Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Generic26 and Agent3 also hijackstartmenu


  • Please log in to reply

#1
cableguy

cableguy

    Member

  • Member
  • PipPipPip
  • 112 posts
Need help, daughters college laptop XP Pro system missing Start Menu folders, can't get microsoft updates, AVG not functioning 100%
Below is the OTL log

OTL logfile created on: 1/30/2012 5:43:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Laura Hamling\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 116.60 Mb Available Physical Memory | 11.50% Memory free
2.38 Gb Paging File | 1.44 Gb Available in Paging File | 60.59% Paging File free
Paging file location(s): C:\pagefile.sys 1521 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 49.29 Gb Free Space | 66.20% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: Laura Hamling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 17:39:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laura Hamling\My Documents\Downloads\OTL.exe
PRC - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 05:47:20 | 002,698,624 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/01/19 05:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 05:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/01 17:00:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/26 22:43:39 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/31 08:51:43 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/20 14:12:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/23 15:16:42 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 17:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 17:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 13:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 13:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/01 08:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/30 14:32:42 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2007/01/22 10:53:02 | 000,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2005/10/07 11:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 13:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/11 13:40:26 | 000,455,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2004/06/28 20:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 17:00:17 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/18 16:51:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 02:12:19 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/23 15:16:42 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2008/08/20 17:10:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/14 13:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/01/30 14:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 14:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/20 14:12:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/11/23 15:16:42 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/20 17:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 17:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 17:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 17:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/05/14 13:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/01 08:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 20:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2005/03/11 13:40:26 | 000,455,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/04 06:25:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 06:25:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/03/24 07:11:59 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/07 02:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 02:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 14:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/08/29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/30 16:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 17:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080429
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080429

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://unmcnotes02....enAgent&Login=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {6cbc25b0-0a52-11df-8a39-0800200c9a66}:1.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.avg.co...&tp=ab&nt=1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 13:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/31 08:52:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 17:00:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 23:02:09 | 000,000,000 | ---D | M]

[2010/01/21 15:50:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Extensions
[2012/01/30 17:35:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions
[2010/04/26 22:30:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/30 17:35:58 | 000,000,000 | ---D | M] (ShopToWin4) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
[2010/06/24 21:19:22 | 000,000,000 | -H-D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\[email protected]
[2010/03/11 20:11:28 | 000,000,000 | -H-D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\[email protected]
[2011/10/12 12:27:21 | 000,000,000 | -H-D | M] (My Web Search) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\[email protected]
[2012/01/27 20:39:35 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\extensions\[email protected]
[2011/11/12 17:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/31 08:52:34 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/01/01 17:00:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/12 17:03:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 17:03:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/01/25 18:26:58 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://unmcnotes02.....edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1211943573781 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://unmcnotes02.unmc.edu/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (ZoneChess Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84612FD5-797F-405C-A7E7-32B73E234678}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wxvault.dll) -C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 23:29:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/29 23:24:35 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Laura Hamling\Desktop\tdsskiller.exe
[2012/01/29 22:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 22:17:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/29 22:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/28 20:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DIY DataRecovery MBRtool
[2012/01/28 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\DIY DataRecovery MBRtool
[2012/01/28 12:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2012/01/27 22:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2012/01/27 22:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\Application Data\NCH Software
[2012/01/27 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2012/01/27 20:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/01/27 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\Start Menu\Programs\HiJackThis
[2012/01/26 08:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/26 08:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/26 07:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/01/25 18:09:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/01/25 18:02:18 | 000,000,000 | ---D | C] -- C:\SDFix
[2012/01/24 07:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\AskToolbar
[2012/01/24 07:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/01/23 21:18:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/22 19:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\Application Data\TeamViewer
[2012/01/22 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/01/22 19:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/01/22 18:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\RcIncidents
[2012/01/18 20:35:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless(2)
[2012/01/17 18:21:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Laura Hamling\Application Data\iolo
[2012/01/17 18:21:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/01/17 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/01/16 14:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\My Documents\Misc. scholarship documents
[2012/01/12 17:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/01/09 13:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laura Hamling\My Documents\Spring 2012 Classes
[2012/01/08 12:11:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/08 12:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/01/30 17:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 17:29:11 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vjdt.sys
[2012/01/30 15:38:46 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{80901EF5-A5D4-4781-BA8E-3F639FCF1865}.job
[2012/01/30 11:40:05 | 000,000,456 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Laura Hamling.job
[2012/01/30 08:38:00 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Desktop\rkill.com
[2012/01/30 08:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 08:17:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 08:17:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
[2012/01/30 08:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 08:15:01 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 08:10:39 | 087,779,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/29 23:24:35 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Laura Hamling\Desktop\tdsskiller.exe
[2012/01/29 23:00:09 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
[2012/01/29 22:12:53 | 000,000,215 | RHS- | M] () -- C:\boot.ini
[2012/01/29 21:19:53 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Desktop\HiJackThis.lnk
[2012/01/28 12:38:36 | 000,040,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/27 23:11:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 22:07:15 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Burn Disc Burning Software.lnk
[2012/01/27 22:06:35 | 377,266,176 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Desktop\ubcd511.iso
[2012/01/27 20:01:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Desktop\Shortcut to firefox.exe.lnk
[2012/01/27 16:29:05 | 000,000,056 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2012/01/25 18:26:58 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/01/22 19:08:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/21 18:17:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.7c
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.7b
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.7a
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.79
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.78
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.77
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.76
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.75
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.74
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.73
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.72
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.71
[2012/01/20 21:37:37 | 000,000,000 | ---- | M] () -- C:\t5uo.70
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6v
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6u
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6t
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6s
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6r
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6q
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6p
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6o
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6n
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6m
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6l
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6k
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6j
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6i
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6h
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6g
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6f
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6e
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6d
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6c
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6b
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.6a
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.69
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.68
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.67
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.66
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.65
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.64
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.63
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.62
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.61
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.60
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5v
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5u
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5t
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5s
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5r
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5q
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5p
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5o
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5n
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5m
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5l
[2012/01/20 21:37:36 | 000,000,000 | ---- | M] () -- C:\t5uo.5k
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5j
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5i
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5h
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5g
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5f
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5e
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5d
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5c
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5b
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.5a
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.59
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.58
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.57
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.56
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.55
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.54
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.53
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.52
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.51
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.50
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4v
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4u
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4t
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4s
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4r
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4q
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4p
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4o
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4n
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4m
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4l
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4k
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4j
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4i
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4h
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4g
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4f
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4e
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4d
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4c
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4b
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.4a
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.49
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.48
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.47
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.46
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.45
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.44
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.43
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.42
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.41
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.40
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3v
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3u
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3t
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3s
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3r
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3q
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3p
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3o
[2012/01/20 21:37:35 | 000,000,000 | ---- | M] () -- C:\t5uo.3n
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3m
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3l
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3k
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3j
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3i
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3h
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3g
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3f
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3e
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3d
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3c
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3b
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.3a
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.39
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.38
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.37
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.36
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.35
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.34
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.33
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.32
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.31
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.30
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2v
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2u
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2t
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2s
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2r
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2q
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2p
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2o
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2n
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2m
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2l
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2k
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2j
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2i
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2h
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2g
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2f
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2e
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2d
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2c
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2b
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.2a
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.29
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.28
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.27
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.26
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.25
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.24
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.23
[2012/01/20 21:37:34 | 000,000,000 | ---- | M] () -- C:\t5uo.22
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.21
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.20
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1v
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1u
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1t
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1s
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1r
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1q
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1p
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1o
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1n
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1m
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1l
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1k
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1j
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1i
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1h
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1g
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1f
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1e
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1d
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1c
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1b
[2012/01/20 21:37:33 | 000,000,000 | ---- | M] () -- C:\t5uo.1a
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.v
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.u
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.t
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.s
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.r
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.q
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.p
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.o
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.n
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.m
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.l
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.k
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.j
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.i
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.h
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.g
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.19
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.18
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.17
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.16
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.15
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.14
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.13
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.12
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.11
[2012/01/20 21:37:32 | 000,000,000 | ---- | M] () -- C:\t5uo.10
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.f
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.e
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.d
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.c
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.b
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.a
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.9
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.8
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.7
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.6
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.5
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.4
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.3
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.2
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo.1
[2012/01/20 21:37:31 | 000,000,000 | ---- | M] () -- C:\t5uo
[2012/01/18 20:37:33 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 20:37:33 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/17 18:21:25 | 000,000,828 | -H-- | M] () -- C:\Documents and Settings\Laura Hamling\Desktop\System Checkup.lnk
[2012/01/16 09:53:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/01/16 09:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/01/12 22:02:34 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/01/11 21:30:45 | 000,000,730 | -H-- | M] () -- C:\Documents and Settings\Laura Hamling\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/11 18:45:34 | 000,001,302 | -HS- | M] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\gfy7j1h4inpa
[2012/01/11 18:45:34 | 000,001,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\gfy7j1h4inpa
[2012/01/09 20:47:57 | 000,001,244 | -HS- | M] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/09 20:47:57 | 000,001,244 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/06 20:38:45 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/01/30 17:29:11 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vjdt.sys
[2012/01/30 08:37:42 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\rkill.com
[2012/01/29 23:00:55 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{80901EF5-A5D4-4781-BA8E-3F639FCF1865}.job
[2012/01/29 22:23:47 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 22:07:15 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Burn Disc Burning Software.lnk
[2012/01/27 22:07:14 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2012/01/27 20:40:28 | 377,266,176 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\ubcd511.iso
[2012/01/27 20:01:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\Shortcut to firefox.exe.lnk
[2012/01/27 15:47:04 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\HiJackThis.lnk
[2012/01/23 21:35:29 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2012/01/22 19:08:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7c
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7b
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7a
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.79
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.78
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.77
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.76
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.75
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.74
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.73
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.72
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.71
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.70
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6v
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6u
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6t
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6s
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6r
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6q
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6p
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6o
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6n
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6m
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6l
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6k
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6j
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6i
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6h
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6g
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6f
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6e
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6d
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6c
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6b
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6a
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.69
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.68
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.67
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.66
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.65
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.64
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.63
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.62
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.61
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.60
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5v
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5u
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5t
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5s
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5r
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5q
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5p
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5o
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5n
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5m
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5l
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5k
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5j
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5i
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5h
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5g
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5f
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5e
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5d
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5c
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5b
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5a
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.59
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.58
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.57
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.56
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.55
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.54
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.53
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.52
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.51
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.50
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4v
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4u
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4t
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4s
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4r
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4q
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4p
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4o
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4n
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4m
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4l
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4k
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4j
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4i
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4h
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4g
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4f
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4e
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4d
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4c
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4b
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4a
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.49
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.48
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.47
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.46
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.45
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.44
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.43
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.42
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.41
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.40
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3v
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3u
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3t
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3s
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3r
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3q
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3p
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3o
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3n
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3m
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3l
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3k
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3j
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3i
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3h
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3g
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3f
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3e
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3d
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3c
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3b
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3a
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.39
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.38
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.37
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.36
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.35
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.34
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.33
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.32
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.31
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.30
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2v
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2u
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2t
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2s
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2r
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2q
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2p
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2o
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2n
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2m
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2l
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2k
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2j
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2i
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2h
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2g
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2f
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2e
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2d
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2c
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2b
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2a
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.29
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.28
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.27
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.26
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.25
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.24
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.23
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.22
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.21
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.20
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1v
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1u
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1t
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1s
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1r
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1q
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1p
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1o
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1n
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1m
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1l
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1k
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1j
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1i
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1h
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1g
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1f
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1e
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1d
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1c
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1b
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1a
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.v
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.u
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.t
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.s
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.r
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.q
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.p
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.o
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.n
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.m
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.l
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.k
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.j
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.i
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.h
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.g
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.19
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.18
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.17
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.16
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.15
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.14
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.13
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.12
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.11
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.10
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.f
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.e
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.d
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.c
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.b
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.a
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.9
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.8
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.7
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.6
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.5
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.4
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.3
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.2
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.1
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo
[2012/01/17 18:21:25 | 000,000,828 | -H-- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\System Checkup.lnk
[2012/01/11 21:30:45 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\Laura Hamling\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/11 19:39:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/11 18:45:27 | 000,001,302 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\gfy7j1h4inpa
[2012/01/11 18:45:27 | 000,001,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\gfy7j1h4inpa
[2012/01/09 20:47:47 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/09 20:47:47 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/06 20:38:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 16:38:13 | 000,001,410 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\126286f2l228e818f077w0jcy6l8
[2011/12/13 16:38:13 | 000,001,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\126286f2l228e818f077w0jcy6l8
[2011/02/17 22:19:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/25 21:55:40 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/12 10:26:43 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/28 11:48:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2010/01/21 15:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/23 15:16:42 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/12 21:11:47 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/12 21:11:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2009/01/04 17:13:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/12/03 17:55:44 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/03 17:55:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/05/28 13:18:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3w.DLL
[2008/05/28 13:18:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP3W.EXE
[2008/05/28 08:10:17 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/04/29 15:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/29 15:15:16 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/04/29 15:11:52 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2008/04/29 15:10:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/04/29 15:10:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/04/29 14:46:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2008/04/29 14:45:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 19:16:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 19:11:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 19:08:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 19:08:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 19:08:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 19:08:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 19:08:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 19:08:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 19:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 19:07:42 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 19:07:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 19:07:24 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 12:09:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 12:09:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 12:09:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 12:08:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 12:08:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 12:08:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 12:07:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 12:07:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 12:07:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 12:06:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 14:31:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 14:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 08:14:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 10:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 11:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 11:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/08/04 06:25:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/01/30 08:45:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/02/10 17:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/17 18:21:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/05/28 08:10:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2012/01/30 08:23:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/25 18:10:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/01/18 20:35:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless(2)
[2008/04/29 15:09:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2008/11/09 12:48:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/01/27 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/03/03 17:10:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/04/29 15:10:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/01/16 13:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/11 12:38:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\AVG2012
[2011/01/14 16:36:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\eMusic
[2012/01/17 18:21:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\iolo
[2010/05/12 10:27:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\Leadertech
[2011/06/25 18:15:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\NCH Swift Sound
[2011/03/02 18:26:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\Oberon Media
[2012/01/29 21:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\TeamViewer
[2008/12/30 17:03:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\uTorrent
[2012/01/30 07:55:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Laura Hamling\Application Data\Wave Systems Corp
[2012/01/30 15:38:46 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{80901EF5-A5D4-4781-BA8E-3F639FCF1865}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2CFBE2D1

< End of report >


OTL Extras logfile created on: 1/30/2012 5:43:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Laura Hamling\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 116.60 Mb Available Physical Memory | 11.50% Memory free
2.38 Gb Paging File | 1.44 Gb Available in Paging File | 60.59% Paging File free
Paging file location(s): C:\pagefile.sys 1521 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 49.29 Gb Free Space | 66.20% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: Laura Hamling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AudibleManager" = AudibleManager
"AVG" = AVG 2012
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"DivX Setup.divx.com" = DivX Setup
"ExpressBurn" = Express Burn Disc Burning Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MBRtool_is1" = DIY DataRecovery MBRtool
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = Creative Mass Storage Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"ProInst" = Intel PROSet Wireless
"Real Anatomy 1.0" = Real Anatomy
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.1
"SysInfo" = Creative System Information
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer's Guide to AMA Style_is1" = Writer's Guide to AMA Style
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2012 1:43:32 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/17/2012 1:43:32 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5953

Error - 1/17/2012 1:43:32 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5953

Error - 1/18/2012 10:32:20 PM | Computer Name = LAURA | Source = MsiInstaller | ID = 1013
Description = Product: Dell Mobile Broadband Card Utility -- The device could not
be detected, Installation Aborted

Error - 1/18/2012 10:38:49 PM | Computer Name = LAURA | Source = MsiInstaller | ID = 11722
Description = Product: Dell Mobile Broadband Card Utility -- Error 1722.There is
a problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
Call_Customizer_EXE, location: C:\Program Files\Dell\Dell Mobile Broadband\setupcfg.exe,
command: "C:\dell\drivers\R220062\Setup.exe" "C:\Program Files\Dell\Dell Mobile
Broadband\\"

Error - 1/18/2012 10:49:48 PM | Computer Name = LAURA | Source = MsiInstaller | ID = 1013
Description = Product: Dell Mobile Broadband Card Utility -- The device could not
be detected, Installation Aborted

Error - 1/20/2012 1:48:04 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/20/2012 1:48:04 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 1/20/2012 1:48:04 AM | Computer Name = LAURA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 1/23/2012 10:35:35 PM | Computer Name = LAURA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shdocvw.dll, version 6.0.2900.5512, fault address 0x00017d54.

[ OSession Events ]
Error - 8/23/2010 1:21:06 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 7/8/2011 11:14:28 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25691
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/30/2012 2:31:53 AM | Computer Name = LAURA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/30/2012 2:31:53 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Avgtdix omci PBADRV

Error - 1/30/2012 2:31:53 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7000
Description = The APPDRV service failed to start due to the following error: %%2

Error - 1/30/2012 10:15:27 AM | Computer Name = LAURA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 1/30/2012 10:15:27 AM | Computer Name = LAURA | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.

Error - 1/30/2012 10:15:42 AM | Computer Name = LAURA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/30/2012 10:15:42 AM | Computer Name = LAURA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/30/2012 10:15:42 AM | Computer Name = LAURA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/30/2012 10:15:43 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Avgtdix omci PBADRV

Error - 1/30/2012 10:15:43 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7000
Description = The APPDRV service failed to start due to the following error: %%2


< End of report >

Edited by cableguy, 30 January 2012 - 06:47 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Close all programs so that you are at your desktop.
Right-click on the Start button and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and Explorer
Now your computer is configured to show all hidden files.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', make sure it checks for updates before you do the scan. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
[2012/01/30 17:29:11 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vjdt.sys
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7c
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7b
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.7a
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.79
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.78
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.77
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.76
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.75
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.74
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.73
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.72
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.71
[2012/01/20 21:37:37 | 000,000,000 | ---- | C] () -- C:\t5uo.70
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6v
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6u
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6t
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6s
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6r
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6q
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6p
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6o
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6n
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6m
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6l
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6k
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6j
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6i
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6h
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6g
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6f
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6e
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6d
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6c
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6b
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.6a
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.69
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.68
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.67
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.66
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.65
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.64
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.63
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.62
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.61
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.60
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5v
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5u
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5t
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5s
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5r
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5q
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5p
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5o
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5n
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5m
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5l
[2012/01/20 21:37:36 | 000,000,000 | ---- | C] () -- C:\t5uo.5k
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5j
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5i
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5h
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5g
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5f
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5e
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5d
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5c
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5b
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.5a
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.59
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.58
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.57
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.56
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.55
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.54
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.53
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.52
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.51
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.50
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4v
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4u
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4t
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4s
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4r
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4q
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4p
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4o
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4n
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4m
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4l
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4k
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4j
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4i
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4h
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4g
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4f
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4e
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4d
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4c
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4b
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.4a
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.49
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.48
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.47
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.46
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.45
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.44
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.43
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.42
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.41
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.40
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3v
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3u
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3t
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3s
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3r
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3q
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3p
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3o
[2012/01/20 21:37:35 | 000,000,000 | ---- | C] () -- C:\t5uo.3n
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3m
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3l
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3k
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3j
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3i
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3h
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3g
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3f
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3e
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3d
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3c
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3b
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.3a
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.39
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.38
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.37
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.36
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.35
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.34
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.33
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.32
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.31
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.30
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2v
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2u
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2t
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2s
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2r
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2q
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2p
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2o
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2n
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2m
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2l
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2k
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2j
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2i
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2h
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2g
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2f
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2e
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2d
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2c
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2b
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.2a
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.29
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.28
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.27
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.26
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.25
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.24
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.23
[2012/01/20 21:37:34 | 000,000,000 | ---- | C] () -- C:\t5uo.22
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.21
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.20
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1v
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1u
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1t
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1s
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1r
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1q
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1p
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1o
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1n
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1m
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1l
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1k
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1j
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1i
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1h
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1g
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1f
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1e
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1d
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1c
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1b
[2012/01/20 21:37:33 | 000,000,000 | ---- | C] () -- C:\t5uo.1a
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.v
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.u
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.t
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.s
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.r
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.q
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.p
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.o
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.n
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.m
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.l
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.k
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.j
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.i
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.h
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.g
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.19
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.18
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.17
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.16
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.15
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.14
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.13
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.12
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.11
[2012/01/20 21:37:32 | 000,000,000 | ---- | C] () -- C:\t5uo.10
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.f
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.e
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.d
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.c
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.b
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.a
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.9
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.8
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.7
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.6
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.5
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.4
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.3
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.2
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo.1
[2012/01/20 21:37:31 | 000,000,000 | ---- | C] () -- C:\t5uo
[2012/01/17 18:21:25 | 000,000,828 | -H-- | C] () -- C:\Documents and Settings\Laura Hamling\Desktop\System Checkup.lnk
[2012/01/11 19:39:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/11 18:45:27 | 000,001,302 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\gfy7j1h4inpa
[2012/01/11 18:45:27 | 000,001,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\gfy7j1h4inpa
[2012/01/09 20:47:47 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/09 20:47:47 | 000,001,244 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
[2012/01/06 20:38:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 16:38:13 | 000,001,410 | -HS- | C] () -- C:\Documents and Settings\Laura Hamling\Local Settings\Application Data\126286f2l228e818f077w0jcy6l8
[2011/12/13 16:38:13 | 000,001,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\126286f2l228e818f077w0jcy6l8

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt


Run OTL, Quickscan and post the log.

Ron
  • 0

#3
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Sorry for the delay was looking for an e-mail message. Working on it now
  • 0

#4
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here are the logs, couldn't find the TDSSKiller logs but nothing was found anyway hope thats ok.


ComboFix 12-02-06.02 - Laura Hamling 02/07/2012 6:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.515 [GMT -6:00]
Running from: c:\documents and settings\Laura Hamling\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
c:\documents and settings\All Users\Application Data\gfy7j1h4inpa
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Laura Hamling\Templates\51bcs68fyp8206sgfwn32pndft3xg35glm2y58p0l10mdo
c:\windows\$NtUninstallKB53712$
c:\windows\$NtUninstallKB53712$\1085901258
c:\windows\$NtUninstallKB53712$\4034666924\@
c:\windows\$NtUninstallKB53712$\4034666924\bckfg.tmp
c:\windows\$NtUninstallKB53712$\4034666924\cfg.ini
c:\windows\$NtUninstallKB53712$\4034666924\Desktop.ini
c:\windows\$NtUninstallKB53712$\4034666924\keywords
c:\windows\$NtUninstallKB53712$\4034666924\kwrd.dll
c:\windows\$NtUninstallKB53712$\4034666924\L\iahonoel
c:\windows\$NtUninstallKB53712$\4034666924\lsflt7.ver
c:\windows\$NtUninstallKB53712$\4034666924\U\00000001.@
c:\windows\$NtUninstallKB53712$\4034666924\U\00000002.@
c:\windows\$NtUninstallKB53712$\4034666924\U\00000004.@
c:\windows\$NtUninstallKB53712$\4034666924\U\80000000.@
c:\windows\$NtUninstallKB53712$\4034666924\U\80000004.@
c:\windows\$NtUninstallKB53712$\4034666924\U\80000032.@
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 13:02 . 2012-02-07 13:02 -------- d-----w- c:\windows\LastGood
2012-02-03 23:32 . 2012-02-03 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-02-03 23:32 . 2012-02-03 23:45 -------- d-----w- c:\program files\HP Photo Creations
2012-02-03 23:31 . 2012-02-03 23:31 -------- d-----w- c:\program files\Coupons
2012-02-03 23:31 . 2012-02-03 23:31 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\HpUpdate
2012-02-03 23:30 . 2010-11-16 23:55 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-02-03 23:30 . 2010-11-16 23:55 267112 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-02-03 23:30 . 2010-11-16 23:55 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-02-03 23:30 . 2010-11-16 23:55 213864 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-02-03 23:29 . 2012-02-03 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-02-03 23:29 . 2012-02-03 23:31 -------- d-----w- c:\program files\HP
2012-02-03 23:27 . 2012-02-03 23:27 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\HP
2012-01-30 05:29 . 2012-01-30 05:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-30 04:17 . 2012-02-01 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 04:17 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-29 02:42 . 2012-01-29 02:47 -------- d-----w- c:\program files\DIY DataRecovery MBRtool
2012-01-28 18:04 . 2012-01-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-28 04:07 . 2012-01-28 04:07 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\NCH Software
2012-01-28 02:39 . 2012-01-28 02:39 -------- d-----w- c:\program files\Yontoo Layers Runtime
2012-01-27 21:47 . 2012-01-27 21:47 388096 ----a-r- c:\documents and settings\Laura Hamling\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-26 14:07 . 2012-01-26 14:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-26 13:57 . 2012-01-26 13:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-26 00:09 . 2012-01-26 00:09 -------- d-----w- c:\windows\ERUNT
2012-01-26 00:02 . 2012-01-26 00:55 -------- d-----w- C:\SDFix
2012-01-24 13:17 . 2012-01-24 13:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\program files\Ask.com
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\AskToolbar
2012-01-23 01:08 . 2012-01-30 03:09 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\TeamViewer
2012-01-23 01:08 . 2012-01-23 01:08 -------- d-----w- c:\program files\TeamViewer
2012-01-23 00:47 . 2012-01-23 00:47 -------- d-----w- c:\documents and settings\HelpAssistant
2012-01-23 00:16 . 2012-01-23 00:17 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\RcIncidents
2012-01-21 04:57 . 2012-01-21 04:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-19 02:35 . 2012-01-19 02:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Novatel Wireless(2)
2012-01-19 00:09 . 2007-03-31 01:58 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-01-18 00:21 . 2012-01-18 00:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\iolo
2012-01-18 00:21 . 2012-01-18 00:21 -------- d--h--w- c:\documents and settings\Laura Hamling\Application Data\iolo
2012-01-18 00:21 . 2012-01-18 00:21 -------- d-----w- c:\program files\iolo
2012-01-08 18:07 . 2012-01-08 18:08 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 14:30 . 2011-12-14 14:30 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-18 22:51 . 2011-05-24 12:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 15:08 . 2011-05-10 00:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 4617600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-31 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\documents and settings\Laura Hamling\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-02 13:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 230608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 1:09 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/23/2011 5:05 PM 93872]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/25/2010 11:56 AM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/23/2009 3:16 PM 266240]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2012 10:17 PM 652360]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1/22/2012 7:08 PM 3027840]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2012 10:17 PM 20464]
S0 56253159;56253159;c:\windows\system32\drivers\22443993.sys --> c:\windows\system32\drivers\22443993.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:53 PM 135664]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 16720]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:53 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-07 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-06 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-06 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:53]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:53]
.
2012-02-07 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2012-02-03 23:44]
.
2012-02-06 c:\windows\Tasks\Norton Security Scan for Laura Hamling.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-31 05:47]
.
2012-02-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-02-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{80901EF5-A5D4-4781-BA8E-3F639FCF1865}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://unmcnotes02....enAgent&Login=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://unmcnotes02.unmc.edu/dwa85W.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
FF - ProfilePath - c:\documents and settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d547332&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 5d26e173-9b2f-42c3-96e5-c924c5463e22
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-56253159.sys
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-07 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(7536)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2012-02-07 07:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 13:19
.
Pre-Run: 52,417,359,872 bytes free
Post-Run: 52,236,304,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FD329CB8FD681212F231A4A6C1B96F1E


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 09:32:48
-----------------------------
09:32:48.812 OS Version: Windows 5.1.2600 Service Pack 3
09:32:48.812 Number of processors: 2 586 0xE0C
09:32:48.812 ComputerName: LAURA UserName:
09:32:49.625 Initialize success
09:45:22.796 AVAST engine defs: 12020700
09:45:42.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:45:42.406 Disk 0 Vendor: FUJITSU_MHZ2080BH_G2 00850009 Size: 76319MB BusType: 3
09:45:42.453 Disk 0 MBR read successfully
09:45:42.453 Disk 0 MBR scan
09:45:42.562 Disk 0 Windows XP default MBR code
09:45:42.562 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
09:45:42.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 128520
09:45:42.609 Disk 0 scanning sectors +156280320
09:45:42.750 Disk 0 scanning C:\WINDOWS\system32\drivers
09:45:59.218 Service scanning
09:46:00.328 Modules scanning
09:46:07.859 AVAST engine scan C:\WINDOWS
09:46:32.171 AVAST engine scan C:\WINDOWS\system32
09:49:52.125 AVAST engine scan C:\WINDOWS\system32\drivers
09:50:13.765 AVAST engine scan C:\Documents and Settings\Laura Hamling
09:56:28.546 AVAST engine scan C:\Documents and Settings\All Users
09:58:57.156 Scan finished successfully
10:15:44.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\MBR.dat"
10:15:44.281 The log file has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\aswMBR.txt"
10:28:19.109 Verifying
10:28:29.156 Disk 0 Windows 501 MBR fixed successfully
10:29:07.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\MBR.dat"
10:29:07.078 The log file has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\aswMBR.txt"
10:31:34.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\MBR.dat"
10:31:34.906 The log file has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\aswMBR.txt"
10:31:52.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\MBR.dat"
10:31:52.640 The log file has been saved successfully to "C:\Documents and Settings\Laura Hamling\Desktop\aswMBR.txt"




Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Laura Hamling :: LAURA [administrator]

Protection: Enabled

2/7/2012 10:34:24 AM
mbam-log-2012-02-07 (10-34-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210927
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Working on the OTL thing
  • 0

#5
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the OTL log file. removed AVG and downloading Avast! will post log when scan is finnished.



All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Laura Hamling\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Laura Hamling\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38766 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Laura Hamling
->Temp folder emptied: 228882401 bytes
->Temporary Internet Files folder emptied: 21004298 bytes
->Java cache emptied: 108027931 bytes
->FireFox cache emptied: 56736176 bytes
->Google Chrome cache emptied: 6386896 bytes
->Flash cache emptied: 358884 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 41206822 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4528145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97708739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104174402 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1016630043 bytes

Total Files Cleaned = 1,608.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.17.2 log created on 04232011_171550
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
If you are not getting notified, check your spam folder and then check your profile to make sure you have the correct email address.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::


DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\22443993.sys
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job

Driver::
56253159

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted



Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#7
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Dragged the CFScript.txt to Combofix and it started fine then seemed to stop and do nothing when scan started. Let it set for close to an hour then restarted PC. Didn't see a log from Combofix.

Do you want to see the log from the avast scan that was done earlier?

Edited by cableguy, 08 February 2012 - 06:47 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
It was probably because of Malwarebytes' Anti-Malware. I usually have people uninstall it but I guess I forgot. It will probably work if we leave off the killall command:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************


DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\22443993.sys
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job

Driver::
56253159

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
  • 0

#9
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the new ComboFix log

ComboFix 12-02-06.02 - Laura Hamling 02/10/2012 17:19:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.310 [GMT -6:00]
Running from: c:\documents and settings\Laura Hamling\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura Hamling\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\22443993.sys"
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_56253159
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 07:17 . 2012-02-10 07:17 -------- d-----w- c:\program files\iPod
2012-02-07 23:20 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-07 23:20 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-07 23:20 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-07 23:20 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-07 23:20 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-07 23:20 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-07 23:20 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-07 23:20 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-07 23:19 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-07 23:19 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-07 23:19 . 2012-02-07 23:19 -------- d-----w- c:\program files\AVAST Software
2012-02-07 23:19 . 2012-02-07 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-02-07 17:56 . 2012-02-07 17:56 -------- d-----w- C:\_OTL
2012-02-03 23:32 . 2012-02-03 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-02-03 23:32 . 2012-02-03 23:45 -------- d-----w- c:\program files\HP Photo Creations
2012-02-03 23:31 . 2012-02-03 23:31 -------- d-----w- c:\program files\Coupons
2012-02-03 23:31 . 2012-02-03 23:31 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\HpUpdate
2012-02-03 23:30 . 2010-11-16 23:55 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-02-03 23:30 . 2010-11-16 23:55 267112 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-02-03 23:30 . 2010-11-16 23:55 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-02-03 23:30 . 2010-11-16 23:55 213864 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-02-03 23:29 . 2012-02-03 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-02-03 23:29 . 2012-02-03 23:31 -------- d-----w- c:\program files\HP
2012-02-03 23:27 . 2012-02-10 05:56 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\HP
2012-01-30 05:29 . 2012-01-30 05:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-30 04:17 . 2012-02-01 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 04:17 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-29 02:42 . 2012-01-29 02:47 -------- d-----w- c:\program files\DIY DataRecovery MBRtool
2012-01-28 18:04 . 2012-01-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-01-28 04:07 . 2012-01-28 04:07 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\NCH Software
2012-01-28 02:39 . 2012-01-28 02:39 -------- d-----w- c:\program files\Yontoo Layers Runtime
2012-01-27 21:47 . 2012-01-27 21:47 388096 ----a-r- c:\documents and settings\Laura Hamling\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-26 14:07 . 2012-01-26 14:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-26 13:57 . 2012-01-26 13:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-26 00:09 . 2012-01-26 00:09 -------- d-----w- c:\windows\ERUNT
2012-01-26 00:02 . 2012-01-26 00:55 -------- d-----w- C:\SDFix
2012-01-24 13:17 . 2012-01-24 13:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\program files\Ask.com
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\AskToolbar
2012-01-23 01:08 . 2012-01-30 03:09 -------- d-----w- c:\documents and settings\Laura Hamling\Application Data\TeamViewer
2012-01-23 01:08 . 2012-01-23 01:08 -------- d-----w- c:\program files\TeamViewer
2012-01-23 00:47 . 2012-01-23 00:47 -------- d-----w- c:\documents and settings\HelpAssistant
2012-01-23 00:16 . 2012-01-23 00:17 -------- d-----w- c:\documents and settings\Laura Hamling\Local Settings\Application Data\RcIncidents
2012-01-21 04:57 . 2012-01-21 04:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-19 02:35 . 2012-01-19 02:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Novatel Wireless(2)
2012-01-19 00:09 . 2007-03-31 01:58 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-01-18 00:21 . 2012-01-18 00:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\iolo
2012-01-18 00:21 . 2012-01-18 00:21 -------- d--h--w- c:\documents and settings\Laura Hamling\Application Data\iolo
2012-01-18 00:21 . 2012-01-18 00:21 -------- d-----w- c:\program files\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 14:30 . 2011-12-14 14:30 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 22:51 . 2011-05-24 12:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 2004-08-11 22:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 22:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 22:00 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 15:08 . 2011-05-10 00:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-07_13.12.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-10 23:35 . 2012-02-10 23:35 16384 c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2008-05-28 03:03 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2008-05-28 03:03 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2004-08-11 22:00 . 2012-01-19 02:37 72582 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2012-02-08 18:07 72582 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-11 22:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-12 14:22 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 14:22 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-11 22:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2008-04-29 21:01 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-29 21:01 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-05-28 03:12 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-05-28 03:12 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-11 22:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-29 21:01 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-29 21:01 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-11 22:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-11 22:00 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-11 22:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2004-08-11 22:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2008-08-16 19:58 . 2012-02-08 18:13 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-02-07 23:04 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_811e9dbd\System.Drawing.Design.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ab78680f\CustomMarshalers.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 08:01 . 2011-10-13 08:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-08 18:10 . 2012-02-08 18:10 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 08:10 . 2011-10-13 08:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-11 22:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 916992 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-11 22:00 . 2012-02-08 18:07 443482 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2012-01-19 02:37 443482 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
- 2006-11-08 02:03 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-11 22:06 . 2011-10-13 08:29 148400 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:06 . 2012-02-07 23:07 148400 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2004-08-11 22:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
- 2004-08-11 22:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-11 22:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-11 22:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2008-04-29 21:01 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-11 22:00 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-11 22:00 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-11 22:00 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-11 22:00 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-29 21:01 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-29 21:01 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-05-28 03:12 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-28 03:12 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-12 14:22 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-12 14:22 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-29 21:01 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-29 21:01 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 23:07 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 23:07 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-11 22:00 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-11 22:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-11 22:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2004-08-11 22:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\3f6c641.msp
+ 2012-02-10 07:20 . 2012-02-10 07:20 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-16 19:58 . 2012-02-08 18:13 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-02-07 23:04 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-02-07 23:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-02-07 23:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-02-07 23:04 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-02-07 23:04 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-02-08 18:11 . 2012-02-08 18:11 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5cfb6c79\System.Drawing.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_089b9f39\System.Drawing.Design.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1a11bb1a\CustomMarshalers.dll
+ 2012-02-08 18:17 . 2012-02-08 18:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-02-08 18:17 . 2012-02-08 18:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-02-08 18:16 . 2012-02-08 18:16 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-02-08 18:15 . 2012-02-08 18:15 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-02-08 18:14 . 2012-02-08 18:14 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-08 18:13 . 2012-02-08 18:13 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2004-08-11 22:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-11 22:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2004-08-11 22:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2004-08-11 22:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 22:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-11 22:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
- 2008-04-29 21:01 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-29 21:01 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-11 22:00 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-11 22:00 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-14 22:36 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-14 22:36 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2004-08-04 03:59 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-04 03:59 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 22:35 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 22:35 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-11 22:00 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2004-08-11 22:00 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 13:08 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-28 03:12 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-05-28 03:12 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\9818d.msp
+ 2011-11-11 22:14 . 2011-11-11 22:14 9096192 c:\windows\Installer\9817c.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\9816b.msp
+ 2011-11-11 22:15 . 2011-11-11 22:15 1795584 c:\windows\Installer\9815a.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\98149.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\3f6c654.msp
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\3f6c622.msp
+ 2012-02-10 07:19 . 2012-02-10 07:19 5421056 c:\windows\Installer\215e3a6.msi
+ 2008-08-16 19:58 . 2012-02-08 18:13 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-16 19:58 . 2011-09-16 05:01 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 03:44 . 2009-04-03 03:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2012-02-07 23:04 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-02-07 23:04 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-02-07 23:04 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2008-10-14 22:36 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 22:36 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 22:35 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 22:35 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 22:35 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 22:35 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 22:36 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 22:36 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-02-08 18:11 . 2012-02-08 18:11 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5eae8aec\System.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_163542d8\System.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e14a8bca\System.Xml.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_526bff7a\System.Xml.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_d9734520\System.Windows.Forms.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_52656014\System.Windows.Forms.dll
+ 2012-02-08 18:12 . 2012-02-08 18:12 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_436aba1f\System.Drawing.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ece9f519\System.Design.dll
+ 2012-02-08 18:12 . 2012-02-08 18:12 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_0c24033e\System.Design.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cb056ec3\mscorlib.dll
+ 2012-02-08 18:12 . 2012-02-08 18:12 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ac4667ff\mscorlib.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-02-08 18:18 . 2012-02-08 18:18 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-02-08 18:16 . 2012-02-08 18:16 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-02-08 18:14 . 2012-02-08 18:14 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-02-08 18:16 . 2012-02-08 18:16 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-02-08 18:15 . 2012-02-08 18:15 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-08 18:11 . 2012-02-08 18:11 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-02 04:31 . 2010-10-02 04:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 08:10 . 2011-10-13 08:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-08 18:06 . 2012-02-08 18:06 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 08:11 . 2011-10-13 08:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-08 18:07 . 2012-02-08 18:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 08:01 . 2011-10-13 08:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-02-08 18:10 . 2012-02-08 18:10 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-02-08 18:10 . 2012-02-08 18:10 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-08 18:10 . 2012-02-08 18:10 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-28 03:15 . 2012-02-09 06:28 52128560 c:\windows\system32\MRT.exe
- 2006-11-08 02:03 . 2011-08-23 22:48 11081728 c:\windows\system32\ieframe.dll
+ 2006-11-08 02:03 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
+ 2008-05-28 03:12 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2008-05-28 03:12 . 2011-08-23 22:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\3f6c63b.msp
+ 2012-02-07 23:04 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-02-08 18:17 . 2012-02-08 18:17 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-02-08 18:14 . 2012-02-08 18:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-02-08 18:10 . 2012-02-08 18:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-30 17:27 194848 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 4617600]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-31 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Laura Hamling\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-02 13:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/7/2012 5:20 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/7/2012 5:20 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 1:09 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/23/2011 5:05 PM 93872]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/25/2010 11:56 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/7/2012 5:20 PM 20568]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/23/2009 3:16 PM 266240]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2012 10:17 PM 652360]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1/22/2012 7:08 PM 3027840]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2012 10:17 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:53 PM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 8:53 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-08 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-10 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-09 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-08 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:53]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:53]
.
2012-02-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2012-02-03 23:44]
.
2012-02-08 c:\windows\Tasks\Norton Security Scan for Laura Hamling.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-31 05:47]
.
2012-02-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-02-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3546118107-1854996999-2537332231-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 18:40]
.
2012-02-10 c:\windows\Tasks\User_Feed_Synchronization-{80901EF5-A5D4-4781-BA8E-3F639FCF1865}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://unmcnotes02....enAgent&Login=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.1.1 209.54.31.135
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://unmcnotes02.unmc.edu/dwa85W.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
FF - ProfilePath - c:\documents and settings\Laura Hamling\Application Data\Mozilla\Firefox\Profiles\muircees.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d547332&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 5d26e173-9b2f-42c3-96e5-c924c5463e22
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 17:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\msdtc.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\real\realplayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2012-02-10 17:48:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 23:47
ComboFix2.txt 2012-02-07 13:20
.
Pre-Run: 51,827,937,280 bytes free
Post-Run: 51,955,519,488 bytes free
.
- - End Of File - - 456EB05A9E60716C1B6D30E13688112D
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


How is it running now? Do you still have problems?
  • 0

Advertisements


#11
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the new log


Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/02/2012 7:13:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2012 7:08:21 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The APPDRV service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 11/02/2012 7:08:11 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: APPDRV omci PBADRV

Log: 'System' Date/Time: 11/02/2012 7:08:08 PM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/02/2012 7:08:08 PM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/02/2012 7:08:07 PM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/02/2012 7:07:19 PM
Type: error Category: 0
Event: 18 Source: Serial
No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/02/2012 7:07:19 PM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
  • 0

#12
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
And here's the other log, things are looking pretty good except there are still a lot of missing program folders at start, all programs, and the entertainment and system folders at start, all programs, accessories are empty. Not sure what to do to get them back.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/02/2012 7:17:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by cableguy, 11 February 2012 - 10:41 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Hi the programming guys have been working on this and come up with a few solutions

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
[attachment=50717:Repair.zip]
To use this download the attached zip file
Extract the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
Posted Image
Posted Image
  • 0

#14
cableguy

cableguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
The restore accessories and admin tools worked but there are a few items that won't open like calculator, paint and wordpad.

The files in the recovery folder belong in C:\Program Files. After some more searching, found that the All Users folder has nothing in it. This one seems to be the one that needs to be repopulated.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
The files in the recovery folder are supposed to be shortcuts to files in the C:\Program Files. While the instructions say to put them in

C:\documents and settings\your name\start menu

there is no reason you can't put them in C:\documents and settings\All Users\start menu then if you have a second user they will be able to access them too.

If a link won't work you can right click on it and select Properties then change the target to point at the right file then Apply.

This is what the links say on my Win 7:

Calculator is %windir%\system32\calc.exe

Paint is %windir%\system32\mspaint.exe

Wordpad is "%ProgramFiles%\Windows NT\Accessories\wordpad.exe"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP