13 07:11 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-13 07:10 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB979402_WM9$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-06-13 07:10 . 2008-04-14 10:42 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-13 07:10 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-06-13 07:10 . 2008-04-14 10:41 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-13 07:07 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-03-10 08:02 . 2009-05-26 22:10 382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-10 08:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-06-13 07:09 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2010-06-13 07:09 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2010-06-13 07:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2010-06-12 09:13 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2010-06-12 09:13 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981332-IE8\update\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981332-IE8\update\update.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981332-IE8\spuninst.exe
+ 2010-06-12 09:13 . 2010-03-10 06:18 420352 c:\windows\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
+ 2010-06-13 07:11 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-06-13 07:11 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-06-13 07:11 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-06-11 03:00 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-13 07:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-13 07:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-13 07:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-13 07:11 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-13 07:11 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-06-13 07:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-06-13 07:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-06-13 07:11 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-13 07:10 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-06-13 07:07 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-06-13 07:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-06-13 07:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-06-13 07:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-06-13 07:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-06-13 07:07 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-13 07:07 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-13 07:07 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-03-10 08:02 . 2009-05-26 22:10 382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-10 08:02 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-10 08:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2006-12-02 05:25 . 2006-12-02 05:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2003-03-31 19:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
- 2010-01-15 19:49 . 2009-07-12 17:21 4874240 c:\windows\system32\wmp.dll
+ 2010-01-15 19:49 . 2010-03-19 22:05 4874240 c:\windows\system32\wmp.dll
+ 2003-03-31 19:00 . 2010-05-02 05:22 1851264 c:\windows\system32\win32k.sys
+ 2003-03-31 19:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2003-03-31 19:00 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon(2).dll
+ 2010-02-09 17:42 . 2007-12-03 23:17 1176576 c:\windows\system32\spool\drivers\w32x86\3\hpzur5mu.dll
+ 2010-02-09 17:42 . 2007-12-03 23:55 3354112 c:\windows\system32\spool\drivers\w32x86\3\hpzui5mu.dll
+ 2010-02-09 17:42 . 2007-12-04 00:16 6312448 c:\windows\system32\spool\drivers\w32x86\3\hpzst5mu.dll
+ 2010-02-09 17:42 . 2007-12-03 23:57 1788416 c:\windows\system32\spool\drivers\w32x86\3\hpz3r5mu.dll
+ 2010-02-09 17:42 . 2007-10-31 19:40 3031040 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2003-03-31 19:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2003-03-31 19:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2010-02-12 09:23 . 2010-06-09 23:01 2120176 c:\windows\system32\pxsfs.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 2195030 c:\windows\system32\nvdata.bin
+ 2010-07-10 09:38 . 2010-07-10 09:38 2914408 c:\windows\system32\nvcuvid.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 2506344 c:\windows\system32\nvcuvenc.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 4595712 c:\windows\system32\nvcuda.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 1388544 c:\windows\system32\nvapi.dll
+ 2010-01-15 19:49 . 2010-07-10 09:38 6343040 c:\windows\system32\nv4_disp.dll
+ 2003-03-31 19:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2003-03-31 19:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-06-20 21:48 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 09:32 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2010-09-07 09:45 . 2010-04-20 00:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaaplrc.dll
+ 2010-09-07 09:45 . 2010-04-20 00:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2003-03-31 19:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
- 2010-01-16 21:44 . 2009-07-12 17:21 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2010-01-16 21:44 . 2010-03-19 22:05 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-14 13:21 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 09:34 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-03 19:09 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2010-01-15 19:49 . 2010-07-10 09:38 6343040 c:\windows\system32\dllcache\nv4_disp.dll
+ 2009-08-05 01:44 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-02-08 08:19 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-02-08 08:19 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-02-08 08:19 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2010-02-08 08:20 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-02-08 08:20 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-03-08 09:41 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2010-01-15 15:31 . 2008-04-14 10:42 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-01-15 15:31 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-02-08 13:14 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2010-02-08 13:14 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-05 13:40 . 2010-05-05 13:40 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 1975408 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2010-05-05 13:44 . 2010-05-05 13:44 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-03-07 02:54 . 2010-03-07 02:54 6520832 c:\windows\Installer\fd0c3cb.msi
+ 2010-03-06 02:53 . 2010-03-06 02:53 1757696 c:\windows\Installer\aaadda4.msi
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\47b0a5a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\47b0a59.msp
+ 2010-09-07 09:50 . 2010-09-07 09:50 6478336 c:\windows\Installer\2c272649.msi
+ 2010-09-07 09:47 . 2010-09-07 09:47 9472000 c:\windows\Installer\2c271eaf.msi
+ 2010-09-07 09:45 . 2010-09-07 09:45 3084800 c:\windows\Installer\2c271b5b.msi
+ 2010-09-07 09:45 . 2010-09-07 09:45 1984000 c:\windows\Installer\2c271b29.msi
+ 2010-10-07 04:26 . 2010-10-07 04:26 3940864 c:\windows\Installer\2b83188f.msi
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\25d37.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\1fa20.msp
+ 2010-03-12 08:18 . 2010-03-12 08:18 3940352 c:\windows\Installer\15cec4bb.msi
+ 2010-09-16 07:08 . 2010-09-16 07:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2009-12-21 23:29 . 2009-12-21 23:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-21 23:00 . 2009-12-21 23:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-10-28 01:34 . 2009-10-28 01:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-22 04:31 . 2009-12-22 04:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2009-08-05 01:44 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-02-08 08:19 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-02-08 08:19 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-02-08 08:19 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-02-08 13:17 . 2010-02-08 13:17 2933248 c:\windows\assembly\temp\8DQFWLARGX\System.Data.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f396c593\System.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6ee2923d\System.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b4a1a877\System.Xml.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a549f1b7\System.Xml.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_eee614d8\System.Windows.Forms.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_835c748e\System.Windows.Forms.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fdce3342\System.Drawing.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ad816287\System.Design.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7d7076b0\System.Design.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8f091f23\mscorlib.dll
+ 2010-06-13 07:12 . 2010-06-13 07:12 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4fb145e5\mscorlib.dll
+ 2010-06-13 07:07 . 2010-06-13 07:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-13 07:19 . 2010-06-13 07:19 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-13 07:19 . 2010-06-13 07:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-13 07:22 . 2010-06-13 07:22 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-13 07:21 . 2010-06-13 07:21 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-13 07:05 . 2010-06-13 07:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-02-08 13:17 . 2010-02-08 13:17 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-13 07:06 . 2010-06-13 07:06 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-02-11 08:00 . 2010-02-11 08:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-02-11 08:00 . 2010-02-11 08:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-13 07:11 . 2010-06-13 07:11 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-13 07:11 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-06-13 07:11 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-06-13 07:11 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-06-13 07:11 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-13 07:10 . 2009-08-14 13:21 1850624 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-13 07:10 . 2009-07-12 17:21 4874240 c:\windows\$NtUninstallKB979402_WM9$\wmp.dll
+ 2010-06-13 07:07 . 2009-05-20 09:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-06-13 07:07 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-13 07:07 . 2009-11-27 17:11 1291776 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-03-10 08:02 . 2008-04-14 10:42 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-06-12 09:13 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-12 09:13 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-06-12 09:14 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-06-12 09:14 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-06-12 09:14 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-06-12 09:14 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-03-09 22:10 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2010-07-10 09:38 . 2010-07-10 09:38 13549568 c:\windows\system32\nvoglnt.dll
+ 2010-07-09 20:24 . 2010-07-09 20:24 13923432 c:\windows\system32\nvcpl.dll
+ 2010-07-10 09:38 . 2010-07-10 09:38 10260480 c:\windows\system32\nvcompiler.dll
+ 2010-02-08 13:03 . 2010-05-28 16:37 32472008 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2010-01-15 19:49 . 2010-07-10 09:38 10604128 c:\windows\system32\drivers\nv4_mini.sys
+ 2010-01-15 19:49 . 2010-07-10 09:38 10604128 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-02-08 13:14 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\e43893c.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\47b0a85.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\47b0a68.msp
+ 2010-07-01 04:04 . 2010-07-01 04:04 20242432 c:\windows\Installer\34e06cce.msp
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\25d38.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\25d36.msp
+ 2010-10-27 01:03 . 2010-10-27 01:03 20303872 c:\windows\Installer\17638efa.msp
+ 2009-12-22 04:21 . 2009-12-22 04:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
+ 2010-06-13 07:09 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-13 07:09 . 2010-06-13 07:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-13 07:23 . 2010-06-13 07:23 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-13 07:20 . 2010-06-13 07:20 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-13 07:08 . 2010-06-13 07:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-13 07:07 . 2010-06-13 07:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-13 07:07 . 2010-06-13 07:07 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
+ 2010-05-06 20:06 . 2010-05-06 20:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{432cad96-6aa6-407a-ab37-6cfdcd73f377}"= "c:\program files\MyOwnSuperheroIE\bar\1.bin\cwSrcAs.dll" [2010-09-17 49152]

[HKEY_CLASSES_ROOT\clsid\{432cad96-6aa6-407a-ab37-6cfdcd73f377}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3bcf580a-adca-4b91-86e0-3898010003e6}"= "c:\program files\MyOwnSuperheroIE\bar\1.bin\cwbar.dll" [2010-09-17 643072]

[HKEY_CLASSES_ROOT\clsid\{3bcf580a-adca-4b91-86e0-3898010003e6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3BCF580A-ADCA-4B91-86E0-3898010003E6}"= "c:\program files\MyOwnSuperheroIE\bar\1.bin\cwbar.dll" [2010-09-17 643072]

[HKEY_CLASSES_ROOT\clsid\{3bcf580a-adca-4b91-86e0-3898010003e6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Frosty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-01-28 75048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"MyOwnSuperheroIE Browser Plugin Loader"="c:\progra~1\MYOWNS~2\bar\1.bin\cwbrmon.exe" [2010-09-17 20480]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

c:\documents and settings\Frosty\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-8 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Documents and Settings\\Frosty\\Local Settings\\Apps\\2.0\\2YO1QC80.5OO\\EL3CWP0L.VXV\\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/27/2010 3:54 AM 64288]
S0 wddwov;wddwov;c:\windows\system32\drivers\negwdfep.sys --> c:\windows\system32\drivers\negwdfep.sys [?]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/06 21:55];c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl [1/28/2010 5:48 PM 87536]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/4/2010 3:42 PM 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
S2 MyOwnSuperheroIEService;MyOwnSuperhero Service;c:\progra~1\MYOWNS~2\bar\1.bin\cwbarsvc.exe [9/17/2010 10:07 AM 28766]
S3 ADM8511;ADM8511 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM8511.SYS [2/15/2001 5:34 PM 24555]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/13/2010 7:02 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:54]

2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1214440339-2147200963-1004Core.job
- c:\documents and settings\Frosty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 04:43]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1214440339-2147200963-1004UA.job
- c:\documents and settings\Frosty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 04:43]

2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{13105BE0-0878-41DA-B332-A4CDF28F8E53}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.windstream.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Frosty\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Frosty\Application Data\Mozilla\Firefox\Profiles\os65891m.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Frosty\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MKaZ - c:\windows\cmd.exe
HKCU-Run-MKerb - c:\windows\taskmgr.exe
HKCU-Run-MKetc - c:\windows\sysedit.exe
HKCU-Run-MKfPc - c:\windows\win16.exe
HKCU-Run-MKfpe - c:\windows\winamp.exe
HKCU-Run-MKexe - c:\windows\system.exe
HKCU-Run-MKZe - c:\windows\avp.exe
HKCU-Run-MKeta - c:\windows\services.exe
HKCU-Run-MKfre - c:\windows\wininst.exe
HKCU-Run-MKfsc - c:\windows\winlogon.exe
HKCU-Run-MKeuf - c:\windows\spoolsv.exe
HKCU-Run-MKese - c:\windows\svchost.exe
HKCU-Run-MKbtc - c:\windows\hexdump.exe
HKCU-Run-MKayc - c:\windows\csrss.exe
HKCU-Run-MKee - c:\windows\user.exe
HKCU-Run-MKdw+ - c:\windows\nvsvc32.exe
HKCU-Run-MKaoc - c:\windows\debug.exe
HKCU-Run-MKeg - c:\windows\smss.exe
HKCU-Run-MKcucNDOWS\lsass.exe - c:\windows\lsass.exe
HKCU-Run-MKfa - c:\windows\win.exe
HKCU-Run-MKevc - c:\windows\setup.exe
HKCU-Run-MKZSc - c:\windows\avp32.exe
HKCU-Run-MKcrc - c:\windows\login.exe
HKCU-Run-MKcuc - c:\windows\lsass.exe
HKCU-Run-MKaycNDOWS\csrss.exe - c:\windows\csrss.exe
HKCU-Run-MKfaINDOWS\win.exe - c:\windows\win.exe
HKCU-Run-MKbta - c:\windows\install.exe
HKCU-Run-CgkIADs=== - c:\windows\lsass.exe
HKCU-Run-AV7 - c:\program files\AV7\antivirus7.exe
HKCU-Run-uPc+MV0NrdaXms - c:\windows\system32\vtfmxa.dll
HKCU-Run-uPc+MV0Np0aCxl - c:\windows\system32\jjunyvsl.dll
HKCU-Run-HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1958441968.exe
HKCU-Run-HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1014106942.exe
HKCU-Run-uPc+MV0NoqmaXms - c:\windows\system32\culnjcnzxz.dll
HKCU-Run-uPc+MV0NuQaGuo - c:\windows\system32\syp6p1j.dll
HKCU-Run-HNUmlHXlqb1\Frosty\LOCALS~1\Temp\winamp.exe - c:\docume~1\Frosty\LOCALS~1\Temp\winamp.exe
HKCU-Run-HNUmlHXlkc1\Frosty\LOCALS~1\Temp\cmd.exe - c:\docume~1\Frosty\LOCALS~1\Temp\cmd.exe
HKCU-Run-HNUmlHXlsPc\Frosty\LOCALS~1\Temp\nvsvc32.exe - c:\docume~1\Frosty\LOCALS~1\Temp\nvsvc32.exe
HKCU-Run-MKbuqc - c:\windows\iexplarer.exe
HKCU-Run-Ptujifinoh - c:\windows\sdodmot.dll
HKCU-Run-uPc+MV0NKMOJsiv - c:\windows\system32\e18d1m11w.dll
HKCU-Run-HNUmlHXlq+1\Frosty\LOCALS~1\Temp\win16.exe - c:\docume~1\Frosty\LOCALS~1\Temp\win16.exe
HKCU-Run-MKcZ - c:\windows\mdm.exe
HKCU-Run-MKasc - c:\windows\drweb.exe
HKCU-Run-HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe - c:\docume~1\Frosty\LOCALS~1\Temp\82117690.exe
HKCU-Run-MKbMc - c:\windows\gdi32.exe
HKCU-Run-HNUGROXRssc - c:\docume~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe
HKCU-Run-HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1339473956.exe
HKCU-Run-HNUmlHXlmc1\Frosty\LOCALS~1\Temp\mdm.exe - c:\docume~1\Frosty\LOCALS~1\Temp\mdm.exe
HKCU-Run-HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe - c:\docume~1\Frosty\LOCALS~1\Temp\2514721048.exe
HKCU-Run-N1j651kvKB6713A96IMJInVOuGsLSC6N1XgTyH4gEoWXpIWExSmApnt7xn4BAQA7== - c:\windows\csrss.exe
HKLM-Run-CgkIADs=== - c:\windows\lsass.exe
HKLM-Run-MKee - c:\windows\user.exe
HKLM-Run-MKcuc - c:\windows\lsass.exe
HKLM-Run-MKetc - c:\windows\sysedit.exe
HKLM-Run-MKfpe - c:\windows\winamp.exe
HKLM-Run-HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1014106942.exe
HKLM-Run-uPc+MV0Np0aCxl - c:\windows\system32\jjunyvsl.dll
HKLM-Run-uPc+MV0NuQaGuo - c:\windows\system32\syp6p1j.dll
HKLM-Run-uPc+MV0NoqmaXms - c:\windows\system32\culnjcnzxz.dll
HKLM-Run-uPc+MV0NKMOJsiv - c:\windows\system32\e18d1m11w.dll
HKLM-Run-uPc+MV0NrdaXms - c:\windows\system32\vtfmxa.dll
HKLM-Run-HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1958441968.exe
HKLM-Run-MKfPc - c:\windows\win16.exe
HKLM-Run-MKese - c:\windows\svchost.exe
HKLM-Run-MKbta - c:\windows\install.exe
HKLM-Run-MKasc - c:\windows\drweb.exe
HKLM-Run-MKerb - c:\windows\taskmgr.exe
HKLM-Run-MKeg - c:\windows\smss.exe
HKLM-Run-MKaoc - c:\windows\debug.exe
HKLM-Run-MKZSc - c:\windows\avp32.exe
HKLM-Run-MKfa - c:\windows\win.exe
HKLM-Run-MKbtc - c:\windows\hexdump.exe
HKLM-Run-MKZe - c:\windows\avp.exe
HKLM-Run-HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe - c:\docume~1\Frosty\LOCALS~1\Temp\82117690.exe
HKLM-Run-HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe - c:\docume~1\Frosty\LOCALS~1\Temp\1339473956.exe
HKLM-Run-MKexe - c:\windows\system.exe
HKLM-Run-HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe - c:\docume~1\Frosty\LOCALS~1\Temp\2514721048.exe
HKLM-Run-MKfre - c:\windows\wininst.exe
HKLM-Run-MKbMc - c:\windows\gdi32.exe
HKLM-Run-MKaZ - c:\windows\cmd.exe
HKLM-Run-MKayc - c:\windows\csrss.exe
HKLM-Run-N1j651kvKB6713A96IMJInVOuGsLSC6N1XgTyH4gEoWXpIWExSmApnt7xn4BAQA7== - c:\windows\csrss.exe
AddRemove-7a121d92-b3b8-f473-08a7-ae0dcba5a152 - c:\windows\system32\7a121d92-b3b8-f473-08a7-ae0dcba5a152.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MKcucdtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiw4UI/DiNKjEhtosWLGB1WlLiRYsMp/zoKFHmQZMaQJVF2pGZy5UCT J2PKXAjzJESBEGvO5IgSoU6dO4P6LEiy6MuJNf1AzHlzZEqnBl1CbVhRJMueI12yrCq0q9dUQpVO /XcTaMFUV09ufYq1qFmvcLFqBEs1IVenFf2kaho1Kl25FIFaPUoN7c+4iP96jCnW516ahdNeNNqX 4ErJiDNbfom27dGDqcC+NViW6MDGJQ17Hkv06l27ZC0brilVc9zRoCeiRthYscDOkwEzrKh4rXDb w4MW9r25L/OSfkA+JDjlMVrfb10DhkkyJ8u9YjHv/8SNfCB20wafF+TLmy81veI1MgavF/XGw+UX /1PdPLfl+ymJRhZqU5T22oBHhbZXXqtFxZ1KpCkloVKzPdXSfp/BxhpyxmVI0F+1CeebhHupt597 fzXF3n+jkVgfc5HR5Fl8HMa0lXHdHVdVYWeluN6EON2kV2ib5RQbiwilUqBeSw73nkIAuqZdfl7d x595sBGXnl5Q0hcacSsqBp9kLkqI1FUmmkYjlf2BqFGHO6b1JWwKKgifXWIBx+RjK3kX3YRmHteX lR11diBKFU5J2JF1PQllQ8A5eWOHLy035HVfEhlSYb0llGlCL7pYIpcY8YjZnT5hNlpxb/lhlJJT TP+BQnRprplkpnXWKWGB34E65m8uKZjVVmUqteMUk066qbLfTepqstBGm+tyJepqZ2ShXZqrj7LF 6q2sseKq4Ht0TYvpddSKW62Sf1a3ra77zSYutYC+OCenjzE6qnXYGoauvLKKuZ14gx0U3ZLZrUdQ dCiAG2vDDUtXZ7zZbsfWc+8pVaCmxLFkrFVg1dtYn8RmSyGFmGLLaaBnmUpNw0YaCaybqf4Ha6x+ RPzlYU29/C3OB3vLXsUfTkTziUu6qilO5tU3YcbFqbajxn9SvbR/ZFVLKcOnVUqeU+OOBF6BQi95 9cIvgdswiDmD+9yQiC46lceuGrzrRsXC9y81yO7/nZV5Zbcr+KFMc5YXkCg0nFdktYU4rJsiDVk2 zrwe5Z7DVh2suKc8Rgpa1UHuKjKFKoO1dHhEJotp0m6aXN2K5lVocMTvfQ2slNPt5a7us25cNHXg 9hyS2rBDWCd37PpelOBUTzjuVXXHudxrB+vdmsYZdzSmo7zJmmdslG16nWlpXhfuS4HibdK33X1r HrnZFnV2SIDCVK/Np0m4Ft2u2kd1oVuZDcqylbrfEUVJDdsUZDynJk/hJFbp4s1m3hMx9vAteB4K yb7sFTayRUcyK/MgSHpFqNlIz0pVC1ryAiWsZ0WmbnL5y858hizWfOdsDwofU87XH7yVxFso6E4F /y2ykecBalQiQxi60mKrZYmPXT1bC6AG9KynBVBlC4tVSWLElgbeClbFUxhgGKZFrvAtYl50YNOY JzoPWm1ULywOejQYGrIByGuqkR3emqc3bMkKBVAxVRdnxBo7IS1NOKEN+wqyyKEkiUyjc94UuUIq isFrW6ep3KMoFTvYQaSOEJQafVg2x0EJ6zf78d10fNK2WTGSdo5UCIhE2C7grPAm+RKU5X7DpJNt UDQk3A+aBLkb+vFuMHv7TiSt9kTSkAWClemaImE5kIfVMCOMS6G7sDLKT9qFOeD805VuNDE+raks PNLYNUv5PhOKx1i78lLQIMUWa46QLInT4obIR/8tNCFNf8v6Dtlw1rjYiYYuIoFibGQ4w5lhaENi KQsa57ZKsTGOcQdkSeCoth6zXHBzN6sOZDD6SKohyyTdjMgpz0IrVI7Pawr8W2WagsAwLgSRAb3R IbFksIa07VsQKw1eSCqoFzIvQ/TRpCxpKshUijSRGuSkMPUozIUtRXFyrMvF0qO76iynP4ySJRC/ 5cJSMfFEQLLbxuYkoh4WUZzDxNRwdpYkbwELOUsJFzCJGlaFkBFiilniRd15QxPmj2wYg2FVPpUX 9awkeU9kq3ZOOFW+7idxMMwlWOU2x7OS5YI1PBSDcCM0m950R/R7XNJceEIavVRGzzQWWHlkw/f/ ZeU6mpPtQ5VTNIUCxbRQoZXj9imstPCKtvTzoIDmorQZNqtZhoHr/rj5mYIl9D1/hNjGYDfcNDpF ck/dp/AgQ0Qu7rEtRiWRRFAUQYumxWoXja8wr0gwmmHXmhXcG07t8lVY4RS4DdrsbXEE1ZiqJGPa whZWQpUr0DxPp81bbMdINT+VQXewGUscxJD5LshBiLYQsatRfAgXywYJUgUbcDKzJD6UMi9bdgQg QxBZGLO1Vln/quzS0PInhgDYaLaSmYDHQi4Kzyu+ZuzQSjVIS+UeMJq3a9B1O/uUdY3ryhf6bH6K CalLRXV89zLOEufKMQIO6TKPnbFKLVLJrv0m/1PUEqNQDlUgJ+GkRGDrp9RaJju8UOyrBoWQnxGa R4SuRpDh414GbYvS7k4Lrz4lUtQwWlgWEW6upUNuepAkJcOisssPYSDa1pyZHGatPgmSb0JTZ1gh PyqaptMayCbF1naWazD2Ow46U0Oee255VBk1FKj2CskSx/m5KBUXeu4Iqi0t2s0O2S8RP0OfYRU2 q4L+rJjpYiC2FFS/dzzlu2grWZkiVydGupeBSaMVNcEQLvuKk3s11BqYaFaW0BJ1knTs2EwXUquD 5EnhBJ4kuClrZjhN8mtM0ubnXpneBZ1gczyqJhidxnSDQsn96N1XjAwpem9VmqYbBWgHkXNr0v8+ 18hfPbGRzkzBsftQmfDFF2kP3COhalDYNshZhy4O3OqbOPjIp+zuLjzbd17urTJkttVSKJBG+XHH Z5zLlrz2Vi8a8HN9HCCm5vjVM7mSVZ1GIpDASOWX3i3XS9Ujz4XIwv1CdSVpo+/aITvg7IRyhFLY PNCMnDLW+bOeIiJ1x6y8xSd3yMe5lGuDlYtFfcamPKcIW78fLUdSWdCYefs8Pjd1i1sX8ILMxOWb 99XonwFU0pS6z4hTeXxHL/BdhP1mfXOkiTaKlqLunHVe+v0hxcIzm1KFHzmXmE2XkdcVqUhKA/7D 6dG0nW16FciRVX74x3/5v+aVsn5tH9zg534hfuD0ab3PRPpIGaSre46o0nn72VTvsPznT//6o12X CgkIADs=== = c:\windows\lsass.exe
MKee = c:\windows\user.exe
MKcuc = c:\windows\lsass.exe
MKetc = c:\windows\sysedit.exe
MKfpe = c:\windows\winamp.exe
HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1014106942.exe
uPc+MV0Np0aCxl = rundll32.exe c:\windows\system32\jjunyvsl.dll, SystemServer
MyOwnSuperheroIE Browser Plugin Loader = c:\progra~1\MYOWNS~2\bar\1.bin\cwbrmon.exe
uPc+MV0NuQaGuo = rundll32.exe c:\windows\system32\syp6p1j.dll, SystemServer
DivXUpdate = "c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
uPc+MV0NoqmaXms = rundll32.exe c:\windows\system32\culnjcnzxz.dll, SystemServer
uPc+MV0NKMOJsiv = rundll32.exe c:\windows\system32\e18d1m11w.dll, SystemServer
uPc+MV0NrdaXms = rundll32.exe c:\windows\system32\vtfmxa.dll, SystemServer
HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1958441968.exe
iTunesHelper = "c:\program files\iTunes\iTunesHelper.exe"
MKfPc = c:\windows\win16.exe
MKese = c:\windows\svchost.exe
MKbta = c:\windows\install.exe
MKasc = c:\windows\drweb.exe
MKerb = c:\windows\taskmgr.exe
NvCplDaemon = RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
MKeg = c:\windows\smss.exe
MKaoc = c:\windows\debug.exe
MKZSc = c:\windows\avp32.exe
MKfa = c:\windows\win.exe
MKbtc = c:\windows\hexdump.exe
MKZe = c:\windows\avp.exe
HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe = c:\docume~1\Frosty\LOCALS~1\Temp\82117690.exe
HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1339473956.exe
HNUmlHXl/yx\Frosty\LOCALS~1\Temp\2691712324.exe = c:\docume~1\Frosty\LOCALS~1\Temp\2691712324.exe
MKexe = c:\windows\system.exe
HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe = c:\docume~1\Frosty\LOCALS~1\Temp\2514721048.exe
MKfre = c:\windows\wininst.exe
MKbMc = c:\windows\gdi32.exe
MKaZ = c:\windows\cmd.exe
MKayc = c:\windows\csrss.exe
MKaycsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP+l+kewoMGDCBMqXMiwocOHECNKjEiNWiqL1CYaTMWx48CHHzM6FLmQpEaGJg+mTEmQpMuT fj6eLFixI8aLOGk2jMkzVc+YBlkilCmwINGZSA36SZr05UE/SynirHhTaEKOMbF69DnzqECZGaP+ m1JSZ8uK/8SuVNmQGlSzbRM6/TeXYcyVVadebMlWJFSfgH+WDTpYqUmuGUnKFNvQ51u6kK3C9OqQ skLJBDnWzIv5a8esgDmipCjxqOW0BRlDhPp3ClSqid2GDkwbtFagcg+CFT1a7829Cn/S1pwbYuKS aDuTFMt76O3P0LdutS2ateOlxztvfNtZJvCLm6fO/xXeEzrT89oTMgeZkexluE+ds57/mirkoZBf 36eL0Y9FjxbJFdhfsnHFV3rnEcbXWeDFhVBUBrKlG0GqSYTRZlZd5xhx2SXm22aQ8VabZhjClhZw CaaoIGlKfbURSh+5t997OH1U4Yw40uUfR675F1tYkX0FGm7HrUhhgBkNFN6FKKqYY2RoGRfcUWot NNBpEuInV1VLZjbcgNjxR6GGCzIUIUJWcYmRk2dplKGSRg2V1XKo1VWcYb8RBeZfPSUZpFKf8UcV fT2ylt1+LxX5pJFI2UeYnYqaFJVI0pF4FWpJTVfpgyfy5KdzfJ0ZpIcQ8sQnn3e+V6abUcKnUWh5 Lf9K2EA3ApoVnzaFtNqqWFnXYFGp3QlbYqw9SN9djwn755M/sshfpYGqdmNdSTJ2G26DYVnmtKJd 5KtXyQJ7IpoihfXXe8cey6iqrm4EYE0K2Tjhq2Gyi2awQvl5XIUezXsqdo/RGma+gppI37IrpTtf RT626u6mbY7aEoda2hlcgtr+qVqAmcUZHK7+vWpSdoBZFC5mJlv302vadudxim7du2puA8PnUqnN dXzaciov3C6Frh116L6Pcaejaz0GDed9Ctcns5fBzmuvQjJOfbGDJ35EmXUzp8VYzEbdyi/Srj3U IaVIq1x11zTFJtwUGi4J3poWqvQ1qKrqWqafgdL/vV3aYHl9b5VK/XXRFIgj3rBRVTWck8lw/+eT 0rlqVnlKVQLpdWsHF8Y2ppe51tm0apbo2+SsFfrhhazDdvrkiZf91X9hE5iaH1Mk11KPcdJnYIap ocAvW/9eF+5CX1eV9pJyU5WTix275Wd51KRdaI/QeepfVMd7hnri86WS9lt6hpV7mZPPDeV3mxcb 9RTCu2Taap3rVKuOUMnoaIvupmRjnh2xXupwh7smPWti0rMJTcCXOOOND1OtyplRRPesCyHKWLiC Hwok9SL0UOgy4iNgs5zjkfKMiEg2ImDsBIg92/znOBSE4QplF5MVjsVENAnZQZBmqQ4FZVhh2wsK /4bYOb/VTT3I40nuKFXCz3DsKrzBjdZU6KtjUTBLOawd9pQGFMXdpTYdFFT6hCarRzENBecrlalE NZNaTc4t2CpcT6bknaJEkYruEwgV4YafIhkvLUhzi+LsCD5aPYVllqLLIH+oqHgRZSl+GCKKnni7 u7QxOJFzDJrcRyUJQut7XLuPIFMHl5oApnDgyx9ZYkRAQ9JkKoVrz8kIhj64LAV+kYMSgiJSoYpQ UJPuuiJqhjQbrfHRMSzUTfWoqKTwdcwsDPSa6ASZOC8RB0eSIuBrHrOWSOEoJpJ82Y9a1UiH3CiP vxRNjyRnucYUSJqkxCAeiaIY3SjOPSIEWgENWP8Z3ulGON2MFzWI+DksjqYlyRPkXgT5H1Pljifi 2ltqSgZPwCFqgHyckZ5SEzvwIE2PaSPI2g6kEqzksllqmc8FwzIgDRavZ6Ek6U4iE0DQwHFpKuXL /TLjl6NpU4Wayd9PA/cpo/ikeomrVtDg6cq+9CWE3qLLnp4DUIfRCo07bQpPX+i1K+FEPzWMo8Qk dSUdARJ390QrA9XqNJdwjCsDid2OxrLP2H2wL8Pi2EdXpMNESQ6LuJyaN832zyWiRZM1wV1ydJfX Q3EUo00rVOa2ozXIJUuhQj1fWsqFTYEsJ6Ob9J8R+wjIDV4FtKxiSQgBFUPFDu52BxoWCy3Lwvr/ NFZJljMf4kKC1hoqjmFlaZYvj+chPt7EqdIT10AIqlMNomAmQuGRFLkXMjjW5UrM2WYKM+uS6/Fz oo9TzPKetVvr8bQxhRVQ0BAESY9F8nw+QeMQNeus6OLum0DJX5a2eatnghSoRVIh4vZTQsbltbdL vNIK79u9ba0PrUGBHWfLGWBgwWmg8h2iJMt5ngJehb8sEY5Gczg+saJOP5azpH2KapFARul7iPNL L18mR6kaqo1a2yEuhbc0JyVpkjkMazYnpaSRIVSAvCmX9cgpMZusWDYTA2Ra73pf0m5kt+lTjv3W UxRJYZUlu8yUdJdKoQrp8EVK1WaSNjMf0SXZ/2LsZFBmVOnPR75SaA1tJWETBlHKmAxmyrIKULeC KMSEaFTIzC2xBCgomepEtdcU8DExV6/w5CcrEZNMuRRVP8xd0IxskuO5GHe6th3HNzq7XaHCXBjr dWtKo3V0xB72NEj65ZTxkdJEtAPVkuxlKTbZESVnZa5osnpe5VIrpUoaoI3R9DJwFOujMUXPMhft oAZNCvnadGpJVeXOEmxo+2QH7V9piaS0A52RGvzNXrHXxjvBNbbXZTWvjZOkuK2Rfyk8Z8vdk9wS ZZDkPnU2KM31sI49Hq0C9cOWFXlS0zYI3Ng9l2Obi3BogmV+CjpR502Mh41CtYFlsxZ3fdhskv/B KS/7raIA38+UHcmR3trtoyPpCpieW9aCAAQeoKx53eXROXKxiR06Pa1FxMpjvdVDOgv691Lxqlf0 MnYSjT/suP6Ttx6nhd44UanDONd1lUXZIEX12NMRvgvmymXueWccSTQ76pqDPquoGdQpQKq21LWc xJ9R9lWV6Z+gGcdxK+3vYdLxEqZD5TwjSpspWQ11mQNuph6vyGRHtQuBq40SriqeNo6lDXLadroz gzpIc+IUh8sIk8jH6+j9C/y5O18jQsMIojS+l8M28m2Dntl/kv8YvRGf5NxgnmOrdzaw/FqjxbMe 7YdG2eEPKdXej0nzhde264NbewBZMve5ptG+nNp+nvnNGzPcGjjygs8U+Wk6OtEREKAqNWzKz6zk pgcd3hO1KKPpJiQkAhzbx35NgRlaIx3sRBlUp204cho703cm52tAFHx85znTJyE2ckrWshVM9End 54EgGIIIKIJmoUNsRDwRdlwwczqcwYIu2IIwqBe59ToSRIDgF1FYczWyV25OZ4M2OICWJ3mHIWs5 N1j651kvKB6713A96IMJInVOuGsLSC6N1XgTyH4gEoWXpIWExSmApnt7xn4BAQA7== = c:\windows\csrss.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AV7 = c:\program files\AV7\antivirus7.exe
uPc+MV0NrdaXms = rundll32.exe c:\windows\system32\vtfmxa.dll, SystemServer
uPc+MV0Np0aCxl = rundll32.exe c:\windows\system32\jjunyvsl.dll, SystemServer
HNUmlHXl+01\Frosty\LOCALS~1\Temp\1958441968.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1958441968.exe
HNUmlHXl7yz\Frosty\LOCALS~1\Temp\1014106942.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1014106942.exe
uPc+MV0NoqmaXms = rundll32.exe c:\windows\system32\culnjcnzxz.dll, SystemServer
Google Update = "c:\documents and settings\Frosty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
uPc+MV0NuQaGuo = rundll32.exe c:\windows\system32\syp6p1j.dll, SystemServer
HNUmlHXlqb1\Frosty\LOCALS~1\Temp\winamp.exe = c:\docume~1\Frosty\LOCALS~1\Temp\winamp.exe
HNUmlHXlkc1\Frosty\LOCALS~1\Temp\cmd.exe = c:\docume~1\Frosty\LOCALS~1\Temp\cmd.exe
HNUmlHXlsPc\Frosty\LOCALS~1\Temp\nvsvc32.exe = c:\docume~1\Frosty\LOCALS~1\Temp\nvsvc32.exe
MKbuqc = c:\windows\iexplarer.exe
Ptujifinoh = rundll32.exe "c:\windows\sdodmot.dll",Startup
uPc+MV0NKMOJsiv = rundll32.exe c:\windows\system32\e18d1m11w.dll, SystemServer
HNUmlHXlq+1\Frosty\LOCALS~1\Temp\win16.exe = c:\docume~1\Frosty\LOCALS~1\Temp\win16.exe
MKcZ = c:\windows\mdm.exe
MKasc = c:\windows\drweb.exe
HNUmlHXl91O\Frosty\LOCALS~1\Temp\82117690.exe = c:\docume~1\Frosty\LOCALS~1\Temp\82117690.exe
MKbMc = c:\windows\gdi32.exe
HNUGROXRssc = c:\docume~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe
HNUmlHXl810\Frosty\LOCALS~1\Temp\1339473956.exe = c:\docume~1\Frosty\LOCALS~1\Temp\1339473956.exe
HNUmlHXlmc1\Frosty\LOCALS~1\Temp\mdm.exe = c:\docume~1\Frosty\LOCALS~1\Temp\mdm.exe
HNUmlHXl9zy\Frosty\LOCALS~1\Temp\2514721048.exe = c:\docume~1\Frosty\LOCALS~1\Temp\2514721048.exe
HNUmlHXl/yx\Frosty\LOCALS~1\Temp\2691712324.exe = c:\docume~1\Frosty\LOCALS~1\Temp\2691712324.exe

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MKcucdtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiw4UI/DiNKjEhtosWLGB1WlLiRYsMp/zoKFHmQZMaQJVF2pGZy5UCT
J2PKXAjzJESBEGvO5IgSoU6dO4P6LEiy6MuJNf1AzHlzZEqnBl1CbVhRJMueI12yrCq0q9dUQpVO
/XcTaMFUV09ufYq1qFmvcLFqBEs1IVenFf2kaho1Kl25FIFaPUoN7c+4iP96jCnW516ahdNeNNqX
4ErJiDNbfom27dGDqcC+NViW6MDGJQ17Hkv06l27ZC0brilVc9zRoCeiRthYscDOkwEzrKh4rXDb
w4MW9r25L/OSfkA+JDjlMVrfb10DhkkyJ8u9YjHv/8SNfCB20wafF+TLmy81veI1MgavF/XGw+UX
/1PdPLfl+ymJRhZqU5T22oBHhbZXXqtFxZ1KpCkloVKzPdXSfp/BxhpyxmVI0F+1CeebhHupt597
fzXF3n+jkVgfc5HR5Fl8HMa0lXHdHVdVYWeluN6EON2kV2ib5RQbiwilUqBeSw73nkIAuqZdfl7d
x595sBGXnl5Q0hcacSsqBp9kLkqI1FUmmkYjlf2BqFGHO6b1JWwKKgifXWIBx+RjK3kX3YRmHteX
lR11diBKFU5J2JF1PQllQ8A5eWOHLy035HVfEhlSYb0llGlCL7pYIpcY8YjZnT5hNlpxb/lhlJJT
TP+BQnRprplkpnXWKWGB34E65m8uKZjVVmUqteMUk066qbLfTepqstBGm+tyJepqZ2ShXZqrj7LF
6q2sseKq4Ht0TYvpddSKW62Sf1a3ra77zSYutYC+OCenjzE6qnXYGoauvLKKuZ14gx0U3ZLZrUdQ
dCiAG2vDDUtXZ7zZbsfWc+8pVaCmxLFkrFVg1dtYn8RmSyGFmGLLaaBnmUpNw0YaCaybqf4Ha6x+
RPzlYU29/C3OB3vLXsUfTkTziUu6qilO5tU3YcbFqbajxn9SvbR/ZFVLKcOnVUqeU+OOBF6BQi95
9cIvgdswiDmD+9yQiC46lceuGrzrRsXC9y81yO7/nZV5Zbcr+KFMc5YXkCg0nFdktYU4rJsiDVk2
zrwe5Z7DVh2suKc8Rgpa1UHuKjKFKoO1dHhEJotp0m6aXN2K5lVocMTvfQ2slNPt5a7us25cNHXg
9hyS2rBDWCd37PpelOBUTzjuVXXHudxrB+vdmsYZdzSmo7zJmmdslG16nWlpXhfuS4HibdK33X1r
HrnZFnV2SIDCVK/Np0m4Ft2u2kd1oVuZDcqylbrfEUVJDdsUZDynJk/hJFbp4s1m3hMx9vAteB4K
yb7sFTayRUcyK/MgSHpFqNlIz0pVC1ryAiWsZ0WmbnL5y858hizWfOdsDwofU87XH7yVxFso6E4F
/y2ykecBalQiQxi60mKrZYmPXT1bC6AG9KynBVBlC4tVSWLElgbeClbFUxhgGKZFrvAtYl50YNOY
JzoPWm1ULywOejQYGrIByGuqkR3emqc3bMkKBVAxVRdnxBo7IS1NOKEN+wqyyKEkiUyjc94UuUIq
isFrW6ep3KMoFTvYQaSOEJQafVg2x0EJ6zf78d10fNK2WTGSdo5UCIhE2C7grPAm+RKU5X7DpJNt
UDQk3A+aBLkb+vFuMHv7TiSt9kTSkAWClemaImE5kIfVMCOMS6G7sDLKT9qFOeD805VuNDE+raks
PNLYNUv5PhOKx1i78lLQIMUWa46QLInT4obIR/8tNCFNf8v6Dtlw1rjYiYYuIoFibGQ4w5lhaENi
KQsa57ZKsTGOcQdkSeCoth6zXHBzN6sOZDD6SKohyyTdjMgpz0IrVI7Pawr8W2WagsAwLgSRAb3R
IbFksIa07VsQKw1eSCqoFzIvQ/TRpCxpKshUijSRGuSkMPUozIUtRXFyrMvF0qO76iynP4ySJRC/
5cJSMfFEQLLbxuYkoh4WUZzDxNRwdpYkbwELOUsJFzCJGlaFkBFiilniRd15QxPmj2wYg2FVPpUX
9awkeU9kq3ZOOFW+7idxMMwlWOU2x7OS5YI1PBSDcCM0m950R/R7XNJceEIavVRGzzQWWHlkw/f/
ZeU6mpPtQ5VTNIUCxbRQoZXj9imstPCKtvTzoIDmorQZNqtZhoHr/rj5mYIl9D1/hNjGYDfcNDpF
ck/dp/AgQ0Qu7rEtRiWRRFAUQYumxWoXja8wr0gwmmHXmhXcG07t8lVY4RS4DdrsbXEE1ZiqJGPa
whZWQpUr0DxPp81bbMdINT+VQXewGUscxJD5LshBiLYQsatRfAgXywYJUgUbcDKzJD6UMi9bdgQg
QxBZGLO1Vln/quzS0PInhgDYaLaSmYDHQi4Kzyu+ZuzQSjVIS+UeMJq3a9B1O/uUdY3ryhf6bH6K
CalLRXV89zLOEufKMQIO6TKPnbFKLVLJrv0m/1PUEqNQDlUgJ+GkRGDrp9RaJju8UOyrBoWQnxGa
R4SuRpDh414GbYvS7k4Lrz4lUtQwWlgWEW6upUNuepAkJcOisssPYSDa1pyZHGatPgmSb0JTZ1gh
PyqaptMayCbF1naWazD2Ow46U0Oee255VBk1FKj2CskSx/m5KBUXeu4Iqi0t2s0O2S8RP0OfYRU2
q4L+rJjpYiC2FFS/dzzlu2grWZkiVydGupeBSaMVNcEQLvuKk3s11BqYaFaW0BJ1knTs2EwXUquD
5EnhBJ4kuClrZjhN8mtM0ubnXpneBZ1gczyqJhidxnSDQsn96N1XjAwpem9VmqYbBWgHkXNr0v8+
18hfPbGRzkzBsftQmfDFF2kP3COhalDYNshZhy4O3OqbOPjIp+zuLjzbd17urTJkttVSKJBG+XHH
Z5zLlrz2Vi8a8HN9HCCm5vjVM7mSVZ1GIpDASOWX3i3XS9Ujz4XIwv1CdSVpo+/aITvg7IRyhFLY
PNCMnDLW+bOeIiJ1x6y8xSd3yMe5lGuDlYtFfcamPKcIW78fLUdSWdCYefs8Pjd1i1sX8ILMxOWb
99XonwFU0pS6z4hTeXxHL/BdhP1mfXOkiTaKlqLunHVe+v0hxcIzm1KFHzmXmE2XkdcVqUhKA/7D
6dG0nW16FciRVX74x3/5v+aVsn5tH9zg534hfuD0ab3PRPpIGaSre46o0nn72VTvsPznT//6o12X
CgkIADs==="="c:\\WINDOWS\\lsass.exe"
"MKaycsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP+l+kewoMGDCBMqXMiwocOHECNKjEiNWiqL1CYaTMWx48CHHzM6FLmQpEaGJg+mTEmQpMuT
fj6eLFixI8aLOGk2jMkzVc+YBlkilCmwINGZSA36SZr05UE/SynirHhTaEKOMbF69DnzqECZGaP+
m1JSZ8uK/8SuVNmQGlSzbRM6/TeXYcyVVadebMlWJFSfgH+WDTpYqUmuGUnKFNvQ51u6kK3C9OqQ
skLJBDnWzIv5a8esgDmipCjxqOW0BRlDhPp3ClSqid2GDkwbtFagcg+CFT1a7829Cn/S1pwbYuKS
aDuTFMt76O3P0LdutS2ateOlxztvfNtZJvCLm6fO/xXeEzrT89oTMgeZkexluE+ds57/mirkoZBf
36eL0Y9FjxbJFdhfsnHFV3rnEcbXWeDFhVBUBrKlG0GqSYTRZlZd5xhx2SXm22aQ8VabZhjClhZw
CaaoIGlKfbURSh+5t997OH1U4Yw40uUfR675F1tYkX0FGm7HrUhhgBkNFN6FKKqYY2RoGRfcUWot
NNBpEuInV1VLZjbcgNjxR6GGCzIUIUJWcYmRk2dplKGSRg2V1XKo1VWcYb8RBeZfPSUZpFKf8UcV
fT2ylt1+LxX5pJFI2UeYnYqaFJVI0pF4FWpJTVfpgyfy5KdzfJ0ZpIcQ8sQnn3e+V6abUcKnUWh5
Lf9K2EA3ApoVnzaFtNqqWFnXYFGp3QlbYqw9SN9djwn755M/sshfpYGqdmNdSTJ2G26DYVnmtKJd
5KtXyQJ7IpoihfXXe8cey6iqrm4EYE0K2Tjhq2Gyi2awQvl5XIUezXsqdo/RGma+gppI37IrpTtf
RT626u6mbY7aEoda2hlcgtr+qVqAmcUZHK7+vWpSdoBZFC5mJlv302vadudxim7du2puA8PnUqnN
dXzaciov3C6Frh116L6Pcaejaz0GDed9Ctcns5fBzmuvQjJOfbGDJ35EmXUzp8VYzEbdyi/Srj3U
IaVIq1x11zTFJtwUGi4J3poWqvQ1qKrqWqafgdL/vV3aYHl9b5VK/XXRFIgj3rBRVTWck8lw/+eT
0rlqVnlKVQLpdWsHF8Y2ppe51tm0apbo2+SsFfrhhazDdvrkiZf91X9hE5iaH1Mk11KPcdJnYIap
ocAvW/9eF+5CX1eV9pJyU5WTix275Wd51KRdaI/QeepfVMd7hnri86WS9lt6hpV7mZPPDeV3mxcb
9RTCu2Taap3rVKuOUMnoaIvupmRjnh2xXupwh7smPWti0rMJTcCXOOOND1OtyplRRPesCyHKWLiC
Hwok9SL0UOgy4iNgs5zjkfKMiEg2ImDsBIg92/znOBSE4QplF5MVjsVENAnZQZBmqQ4FZVhh2wsK
/4bYOb/VTT3I40nuKFXCz3DsKrzBjdZU6KtjUTBLOawd9pQGFMXdpTYdFFT6hCarRzENBecrlalE
NZNaTc4t2CpcT6bknaJEkYruEwgV4YafIhkvLUhzi+LsCD5aPYVllqLLIH+oqHgRZSl+GCKKnni7
u7QxOJFzDJrcRyUJQut7XLuPIFMHl5oApnDgyx9ZYkRAQ9JkKoVrz8kIhj64LAV+kYMSgiJSoYpQ
UJPuuiJqhjQbrfHRMSzUTfWoqKTwdcwsDPSa6ASZOC8RB0eSIuBrHrOWSOEoJpJ82Y9a1UiH3CiP
vxRNjyRnucYUSJqkxCAeiaIY3SjOPSIEWgENWP8Z3ulGON2MFzWI+DksjqYlyRPkXgT5H1Pljifi
2ltqSgZPwCFqgHyckZ5SEzvwIE2PaSPI2g6kEqzksllqmc8FwzIgDRavZ6Ek6U4iE0DQwHFpKuXL
/TLjl6NpU4Wayd9PA/cpo/ikeomrVtDg6cq+9CWE3qLLnp4DUIfRCo07bQpPX+i1K+FEPzWMo8Qk
dSUdARJ390QrA9XqNJdwjCsDid2OxrLP2H2wL8Pi2EdXpMNESQ6LuJyaN832zyWiRZM1wV1ydJfX
Q3EUo00rVOa2ozXIJUuhQj1fWsqFTYEsJ6Ob9J8R+wjIDV4FtKxiSQgBFUPFDu52BxoWCy3Lwvr/
NFZJljMf4kKC1hoqjmFlaZYvj+chPt7EqdIT10AIqlMNomAmQuGRFLkXMjjW5UrM2WYKM+uS6/Fz
oo9TzPKetVvr8bQxhRVQ0BAESY9F8nw+QeMQNeus6OLum0DJX5a2eatnghSoRVIh4vZTQsbltbdL
vNIK79u9ba0PrUGBHWfLGWBgwWmg8h2iJMt5ngJehb8sEY5Gczg+saJOP5azpH2KapFARul7iPNL
L18mR6kaqo1a2yEuhbc0JyVpkjkMazYnpaSRIVSAvCmX9cgpMZusWDYTA2Ra73pf0m5kt+lTjv3W
UxRJYZUlu8yUdJdKoQrp8EVK1WaSNjMf0SXZ/2LsZFBmVOnPR75SaA1tJWETBlHKmAxmyrIKULeC
KMSEaFTIzC2xBCgomepEtdcU8DExV6/w5CcrEZNMuRRVP8xd0IxskuO5GHe6th3HNzq7XaHCXBjr
dWtKo3V0xB72NEj65ZTxkdJEtAPVkuxlKTbZESVnZa5osnpe5VIrpUoaoI3R9DJwFOujMUXPMhft
oAZNCvnadGpJVeXOEmxo+2QH7V9piaS0A52RGvzNXrHXxjvBNbbXZTWvjZOkuK2Rfyk8Z8vdk9wS
ZZDkPnU2KM31sI49Hq0C9cOWFXlS0zYI3Ng9l2Obi3BogmV+CjpR502Mh41CtYFlsxZ3fdhskv/B
KS/7raIA38+UHcmR3trtoyPpCpieW9aCAAQeoKx53eXROXKxiR06Pa1FxMpjvdVDOgv691Lxqlf0
MnYSjT/suP6Ttx6nhd44UanDONd1lUXZIEX12NMRvgvmymXueWccSTQ76pqDPquoGdQpQKq21LWc
xJ9R9lWV6Z+gGcdxK+3vYdLxEqZD5TwjSpspWQ11mQNuph6vyGRHtQuBq40SriqeNo6lDXLadroz
gzpIc+IUh8sIk8jH6+j9C/y5O18jQsMIojS+l8M28m2Dntl/kv8YvRGf5NxgnmOrdzaw/FqjxbMe
7YdG2eEPKdXej0nzhde264NbewBZMve5ptG+nNp+nvnNGzPcGjjygs8U+Wk6OtEREKAqNWzKz6zk
pgcd3hO1KKPpJiQkAhzbx35NgRlaIx3sRBlUp204cho703cm52tAFHx85znTJyE2ckrWshVM9End
54EgGIIIKIJmoUNsRDwRdlwwczqcwYIu2IIwqBe59ToSRIDgF1FYczWyV25OZ4M2OICWJ3mHIWs5
N1j651kvKB6713A96IMJInVOuGsLSC6N1XgTyH4gEoWXpIWExSmApnt7xn4BAQA7=="="c:\\WINDOWS\\csrss.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MKcucdtop.info&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiw4UI/DiNKjEhtosWLGB1WlLiRYsMp/zoKFHmQZMaQJVF2pGZy5UCT
J2PKXAjzJESBEGvO5IgSoU6dO4P6LEiy6MuJNf1AzHlzZEqnBl1CbVhRJMueI12yrCq0q9dUQpVO
/XcTaMFUV09ufYq1qFmvcLFqBEs1IVenFf2kaho1Kl25FIFaPUoN7c+4iP96jCnW516ahdNeNNqX
4ErJiDNbfom27dGDqcC+NViW6MDGJQ17Hkv06l27ZC0brilVc9zRoCeiRthYscDOkwEzrKh4rXDb
w4MW9r25L/OSfkA+JDjlMVrfb10DhkkyJ8u9YjHv/8SNfCB20wafF+TLmy81veI1MgavF/XGw+UX
/1PdPLfl+ymJRhZqU5T22oBHhbZXXqtFxZ1KpCkloVKzPdXSfp/BxhpyxmVI0F+1CeebhHupt597
fzXF3n+jkVgfc5HR5Fl8HMa0lXHdHVdVYWeluN6EON2kV2ib5RQbiwilUqBeSw73nkIAuqZdfl7d
x595sBGXnl5Q0hcacSsqBp9kLkqI1FUmmkYjlf2BqFGHO6b1JWwKKgifXWIBx+RjK3kX3YRmHteX
lR11diBKFU5J2JF1PQllQ8A5eWOHLy035HVfEhlSYb0llGlCL7pYIpcY8YjZnT5hNlpxb/lhlJJT
TP+BQnRprplkpnXWKWGB34E65m8uKZjVVmUqteMUk066qbLfTepqstBGm+tyJepqZ2ShXZqrj7LF
6q2sseKq4Ht0TYvpddSKW62Sf1a3ra77zSYutYC+OCenjzE6qnXYGoauvLKKuZ14gx0U3ZLZrUdQ
dCiAG2vDDUtXZ7zZbsfWc+8pVaCmxLFkrFVg1dtYn8RmSyGFmGLLaaBnmUpNw0YaCaybqf4Ha6x+
RPzlYU29/C3OB3vLXsUfTkTziUu6qilO5tU3YcbFqbajxn9SvbR/ZFVLKcOnVUqeU+OOBF6BQi95
9cIvgdswiDmD+9yQiC46lceuGrzrRsXC9y81yO7/nZV5Zbcr+KFMc5YXkCg0nFdktYU4rJsiDVk2
zrwe5Z7DVh2suKc8Rgpa1UHuKjKFKoO1dHhEJotp0m6aXN2K5lVocMTvfQ2slNPt5a7us25cNHXg
9hyS2rBDWCd37PpelOBUTzjuVXXHudxrB+vdmsYZdzSmo7zJmmdslG16nWlpXhfuS4HibdK33X1r
HrnZFnV2SIDCVK/Np0m4Ft2u2kd1oVuZDcqylbrfEUVJDdsUZDynJk/hJFbp4s1m3hMx9vAteB4K
yb7sFTayRUcyK/MgSHpFqNlIz0pVC1ryAiWsZ0WmbnL5y858hizWfOdsDwofU87XH7yVxFso6E4F
/y2ykecBalQiQxi60mKrZYmPXT1bC6AG9KynBVBlC4tVSWLElgbeClbFUxhgGKZFrvAtYl50YNOY
JzoPWm1ULywOejQYGrIByGuqkR3emqc3bMkKBVAxVRdnxBo7IS1NOKEN+wqyyKEkiUyjc94UuUIq
isFrW6ep3KMoFTvYQaSOEJQafVg2x0EJ6zf78d10fNK2WTGSdo5UCIhE2C7grPAm+RKU5X7DpJNt
UDQk3A+aBLkb+vFuMHv7TiSt9kTSkAWClemaImE5kIfVMCOMS6G7sDLKT9qFOeD805VuNDE+raks
PNLYNUv5PhOKx1i78lLQIMUWa46QLInT4obIR/8tNCFNf8v6Dtlw1rjYiYYuIoFibGQ4w5lhaENi
KQsa57ZKsTGOcQdkSeCoth6zXHBzN6sOZDD6SKohyyTdjMgpz0IrVI7Pawr8W2WagsAwLgSRAb3R
IbFksIa07VsQKw1eSCqoFzIvQ/TRpCxpKshUijSRGuSkMPUozIUtRXFyrMvF0qO76iynP4ySJRC/
5cJSMfFEQLLbxuYkoh4WUZzDxNRwdpYkbwELOUsJFzCJGlaFkBFiilniRd15QxPmj2wYg2FVPpUX
9awkeU9kq3ZOOFW+7idxMMwlWOU2x7OS5YI1PBSDcCM0m950R/R7XNJceEIavVRGzzQWWHlkw/f/
ZeU6mpPtQ5VTNIUCxbRQoZXj9imstPCKtvTzoIDmorQZNqtZhoHr/rj5mYIl9D1/hNjGYDfcNDpF
ck/dp/AgQ0Qu7rEtRiWRRFAUQYumxWoXja8wr0gwmmHXmhXcG07t8lVY4RS4DdrsbXEE1ZiqJGPa
whZWQpUr0DxPp81bbMdINT+VQXewGUscxJD5LshBiLYQsatRfAgXywYJUgUbcDKzJD6UMi9bdgQg
QxBZGLO1Vln/quzS0PInhgDYaLaSmYDHQi4Kzyu+ZuzQSjVIS+UeMJq3a9B1O/uUdY3ryhf6bH6K
CalLRXV89zLOEufKMQIO6TKPnbFKLVLJrv0m/1PUEqNQDlUgJ+GkRGDrp9RaJju8UOyrBoWQnxGa
R4SuRpDh414GbYvS7k4Lrz4lUtQwWlgWEW6upUNuepAkJcOisssPYSDa1pyZHGatPgmSb0JTZ1gh
PyqaptMayCbF1naWazD2Ow46U0Oee255VBk1FKj2CskSx/m5KBUXeu4Iqi0t2s0O2S8RP0OfYRU2
q4L+rJjpYiC2FFS/dzzlu2grWZkiVydGupeBSaMVNcEQLvuKk3s11BqYaFaW0BJ1knTs2EwXUquD
5EnhBJ4kuClrZjhN8mtM0ubnXpneBZ1gczyqJhidxnSDQsn96N1XjAwpem9VmqYbBWgHkXNr0v8+
18hfPbGRzkzBsftQmfDFF2kP3COhalDYNshZhy4O3OqbOPjIp+zuLjzbd17urTJkttVSKJBG+XHH
Z5zLlrz2Vi8a8HN9HCCm5vjVM7mSVZ1GIpDASOWX3i3XS9Ujz4XIwv1CdSVpo+/aITvg7IRyhFLY
PNCMnDLW+bOeIiJ1x6y8xSd3yMe5lGuDlYtFfcamPKcIW78fLUdSWdCYefs8Pjd1i1sX8ILMxOWb
99XonwFU0pS6z4hTeXxHL/BdhP1mfXOkiTaKlqLunHVe+v0hxcIzm1KFHzmXmE2XkdcVqUhKA/7D
6dG0nW16FciRVX74x3/5v+aVsn5tH9zg534hfuD0ab3PRPpIGaSre46o0nn72VTvsPznT//6o12X
CgkIADs==="="c:\\WINDOWS\\lsass.exe"
"MKaycsonalift.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP+l+kewoMGDCBMqXMiwocOHECNKjEiNWiqL1CYaTMWx48CHHzM6FLmQpEaGJg+mTEmQpMuT
fj6eLFixI8aLOGk2jMkzVc+YBlkilCmwINGZSA36SZr05UE/SynirHhTaEKOMbF69DnzqECZGaP+
m1JSZ8uK/8SuVNmQGlSzbRM6/TeXYcyVVadebMlWJFSfgH+WDTpYqUmuGUnKFNvQ51u6kK3C9OqQ
skLJBDnWzIv5a8esgDmipCjxqOW0BRlDhPp3ClSqid2GDkwbtFagcg+CFT1a7829Cn/S1pwbYuKS
aDuTFMt76O3P0LdutS2ateOlxztvfNtZJvCLm6fO/xXeEzrT89oTMgeZkexluE+ds57/mirkoZBf
36eL0Y9FjxbJFdhfsnHFV3rnEcbXWeDFhVBUBrKlG0GqSYTRZlZd5xhx2SXm22aQ8VabZhjClhZw
CaaoIGlKfbURSh+5t997OH1U4Yw40uUfR675F1tYkX0FGm7HrUhhgBkNFN6FKKqYY2RoGRfcUWot
NNBpEuInV1VLZjbcgNjxR6GGCzIUIUJWcYmRk2dplKGSRg2V1XKo1VWcYb8RBeZfPSUZpFKf8UcV
fT2ylt1+LxX5pJFI2UeYnYqaFJVI0pF4FWpJTVfpgyfy5KdzfJ0ZpIcQ8sQnn3e+V6abUcKnUWh5
Lf9K2EA3ApoVnzaFtNqqWFnXYFGp3QlbYqw9SN9djwn755M/sshfpYGqdmNdSTJ2G26DYVnmtKJd
5KtXyQJ7IpoihfXXe8cey6iqrm4EYE0K2Tjhq2Gyi2awQvl5XIUezXsqdo/RGma+gppI37IrpTtf
RT626u6mbY7aEoda2hlcgtr+qVqAmcUZHK7+vWpSdoBZFC5mJlv302vadudxim7du2puA8PnUqnN
dXzaciov3C6Frh116L6Pcaejaz0GDed9Ctcns5fBzmuvQjJOfbGDJ35EmXUzp8VYzEbdyi/Srj3U
IaVIq1x11zTFJtwUGi4J3poWqvQ1qKrqWqafgdL/vV3aYHl9b5VK/XXRFIgj3rBRVTWck8lw/+eT
0rlqVnlKVQLpdWsHF8Y2ppe51tm0apbo2+SsFfrhhazDdvrkiZf91X9hE5iaH1Mk11KPcdJnYIap
ocAvW/9eF+5CX1eV9pJyU5WTix275Wd51KRdaI/QeepfVMd7hnri86WS9lt6hpV7mZPPDeV3mxcb
9RTCu2Taap3rVKuOUMnoaIvupmRjnh2xXupwh7smPWti0rMJTcCXOOOND1OtyplRRPesCyHKWLiC
Hwok9SL0UOgy4iNgs5zjkfKMiEg2ImDsBIg92/znOBSE4QplF5MVjsVENAnZQZBmqQ4FZVhh2wsK
/4bYOb/VTT3I40nuKFXCz3DsKrzBjdZU6KtjUTBLOawd9pQGFMXdpTYdFFT6hCarRzENBecrlalE
NZNaTc4t2CpcT6bknaJEkYruEwgV4YafIhkvLUhzi+LsCD5aPYVllqLLIH+oqHgRZSl+GCKKnni7
u7QxOJFzDJrcRyUJQut7XLuPIFMHl5oApnDgyx9ZYkRAQ9JkKoVrz8kIhj64LAV+kYMSgiJSoYpQ
UJPuuiJqhjQbrfHRMSzUTfWoqKTwdcwsDPSa6ASZOC8RB0eSIuBrHrOWSOEoJpJ82Y9a1UiH3CiP
vxRNjyRnucYUSJqkxCAeiaIY3SjOPSIEWgENWP8Z3ulGON2MFzWI+DksjqYlyRPkXgT5H1Pljifi
2ltqSgZPwCFqgHyckZ5SEzvwIE2PaSPI2g6kEqzksllqmc8FwzIgDRavZ6Ek6U4iE0DQwHFpKuXL
/TLjl6NpU4Wayd9PA/cpo/ikeomrVtDg6cq+9CWE3qLLnp4DUIfRCo07bQpPX+i1K+FEPzWMo8Qk
dSUdARJ390QrA9XqNJdwjCsDid2OxrLP2H2wL8Pi2EdXpMNESQ6LuJyaN832zyWiRZM1wV1ydJfX
Q3EUo00rVOa2ozXIJUuhQj1fWsqFTYEsJ6Ob9J8R+wjIDV4FtKxiSQgBFUPFDu52BxoWCy3Lwvr/
NFZJljMf4kKC1hoqjmFlaZYvj+chPt7EqdIT10AIqlMNomAmQuGRFLkXMjjW5UrM2WYKM+uS6/Fz
oo9TzPKetVvr8bQxhRVQ0BAESY9F8nw+QeMQNeus6OLum0DJX5a2eatnghSoRVIh4vZTQsbltbdL
vNIK79u9ba0PrUGBHWfLGWBgwWmg8h2iJMt5ngJehb8sEY5Gczg+saJOP5azpH2KapFARul7iPNL
L18mR6kaqo1a2yEuhbc0JyVpkjkMazYnpaSRIVSAvCmX9cgpMZusWDYTA2Ra73pf0m5kt+lTjv3W
UxRJYZUlu8yUdJdKoQrp8EVK1WaSNjMf0SXZ/2LsZFBmVOnPR75SaA1tJWETBlHKmAxmyrIKULeC
KMSEaFTIzC2xBCgomepEtdcU8DExV6/w5CcrEZNMuRRVP8xd0IxskuO5GHe6th3HNzq7XaHCXBjr
dWtKo3V0xB72NEj65ZTxkdJEtAPVkuxlKTbZESVnZa5osnpe5VIrpUoaoI3R9DJwFOujMUXPMhft
oAZNCvnadGpJVeXOEmxo+2QH7V9piaS0A52RGvzNXrHXxjvBNbbXZTWvjZOkuK2Rfyk8Z8vdk9wS
ZZDkPnU2KM31sI49Hq0C9cOWFXlS0zYI3Ng9l2Obi3BogmV+CjpR502Mh41CtYFlsxZ3fdhskv/B
KS/7raIA38+UHcmR3trtoyPpCpieW9aCAAQeoKx53eXROXKxiR06Pa1FxMpjvdVDOgv691Lxqlf0
MnYSjT/suP6Ttx6nhd44UanDONd1lUXZIEX12NMRvgvmymXueWccSTQ76pqDPquoGdQpQKq21LWc
xJ9R9lWV6Z+gGcdxK+3vYdLxEqZD5TwjSpspWQ11mQNuph6vyGRHtQuBq40SriqeNo6lDXLadroz
gzpIc+IUh8sIk8jH6+j9C/y5O18jQsMIojS+l8M28m2Dntl/kv8YvRGf5NxgnmOrdzaw/FqjxbMe
7YdG2eEPKdXej0nzhde264NbewBZMve5ptG+nNp+nvnNGzPcGjjygs8U+Wk6OtEREKAqNWzKz6zk
pgcd3hO1KKPpJiQkAhzbx35NgRlaIx3sRBlUp204cho703cm52tAFHx85znTJyE2ckrWshVM9End
54EgGIIIKIJmoUNsRDwRdlwwczqcwYIu2IIwqBe59ToSRIDgF1FYczWyV25OZ4M2OICWJ3mHIWs5
N1j651kvKB6713A96IMJInVOuGsLSC6N1XgTyH4gEoWXpIWExSmApnt7xn4BAQA7=="="c:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
Completion time: 2010-11-17 17:22:38
ComboFix-quarantined-files.txt 2010-11-17 22:22
ComboFix2.txt 2010-03-04 22:29

Pre-Run: 272,046,829,568 bytes free
Post-Run: 272,035,737,600 bytes free

- - End Of File - - BC34A1291C302666238AC61CC82A4F76

[Rorschach112]

looking better


Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  wddwov
  :Reg
  
  :Files
  ipconfig /flushdns /c
  %systemroot%\prefetch\*.*
  c:\windows\system32\drivers\negwdfep.sys
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Check the box beside Scan All Users
• Under File Age: change it from 30 Days to 90 Days.
• Check the boxes beside LOP Check and Purity Check.
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Pakqua]

Heres my new OTM and OTL logs.



All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service wddwov stopped successfully!
Service wddwov deleted successfully!
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Frosty\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Frosty\My Documents\Downloads\cmd.txt deleted successfully.
File/Folder C:\WINDOWS\prefetch\*.* not found.
File/Folder c:\windows\system32\drivers\negwdfep.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Frosty
->Temp folder emptied: 364760858 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 22103000 bytes
->Flash cache emptied: 1849 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1039360 bytes

Total Files Cleaned = 370.00 mb

Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTM by OldTimer - Version 3.1.17.2 log created on 11172010_174316

Edited by Pakqua, 17 November 2010 - 05:05 PM.

[Pakqua]

Oh and the OTM scans and reboots before I can copy from the green area to post so i couldn't post that information.

[Pakqua]

Okay i found that Extras.txt log.


OTL Extras logfile created on: 11/17/2010 4:13:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Frosty\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 252.82 Gb Free Space | 77.58% Space Free | Partition Type: NTFS

Computer Name: GIMPY-UCW8YG8L9 | User Name: Frosty | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\Launcher.exe" = C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Documents and Settings\Frosty\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Frosty\Application Data\IMVUClient\1VivoxVoice.exe:*:Disabled:1VivoxVoice -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\ftinst.tmp\Warcraft III.exe" = C:\Program Files\Warcraft III\ftinst.tmp\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Warcraft III\War3.exe" = C:\Program Files\Warcraft III\War3.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\World of Warcraft Public Test\Launcher.exe" = C:\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\World of Warcraft Public Test\Launcher.patch.exe" = C:\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Frosty\Local Settings\Apps\2.0\2YO1QC80.5OO\EL3CWP0L.VXV\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe" = C:\Documents and Settings\Frosty\Local Settings\Apps\2.0\2YO1QC80.5OO\EL3CWP0L.VXV\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECE33DF-71BB-44A9-AFF5-CCD551136F8F}" = WoWGasm
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7a121d92-b3b8-f473-08a7-ae0dcba5a152" = Contextual Tracker Dymanet
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow
"FrostWire" = FrostWire 4.20.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyOwnSuperheroIEbar Uninstall" = MyOwnSuperhero
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"PFPortChecker" = PFPortChecker 1.0.36
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Za2d42loxKC7-Pd" = LoudMo Contextual Ad Assistant

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2010 1:14:07 AM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 8/24/2010 7:11:31 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2010 7:11:31 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/27/2010 1:30:39 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 3.3.5.12340, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2010 1:50:07 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1937668869.

[ Application Events ]
Error - 8/24/2010 1:14:07 AM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 8/24/2010 7:11:31 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2010 7:11:31 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/27/2010 1:30:39 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 3.3.5.12340, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2010 1:50:07 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1937668869.

[ System Events ]
Error - 11/16/2010 8:45:01 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 abeb9069, parameter3
ab9f5b74, parameter4 00000000.

Error - 11/16/2010 9:19:28 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/16/2010 9:19:36 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/17/2010 3:17:07 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/17/2010 3:17:13 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/17/2010 3:27:41 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/17/2010 4:38:58 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/17/2010 4:39:02 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/17/2010 4:39:02 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 11/17/2010 4:39:56 PM | Computer Name = GIMPY-UCW8YG8L9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

[Pakqua]

I'm not sure if it makes any differance but because of the Virus i have been running all of this in SAFE MODE. Running programs in normal mode was virtually impossible.

[Rorschach112]

can you post the otl main.txt from above ?

try normal mode now as well