Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Autorun; Alureon, orsam detected [Closed]

Started by Gostchyld , Feb 10 2012 04:09 PM

  • This topic is locked This topic is locked

#16
Gostchyld
Posted 15 February 2012 - 04:42 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Step 1 OTL fix (there was no extras.txt)


========== FILES ==========
< copy C:\WINDOWS\system32\dllcache\afd.sys C:\WINDOWS\system32\Drivers\afd.sys /c >
1 file(s) copied.
C:\Documents and Settings\Michele\Desktop\Comp Cleanup\cmd.bat deleted successfully.
C:\Documents and Settings\Michele\Desktop\Comp Cleanup\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_172134
  • 0

Advertisements

#17
Gostchyld
Posted 15 February 2012 - 04:44 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Step 2: Regular OTL scan:

OTL logfile created on: 2/15/2012 5:25:45 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 71.74% Memory free
5.77 Gb Paging File | 5.11 Gb Available in Paging File | 88.67% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 40.21 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.90 Gb Total Space | 4.94 Gb Free Space | 33.16% Space Free | Partition Type: FAT32

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 16:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/11 00:41:00 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 14:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 17:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 16:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 03:05:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2011/12/11 00:42:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/11 00:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/11 00:06:02 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/02 07:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/14 02:18:19 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/14 02:18:15 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:17:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:16:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 02:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 02:16:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/14 02:16:08 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/14 02:15:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:15:52 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:15:47 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 01:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 02:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2009/12/12 18:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 19:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 05:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 05:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/02/15 17:23:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/15 17:23:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29C69F82-F474-4ED3-9E92-2BF90F2642E3}\MpKsl6e37e800.sys -- (MpKsl6e37e800)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 21:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 21:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/16 23:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/16 23:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 15:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 01:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 01:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 15:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 15:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 03:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 10:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 10:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 10:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 10:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 10:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 12:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 12:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 15:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 21:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 16:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 12:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 14:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 03:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}: C:\Documents and Settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6} [2010/07/20 13:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 19:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 19:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 01:29:35 | 000,000,000 | ---D | M]

[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 10:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 10:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/12/01 22:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 19:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 02:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 22:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 02:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 20:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 19:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 12:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 08:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/16 23:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 01:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2010/07/20 13:21:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MICHELE\LOCAL SETTINGS\APPLICATION DATA\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}
[2011/05/16 23:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 03:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/15 17:21:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 12:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 12:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell - "" = AutoRun
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c14e40ee-675c-11df-8cd0-002622c6765f}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 17:23:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/12 22:06:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 07:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Desktop\RK_Quarantine
[2012/02/10 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2012/02/06 22:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2012/02/06 03:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/02/06 03:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Leahs Tale
[2012/01/25 22:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Grimoire Chronicles
[2012/01/23 22:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\The Golden Years - Way Out West
[2012/01/22 10:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\dvdcss
[2012/01/20 00:27:09 | 000,000,000 | ---D | C] -- C:\games
[2012/01/19 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/16 20:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Heros Tale - Enhanced Edition
[2010/12/15 17:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2010/04/17 04:33:30 | 157,289,278 | ---- | C] (Games ) -- C:\Documents and Settings\Michele\Application Data\LittleNoirMissingGirl.exe
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/15 17:28:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/15 17:25:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/15 17:24:51 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/15 17:24:51 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/15 17:24:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 17:23:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/15 17:23:20 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/02/15 17:23:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 17:22:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 17:21:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/15 17:14:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 17:06:10 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/02/15 16:01:38 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/15 10:06:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/02/13 08:00:10 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/11 07:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/11 01:50:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Kuros.lnk
[2012/02/11 01:28:32 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Green Moon.lnk
[2012/02/10 07:49:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 07:15:49 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/09 06:23:27 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/08 21:08:14 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/08 21:08:13 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Google Chrome.lnk
[2012/02/06 03:04:18 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | M] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/25 00:33:17 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/25 00:33:17 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/23 22:13:24 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/23 22:13:22 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 01:50:49 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Kuros.lnk
[2012/02/11 01:28:32 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Green Moon.lnk
[2012/02/09 07:15:49 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/06 03:04:18 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/06 03:04:18 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | C] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/23 22:13:24 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[2012/01/11 03:21:16 | 001,065,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 00:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 19:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 17:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 17:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 22:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 22:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 05:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 05:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 17:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 06:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 07:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 07:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 07:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 05:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 17:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 22:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 22:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 16:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 11:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 07:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 22:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 22:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 10:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 06:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 03:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 00:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 17:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 15:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 13:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 13:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 13:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 20:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 20:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/22 23:44:34 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 02:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 02:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 06:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/13 23:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 17:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 01:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 08:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 17:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 01:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 03:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 17:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 17:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 17:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 17:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 17:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 15:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 12:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 12:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 12:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 12:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 15:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 15:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 19:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/01/19 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/09/23 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2010/09/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/01/09 05:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter
[2011/02/06 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2010/11/01 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2011/05/08 21:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/01/20 02:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2009/12/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/13 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan 2
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Finish
[2010/09/05 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/05 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/05/08 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/08 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/10/18 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2010/05/18 18:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/11/12 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/03/14 00:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdensQuest
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 11:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/12/28 05:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2011/08/14 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2011/04/14 23:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2012/02/10 00:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/06/01 03:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/08/26 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2010/08/26 08:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/10 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/10/29 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/09/05 16:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/09/06 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interama
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2010/10/16 11:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Konami
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/09 08:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/12/25 22:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/11/02 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/21 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/25 23:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/11/23 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/14 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/02/07 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/08 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/30 16:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/02/06 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/07/28 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/11/08 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RVLGames
[2012/02/11 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/22 17:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/05 16:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/10/20 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/30 12:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/07/19 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009/08/19 05:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/12/27 09:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\.BitTornado
[2010/12/16 04:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\3Stars
[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Absolutist
[2010/01/19 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\acccore
[2010/10/25 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aerohills
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar
[2012/02/06 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlawarSouthpoint
[2011/06/12 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlderGames
[2010/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artifex Mundi
[2010/03/21 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artogon
[2010/03/15 20:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond 3
[2011/01/24 19:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond II
[2010/10/25 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Awem
[2011/12/01 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Azureus
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Finish
[2010/10/03 17:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Fish Games
[2012/01/09 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Blue Tea Games
[2010/06/24 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Boolat Games
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Brawsome
[2010/09/28 02:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Casual Mechanics
[2010/04/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ChaYoWo Games
[2010/09/06 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\CobiMobi
[2011/04/22 00:09:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Michele\Application Data\CrystalSpace
[2011/10/16 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Daedalic Entertainment
[2010/03/12 00:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DarkParablesBriarRose_BFG
[2010/12/22 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dawn's Light
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\dingogames
[2010/04/27 17:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DivoGames
[2010/05/12 14:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dragon Altar Games
[2009/12/27 10:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EcoRescue
[2010/03/21 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ElementalsTheMagicKey
[2011/10/18 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Elephant Games
[2010/09/20 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enki Games
[2010/08/26 16:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enlightenus2_BFG
[2010/06/08 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS G-Studio
[2010/10/29 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS Game Studios
[2011/05/07 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EternalEden
[2011/02/07 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ethereal Darkness Interactive
[2011/12/07 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FALCOM
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Floodlight Games
[2010/10/03 05:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FlyWheelGames
[2010/09/20 05:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Freeze Tag
[2010/09/30 02:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Friday's games
[2010/04/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Fugazo
[2010/09/05 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FussyLogic
[2010/04/29 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Game Mill Entertainment
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameHouse
[2011/06/15 01:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameInvest
[2010/04/04 18:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameMill Entertainment
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gamers Digital
[2010/02/11 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Games
[2010/09/05 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GamesCafe
[2010/06/05 06:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gestalt Games
[2010/09/07 02:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ghost Ship Studios
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GOA
[2010/10/14 01:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\gtk-2.0
[2010/03/02 01:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GTM_Bodie
[2011/10/18 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Harmonic Flow
[2011/06/07 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HdO Adventure
[2010/09/06 05:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hidato
[2010/12/03 02:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HillStoneAnimationStudios
[2010/06/05 05:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HiT-MM
[2011/07/19 12:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Image Zone Express
[2010/06/17 04:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\InterVideo
[2010/11/10 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\iWin
[2010/10/19 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Jetdogs Studios
[2010/04/22 20:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\JoyBits
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2010/09/28 01:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KingArthur
[2011/01/15 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LaxiusForceII_Saves
[2010/06/16 01:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lazy Turtle Games
[2010/12/25 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leadertech
[2012/02/06 04:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/01/08 16:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LegacyInteractive
[2011/08/16 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lilly and Sasha
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Games Company
[2010/04/26 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Noir Stories
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ludia
[2010/11/05 03:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MA2
[2010/11/02 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MAI
[2010/12/25 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Memeo
[2011/01/20 04:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Meridian93
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Merscom
[2011/01/18 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Millennium_Saves
[2010/11/05 22:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MM3_Saves
[2011/05/27 03:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MumboJumbo
[2010/09/30 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mutant Arcade
[2010/11/05 21:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mystery of Mortlake Mansion
[2010/03/20 16:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MysteryStudio
[2010/05/21 23:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Namco
[2010/04/16 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Nevosoft
[2010/12/14 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OpenOffice.org
[2012/02/09 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orneon
[2010/09/23 03:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OtherSide Realm of Eons
[2010/03/27 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Peace Craft
[2010/10/16 06:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\perfect future studio
[2010/06/22 01:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ph03nixNewMedia
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayFirst
[2010/10/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayPond
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PoBros
[2011/08/16 04:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PriceGong
[2010/06/06 11:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Private Moon Studios
[2010/11/09 01:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\QB9
[2010/09/06 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\quickclick
[2010/04/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Reflexivev1002
[2011/02/15 22:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\RenPy
[2011/12/05 23:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Rovio
[2010/10/04 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sahmon Games
[2010/12/25 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Seagate
[2010/03/19 22:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SerpentOfIsis
[2010/04/04 23:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Settlement. Colossus
[2010/06/05 10:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SevenSails
[2010/03/24 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Silverback Productions
[2010/05/06 18:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Skunk Studios
[2011/11/28 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Snip-It Pro
[2010/10/21 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Specialbit
[2010/12/10 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SpinTop Games
[2010/03/09 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SprillRichiEng
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SulusGames
[2011/06/07 21:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sylia_Saves
[2010/09/28 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ten Heavens
[2011/06/07 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Teyon
[2010/11/17 09:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\The Path
[2010/11/06 01:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ThreeDays2
[2010/07/19 23:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TikisLab
[2011/11/14 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\To the Moon - Freebird Games
[2010/09/28 01:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TOMI2.THE GATES OF FATE
[2011/06/01 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TrickySoftware
[2010/04/05 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Trillian
[2010/10/27 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ubisoft
[2011/11/24 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Update
[2012/02/13 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\uTorrent
[2010/06/04 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VampireSaga
[2011/03/07 03:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar
[2011/03/07 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar - Strategy Guide
[2011/03/22 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VBA-M
[2010/04/26 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VendelGAMES
[2010/01/18 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual City
[2010/03/30 02:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual Prophecy
[2010/09/29 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vogat Interactive
[2010/09/21 01:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Whisper of a Rose Saves
[2011/06/10 06:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\WhiteBirdsProductions
[2011/06/04 01:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2010/12/03 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\World-LooM
[2010/09/14 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\YoudaGames
[2012/02/15 17:25:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/15 17:28:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/13 08:00:10 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/15 17:23:20 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/02/15 16:01:38 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1604D047
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A6D6E537
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:058A7351
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA1919C7
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:409D7106
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:18BFD8F8
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:8DD20B4A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B4686D7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B049A42
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:FA1999D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:107ABE61
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2F1D743F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:774A0E14
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F52A6209
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6FD3C973
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3807D082

< End of report >
  • 0

#18
Gostchyld
Posted 15 February 2012 - 04:45 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
FSS scan wirh wireless card off (it looked like you were looking for network connectivity, so i did complete a second one with the card on, and will post it next)

Farbar Service Scanner Version: 12-02-2012 01
Ran by Michele (administrator) on 15-02-2012 at 17:35:10
Running from "C:\Documents and Settings\Michele\Desktop\Comp Cleanup"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#19
Gostchyld
Posted 15 February 2012 - 04:46 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
FSS with wireless card back on:

Farbar Service Scanner Version: 12-02-2012 01
Ran by Michele (administrator) on 15-02-2012 at 17:36:27
Running from "C:\Documents and Settings\Michele\Desktop\Comp Cleanup"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#20
Crag_Hack
Posted 16 February 2012 - 03:55 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Gostchyld. Your Internet is back and functioning now. The system file has been restored. You can use the Internet to follow these and subsequent instructions but please turn off the computer or disconnect the Internet upon completion of the instructions. We will now run a very potent utility to search for any remaining malware. Please note any dialog boxes that pop up and describe them for me if they are about infections.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Make sure to disable Microsoft Security Essentials and also Ad-Aware, SuperAntiSpyware, and Malwarebytes if you are using the paid versions of those products.
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#21
Gostchyld
Posted 16 February 2012 - 11:59 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Combofix detected rootkit Zero Access. It also indicated that C:\Windows\system32\CatRoot2\tmp.edb is corrupt and unreadable and requested that I run the chkdsk utility, which I have not as of yet.

Combofix log:


ComboFix 12-02-16.02 - Michele 02/17/2012 0:25.1.2 - x86
Running from: c:\documents and settings\Michele\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Michele\Application Data\LittleNoirMissingGirl.exe
c:\documents and settings\Michele\Application Data\PriceGong
c:\documents and settings\Michele\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Michele\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}
c:\documents and settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}\chrome.manifest
c:\documents and settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}\chrome\content\overlay.xul
c:\documents and settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}\install.rdf
c:\documents and settings\Michele\My Documents\~WRL0005.tmp
c:\documents and settings\Michele\WINDOWS
C:\Install.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
C:\Thumbs.db
c:\windows\$NtUninstallKB58172$
c:\windows\$NtUninstallKB58172$\270457042
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 05:44 . 2012-02-17 05:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-15 22:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 03:06 . 2012-02-13 03:06 -------- d-----w- C:\_OTL
2012-02-10 05:17 . 2012-02-10 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2012-02-10 04:01 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29C69F82-F474-4ED3-9E92-2BF90F2642E3}\mpengine.dll
2012-02-10 04:00 . 2012-02-10 04:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-09 11:24 . 2012-02-09 11:24 -------- d-----w- c:\documents and settings\Michele\Application Data\KatGames
2012-02-09 11:24 . 2012-02-09 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KatGames
2012-02-07 03:24 . 2012-02-07 03:24 -------- d-----w- c:\documents and settings\Michele\Application Data\Alawar Entertainment
2012-02-06 08:06 . 2012-02-06 09:58 -------- d-----w- c:\documents and settings\Michele\Application Data\Leahs_Tale
2012-01-26 03:48 . 2012-01-26 03:48 -------- d-----w- c:\program files\Grimoire Chronicles
2012-01-22 15:35 . 2012-01-22 15:35 -------- d-----w- c:\documents and settings\Michele\Application Data\dvdcss
2012-01-20 05:27 . 2012-01-20 05:27 -------- d-----w- C:\games
2012-01-20 02:21 . 2012-01-20 02:21 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:47 . 2004-08-04 20:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-31 12:44 . 2010-11-25 08:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2010-11-26 08:57 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-31 05:12 . 2011-06-11 23:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-07-21 22:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 12:49 . 2010-07-30 03:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-25 21:57 . 2004-08-04 20:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-05 04:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp6914D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp4E14D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp3324D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp3224D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp1724D.FOT
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-23 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-23 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-05 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-13 21:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-13 21:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 20:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-05 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-29 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-29 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-05 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-13 21:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-13 21:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 20:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 20:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 20:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3qfe\mshtml.dll
[-] 2010-06-24 . E716E9EBCFFFFE45264CE6A1FC135B4B . 3600896 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3gdr\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie8\mshtml.dll
[-] 2006-03-24 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
.
[-] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-09 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-09 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-05 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-03 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-03 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-05 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2012-02-17 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\system32\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-06-24 . 2E5F7848F3FEECC1F3915A64C0AD0FA8 . 841216 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3qfe\wininet.dll
[-] 2010-06-24 . 473A87B1DD8941FFE9315CFE6A13B354 . 832512 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\bd4a8ed1ff18ce602cf240d9190152b0\sp3gdr\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie8\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-08-05 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912812$\wininet.dll
.
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-29 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2004-08-05 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-13 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
.
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-05 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-13 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-05 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-05 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-14 02:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 14:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-13 21:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-13 21:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 20:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2008-04-13 21:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 20:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[-] 2008-04-13 21:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-13 21:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 20:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-13 21:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2004-08-04 20:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 1999-03-08 06:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-05 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2008-10-14 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Michele\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-9 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-06-10 22:32 1282048 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
2009-06-12 19:59 4464640 ----a-w- c:\program files\Lenovo\Energy Management\utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 23:25 136176 ----atw- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2010-04-23 00:49 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-11-05 00:29 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"IviRegMgr"=2 (0x2)
"gupdate"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Michele\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [12/10/2010 10:52 PM 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/29/2010 10:40 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 3:25 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [12/10/2010 10:52 PM 132456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/9/2010 1:25 PM 10384]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [12/10/2010 10:52 PM 53248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 9:47 AM 14088]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [9/14/2009 5:21 PM 9472]
S1 MpKslb3faebdb;MpKslb3faebdb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{953BFB24-2BB7-49C1-9D9B-A8F1D642AA4B}\MpKslb3faebdb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{953BFB24-2BB7-49C1-9D9B-A8F1D642AA4B}\MpKslb3faebdb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 3:10 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [7/23/2007 2:04 PM 22528]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/16/2011 11:30 PM 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 3:10 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 musbehco;musbehco;\??\c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/8/2011 9:50 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/8/2011 9:50 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/8/2011 9:50 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/8/2011 9:50 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/8/2011 9:50 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/8/2011 9:50 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/8/2011 9:50 PM 109864]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/13/2010 3:38 PM 27632]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/8/2011 9:55 PM 155344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [8/19/2009 5:08 AM 81192]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/26/2009 10:49 AM 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/26/2009 10:49 AM 234888]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [4/22/2010 7:49 PM 25824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 05:41]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-02-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]
.
2012-02-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-12-11 06:29]
.
2012-02-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Michele\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe
MSConfigStartUp-antivir - c:\documents and settings\Michele\Application Data\antivir.exe
MSConfigStartUp-dbocomdp - c:\documents and settings\Michele\Local Settings\Application Data\edwudlarj\bpltgxntssd.exe
MSConfigStartUp-GM4IE - c:\program files\GM4IE\gm4ie.exe
MSConfigStartUp-hvjhogba - c:\documents and settings\Michele\Local Settings\Application Data\yusacfitd\vpwwefytssd.exe
MSConfigStartUp-jsafesurf - c:\windows\system32\drivers\safesurf.exe
MSConfigStartUp-litmavey - c:\documents and settings\Michele\Local Settings\Application Data\wbqcmtbpt\ukfnailtssd.exe
MSConfigStartUp-llqfmsli - c:\documents and settings\Michele\Local Settings\Application Data\mnufuevhn\ggwsqtxtssd.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
MSConfigStartUp-ofhjkmdg - c:\documents and settings\Michele\Local Settings\Application Data\ewsrepemw\hqbcmngtssd.exe
MSConfigStartUp-pdefoqfu - c:\documents and settings\Michele\Local Settings\Application Data\galhokjbf\escvclbtssd.exe
MSConfigStartUp-rdmwmnli - c:\documents and settings\Michele\Local Settings\Application Data\ejtdknkel\ltkynkrtssd.exe
MSConfigStartUp-smbdbxvu - c:\documents and settings\Michele\Local Settings\Application Data\crujnaqxo\ohdfcritssd.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM_ActiveSetup-{E3BC3A8C-4A18-EAEF-88BC-D4ADCAC1E109} - c:\documents and settings\Michele\Application Data\antivir.exe
AddRemove-Angry Birds - Christmas Edition - Seasons HD1.0 - c:\program files\Foxy Games\Angry Birds - Christmas Edition - Seasons HD\uninstall.exe
AddRemove-Bounce Out Blitz - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Dancing Craze Just For Fun Games - c:\program files\Dancing Craze\Uninstall.exe
AddRemove-Deadly Sin 2 Just For Fun Games - c:\program files\Deadly Sin 2\Uninstall.exe
AddRemove-Dream Chronicles - The Book of Air Collector's EditionJust For Fun Games - c:\program files\Dream Chronicles - The Book of Air Collector's Edition\Uninstall.exe
AddRemove-HotelJust For Fun Games - c:\program files\Hotel\Uninstall.exe
AddRemove-Jade RousseauJust For Fun Games - c:\program files\Jade Rousseau\Uninstall.exe
AddRemove-Jade's Journey Just For Fun Games - c:\program files\Jade's Journey\Uninstall.exe
AddRemove-Millennium 3 - Cry Wolf Just For Fun Games - c:\program files\Millennium 3 - Cry Wolf\Uninstall.exe
AddRemove-Nightmare Adventures - The Witch's PrisonJust For Fun Games - c:\program files\Nightmare Adventures - The Witch's Prison\Uninstall.exe
AddRemove-Press Your Luck % CompanyName% - c:\program files\Press Your Luck\Uninstall.exe
AddRemove-Real Lives 2007 - c:\program files\Games\Educational Simulations\Real Lives\UnInstall_21355.exe
AddRemove-Reincarnations - Uncover the Past Collector's Edition Just For Fun Games - c:\program files\Reincarnations - Uncover the Past Collector's Edition\Uninstall.exe
AddRemove-Renovate & Relocate - Boston Just For Fun Games - c:\program files\Renovate & Relocate - Boston\Uninstall.exe
AddRemove-Settlement ColossusJust For Fun Games - c:\program files\Settlement Colossus\Uninstall.exe
AddRemove-Strange Cases - The Lighthouse Mystery Collectors EditionJust For Fun Games - c:\program files\Strange Cases - The Lighthouse Mystery Collectors Edition\Uninstall.exe
AddRemove-Super 5-Line Slots - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Blackjack! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Bounce Out! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Collapse! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Gem Drop - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Glinx! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Letter Linker - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Mah Jong Solitaire - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Nisqually - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super PileUp! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super Pop & Drop! - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super TextTwist - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Super WHATword - c:\progra~1\Games\GAMEHO~2\unwise.exe
AddRemove-Supple Episode 2 Just For Fun Games - c:\program files\Supple Episode 2\Uninstall.exe
AddRemove-The Crop Circles Mystery Just For Fun Games - c:\program files\The Crop Circles Mystery\Uninstall.exe
AddRemove-Whisper of a Rose GoldJust For Fun Games - c:\program files\Whisper of a Rose Gold\Uninstall.exe
AddRemove-Women's Murder Club Triple Crime PackJust For Fun Games - c:\program files\Women's Murder Club Triple Crime Pack\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-17 00:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe????????????????????????????????????????????????????????????????????????????????H???????????????????????????????????????????????????????`????v?|????????????????????????x????x?|?????`?????????????????|?????????????????X?w???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-02-17 00:56:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 05:56
.
Pre-Run: 42,881,499,136 bytes free
Post-Run: 46,867,927,040 bytes free
.
- - End Of File - - 04C1D0113059AEC930E1EAC0A436ACB8
  • 0

#22
Gostchyld
Posted 17 February 2012 - 12:06 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
The computer seems to be running well, and the networking issue has been resolved. I have noticed that in the Windows Security Center, adwatch live is listed as my antivirus, however it should be Microsoft Security Essentials, and there is no ad-watch icon in the task bar. I am currently downloading new virus definitions for MSE so that may resolve the issue. I also had to go in and manually turn the firewall on. I will hold off on running chkdsk until I hear back.
  • 0

#23
Crag_Hack
Posted 18 February 2012 - 02:35 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Gostchyld, one of your system files is corrupted so now we will address that issue. Please run this file. Afterwards run Combofix again. Please note any dialog boxes that pop up and describe them for me if they are about infections.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#24
Gostchyld
Posted 18 February 2012 - 11:31 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Computer still seems to be running fine. I allowed chkdsk to run after MSfixit rebooted the machine, and then ran combo fix. I did not get any error messages during the running of combofix. Here is the combofix log.


ComboFix 12-02-16.02 - Michele 02/19/2012 0:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2314 [GMT -5:00]
Running from: c:\documents and settings\Michele\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 05:03 . 2012-02-19 05:03 -------- d-----w- c:\windows\LastGood
2012-02-19 04:46 . 2012-02-19 05:02 -------- d-----w- c:\windows\system32\CatRoot2
2012-02-18 19:01 . 2012-02-18 19:01 -------- d-----w- c:\program files\Apple Software Update
2012-02-18 05:44 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{668069F3-0ECF-43F8-84C5-21A1BEB0D7E0}\mpengine.dll
2012-02-15 22:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 03:06 . 2012-02-13 03:06 -------- d-----w- C:\_OTL
2012-02-10 05:17 . 2012-02-10 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Fenomen Games
2012-02-10 04:00 . 2012-02-10 04:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-09 11:24 . 2012-02-09 11:24 -------- d-----w- c:\documents and settings\Michele\Application Data\KatGames
2012-02-09 11:24 . 2012-02-09 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KatGames
2012-02-07 03:24 . 2012-02-07 03:24 -------- d-----w- c:\documents and settings\Michele\Application Data\Alawar Entertainment
2012-02-06 08:06 . 2012-02-06 09:58 -------- d-----w- c:\documents and settings\Michele\Application Data\Leahs_Tale
2012-01-26 03:48 . 2012-01-26 03:48 -------- d-----w- c:\program files\Grimoire Chronicles
2012-01-22 15:35 . 2012-01-22 15:35 -------- d-----w- c:\documents and settings\Michele\Application Data\dvdcss
2012-01-20 05:27 . 2012-01-20 05:27 -------- d-----w- C:\games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 05:47 . 2004-08-04 20:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-29 10:10 . 2010-11-25 08:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 09:39 . 2010-11-26 08:57 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-31 05:12 . 2011-06-11 23:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-07-21 22:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 12:49 . 2010-07-30 03:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-25 21:57 . 2004-08-04 20:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-05 04:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp6914D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp4E14D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp3324D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp3224D.FOT
2011-11-23 05:16 . 2011-11-23 05:16 1409 ----a-w- c:\windows\system32\tmp1724D.FOT
.
<pre>
c:\program files\Games\Westward III Gold Rush\Westward_III .exe
</pre>
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 21:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2004-08-04 20:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 1999-03-08 06:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-17_05.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-19 05:01 . 2012-02-19 05:01 16384 c:\windows\TEMP\Perflib_Perfdata_bd0.dat
+ 2004-08-04 20:00 . 2012-02-17 08:11 99096 c:\windows\system32\perfc009.dat
- 2004-08-04 20:00 . 2012-01-25 05:33 99096 c:\windows\system32\perfc009.dat
- 2012-01-04 08:01 . 2012-01-04 08:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-08-19 09:59 . 2012-02-17 08:00 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-01-21 07:58 . 2012-02-17 08:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-01-21 07:58 . 2011-10-14 07:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-18 19:01 . 2012-02-18 19:01 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2012-02-17 08:55 . 2012-02-17 08:55 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\eb16aea781fcdb3ed93c298a3b9e2850\WindowsLiveWriter.ni.exe
+ 2012-02-17 08:36 . 2012-02-17 08:36 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\893a11978f44a813c6bec2723f5137a4\WindowsLive.Writer.Api.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIUI\d65e5d3a8adb301df2b9e7dd113c8100\SBAIUI.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-17 08:12 . 2012-02-17 08:12 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\34f5b348d1b44c212fa9e91d092e8af7\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\66bc902413c5abe0f61de8eeb4d73dbd\Microsoft.SqlServer.CustomControls.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\c27da951a1739077901b201137925795\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-04 08:04 . 2012-01-04 08:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 20:00 . 2012-01-25 05:33 532052 c:\windows\system32\perfh009.dat
+ 2004-08-04 20:00 . 2012-02-17 08:11 532052 c:\windows\system32\perfh009.dat
- 2012-01-04 08:01 . 2012-01-04 08:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-08-19 09:59 . 2012-02-17 08:00 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2012-02-19 05:01 . 2012-02-19 05:01 479232 c:\windows\ERDNT\AutoBackup\2-19-2012\Users\00000002\UsrClass.dat
+ 2012-02-19 05:01 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\2-19-2012\ERDNT.EXE
+ 2012-02-17 08:55 . 2012-02-17 08:55 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\5b2066cece646c758c73a13cca7c82b7\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1bc856ec98668f28b06dc195e6f73603\UIAutomationClient.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6f500c40e3fa7da71110af6c0a60ac\System.Xml.Linq.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\ca11ffdc7fa5af9ba6902d72b0b932c2\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f1a00750deae84241a140f4e4233fe71\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ecf10c574f8bd9a05b021e7880a1041c\System.Net.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f751ad889c61578ae7e1d656e798cd72\System.Messaging.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\98ec4a836fdbe4d88306206d6fc326ec\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3aada4dce5c9f819d192b0bba0a298bc\System.IO.Log.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\015d3fcedc60e04e3fce6aa3b63057d9\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\30bdf637fad5e84fc46d7322f487c801\System.Dynamic.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e05bc4bfe46686b77f1e28b466f79363\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ada0ce9819a2eeb6d3b7d4942cf278f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\fa66f17c3937c91c1b480c24aa602812\System.Device.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8b353356367e7da5d31e49057a59c749\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ac4bd5fece3ee7b1632817a509bcd909\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\768ccd38c2bf1f7045e79ac03cb679f1\System.ComponentModel.Composition.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\266d00e0694b48964ead82a67657462b\System.AddIn.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\754d38ef09a80e6bc721a0039d72b65b\System.Activities.DurableInstancing.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\024df3845eee3a86a396d972162fffc4\SMSvcHost.ni.exe
+ 2012-02-17 08:39 . 2012-02-17 08:39 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\daec0a92c216faca879f205a2e8e8169\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\446fc2e471272940ddac8c8c949000cf\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1650e4aa6645d4b8a1172331cc2afde9\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\d6386aaa2c8ab67caaee9684c3842c04\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 539136 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Zip\8c8b527b944748ce41235fef0fc5399a\Xceed.Zip.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 661504 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Grid.UIStyle\724cb7f6b3402c3d27d25a98bd031e40\Xceed.Grid.UIStyle.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 311808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.FileSystem\60bf72e7a1bfbb5a71b6fd6c03700df0\Xceed.FileSystem.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 267264 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Compression\b5297f39ed579fa656c132b44b74394d\Xceed.Compression.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\93cabffe1163ed0d07428ac1fa31cdfd\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f34fd672728bcd55f916f31ad71bcf34\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\da8015dc21fa2ef55902b438bbb0ec80\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7900476ecaff43a359839730f25566a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1c41b25b30ffa27ee2b597f89d5c5cd\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b61cb8f2a118d199507ffed7c6db9a48\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\72308cd75cba73ce27147a252f81fab3\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\66d7ebe875f9e420dcdfe409519507c7\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4ecbb8a0586395d78678aede163819fd\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2ff585fd2f82638e4b69d02b2f7e3ef2\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1f711deaf9e71d9df50c36bd5ff3b313\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1efbe0e18b3d5a21e2e1f4fc9e7a2d7d\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0814f03dae8a2563e705d2b013bbe262\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\05e78ed14db0092e0f2c03e0ca791214\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\fab7028d307bed01bdc5e53bbfdfeccc\WindowsLive.Client.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-17 08:26 . 2012-02-17 08:26 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIREPORTING\262923ba3828d999522158e70b3defec\SBAIREPORTING.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 636416 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPIV2\79e39da806d8ac0249a6aad58eceb65a\SBAIAPIV2.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 532992 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPI\3ef229e6cb54e4808fd5c6b228b89cda\SBAIAPI.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 139776 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\1a03421ee11e4a38d7d1447a2d398d50\PWMUIAux.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 544768 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUI\420c3bf733daf55137c5511d771f749a\PWMUI.ni.exe
+ 2012-02-17 08:14 . 2012-02-17 08:14 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-17 08:37 . 2012-02-17 08:37 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\9a51f6f48b8bb88e1ffe0276a18724a7\Microsoft.WSMan.Management.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed01607655f575124a3fc96801707c24\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9032a28b56c267d3429f59862b8a4486\Microsoft.SqlServer.Setup.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\101afb40c78c6fffc0cdb6d2c1baf656\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b99685b2729aa2b6cfd3c81ffb50ec29\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c6965d456a41e7f939b717cf8ae70fd\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\75c6e8d5775b6a34f5f8076a9840c83a\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\71311f01dfd70eef8195a85741fea78d\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7022f53018b2dbbd1db3918bba4b5614\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\e887d077be7d0fa37fdc50a9ed936c74\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 409088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\7f92201389b905085c0529fd143a9cd7\Microsoft.Iris.ImportExportDataAccess.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\74587557000bd2ba65618a6a69a87245\Microsoft.Iris.ImportExport.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.AxSH#\1bec1c439f74745169dce87bffba8067\Microsoft.eCRM.AxSHDocVw.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 866816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\ef5b9744f91e49bda74b10378c28686d\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\5e2cbf99fe0fed898a7ff726691dda9e\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 391168 c:\windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\fe71c0e16e5455c18b4fb5159c1a5f21\Iris.Mapi.MessageStore.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-17 08:26 . 2012-02-17 08:26 469504 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMMSIDCRL.Managed\966a5f6c3fd63dcd74e5a394a66a45fb\BCMMSIDCRL.Managed.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 484352 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\d15f9a0db4361af008e88b6439902c1c\BCMCommon.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-08-19 07:13 . 2012-01-04 08:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-17 08:01 . 2012-02-17 08:01 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-04 08:01 . 2012-01-04 08:01 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-18 19:01 . 2012-02-18 19:01 1769984 c:\windows\Installer\806bff0.msi
+ 2011-10-31 03:54 . 2011-10-31 03:54 2748416 c:\windows\Installer\7dd2de.msp
+ 2011-10-26 20:38 . 2011-10-26 20:38 2830848 c:\windows\Installer\7dd2cc.msp
+ 2012-02-03 20:13 . 2012-02-03 20:13 4988928 c:\windows\Installer\7dd2c3.msp
+ 2009-08-19 09:59 . 2012-02-17 08:00 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-19 09:59 . 2012-02-17 08:00 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-08-19 09:59 . 2012-01-11 08:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-19 05:01 . 2012-02-19 05:01 8175616 c:\windows\ERDNT\AutoBackup\2-19-2012\Users\00000001\ntuser.dat
+ 2012-02-17 08:02 . 2012-02-17 08:02 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e06dfa0ecf8c6c4f9848eedb9f8db0c5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:02 . 2012-02-17 08:02 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f9d4746b5e5edf68c3001feaa0f03893\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ce22f267e17c7749c6a0dd2aa3403484\System.Web.Services.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7a9b2475f61a6db6393750142765c5f1\System.Speech.ni.dll
+ 2012-02-17 08:55 . 2012-02-17 08:55 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b663714058d4a0c1fcaa56e4ac223be5\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\685616ff1660152acefb312db7061435\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f56869ede7c0fddb751c39e050dd62a8\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1393672b78ebd95ec154740a55fe600b\System.Printing.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a0204aa75b8665f3c674ff18eebbf13f\System.IdentityModel.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\b828e979c92841bd6a2ddd05ee2b0b73\System.DirectoryServices.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\c100e2bfd00aa5b9f3c8e4ab6e2bfaf8\System.Deployment.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\cc02699121b243dc52e77197ad973fc3\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\81b00eddd2b081f8f7546a290d5ad9ef\System.Data.Services.Client.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3d105e94140b8c742ed50a2c6194394c\System.Data.Linq.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\9ecc40af067f2aca2dda1f71500020fa\System.Activities.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\17f4e3e5193e8b645d7405eda38596be\System.Activities.Presentation.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d0abf08a9033e02b1ac26da22a51b586\System.Activities.Core.Presentation.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9e16cb68553721cdf0bfdb8a74f428ef\ReachFramework.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\f511ee77a639501cf892d90f33927451\PresentationUI.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a2762026b87e1d578b0ad3ea3edd1a0e\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\910f1781ed5873e2f9ffec2b687c3e99\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1d3556e5e6be255dde120df39bd18709\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a05d0a2bece90cfc10cb64ff7fe39e94\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\101b3fc8861dc9ed88896666432ae7c0\Microsoft.JScript.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\5e4d35f27edcdebe56cc5bb5b5174275\Microsoft.CSharp.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 2102272 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Grid\d17012031fd7cdfcd56a499f6e431b94\Xceed.Grid.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f9f4a75ee52efa24d413965087a50921\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\581b1fb40c3aba93a4f4258b049defae\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\210a759be02877454ee4a8d570218cf1\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-17 08:39 . 2012-02-17 08:39 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\864ca331ebf1bcc1390374b2fa826a3c\System.Management.Automation.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-17 08:38 . 2012-02-17 08:38 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19cca2921cfe3d20265389e596ebfd69\System.Data.Entity.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-17 08:12 . 2012-02-17 08:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\6c828a4d9907977b6dc87b294d38bbb9\PresentationBuildTasks.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95bf3f263a4283cdb67bf8f92c518d3c\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4344be5b3ca782a09d101084bd706f41\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\073475f74ecf11e74fd4d68676c65f41\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 1039872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\e903729a000835294ec0320a38ed0228\Microsoft.Interop.Mapi.Impl.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 4466688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\d51f0b35218dc816047557157b02a021\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 2359808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\88d6c23db9195ba1418198daa0ad152a\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 2831360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\4a9ecfa82c4434318779ff1ad096ef71\Microsoft.BusinessSolutions.eCRM.Reports2.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 08:37 . 2012-02-17 08:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 3826176 c:\windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\2c6c58f46fc8ef55e6040a8079c580bf\BusinessLayer.ni.dll
+ 2012-02-17 08:26 . 2012-02-17 08:26 1526272 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMRes\2d7fb3ea2de5d4f1a8b27a4e8051ed33\BCMRes.ni.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-04 08:04 . 2012-01-04 08:04 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-17 08:11 . 2012-02-17 08:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-08-19 07:13 . 2012-01-04 08:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-30 00:13 . 2012-01-04 08:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-30 00:13 . 2012-02-17 08:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-08-10 17:41 . 2012-02-17 08:05 52550552 c:\windows\system32\MRT.exe
+ 2012-02-17 08:04 . 2012-02-17 08:04 20333056 c:\windows\Installer\7dd2d7.msp
+ 2012-02-17 08:03 . 2012-02-17 08:03 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
+ 2012-02-17 08:54 . 2012-02-17 08:54 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\a275181f49dcdf245ec6a9d9287bb6c6\System.Data.Entity.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
+ 2012-02-17 08:03 . 2012-02-17 08:03 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-17 08:36 . 2012-02-17 08:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-17 08:14 . 2012-02-17 08:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-17 08:13 . 2012-02-17 08:13 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2008-10-14 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Michele\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-9 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-06-10 22:32 1282048 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
2009-06-12 19:59 4464640 ----a-w- c:\program files\Lenovo\Energy Management\utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 23:25 136176 ----atw- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2010-04-23 00:49 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-11-05 00:29 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"IviRegMgr"=2 (0x2)
"gupdate"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Michele\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [12/10/2010 10:52 PM 24304]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/29/2010 10:40 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 3:25 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [12/10/2010 10:52 PM 132456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/9/2010 1:25 PM 10384]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [12/10/2010 10:52 PM 53248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 10:09 PM 11032]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 9:47 AM 14088]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [9/14/2009 5:21 PM 9472]
S1 MpKslb3faebdb;MpKslb3faebdb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{953BFB24-2BB7-49C1-9D9B-A8F1D642AA4B}\MpKslb3faebdb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{953BFB24-2BB7-49C1-9D9B-A8F1D642AA4B}\MpKslb3faebdb.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 3:10 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [7/23/2007 2:04 PM 22528]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/16/2011 11:30 PM 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 3:10 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 musbehco;musbehco;\??\c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/8/2011 9:50 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/8/2011 9:50 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/8/2011 9:50 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/8/2011 9:50 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/8/2011 9:50 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/8/2011 9:50 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/8/2011 9:50 PM 109864]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/13/2010 3:38 PM 27632]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/8/2011 9:55 PM 155344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [8/19/2009 5:08 AM 81192]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/26/2009 10:49 AM 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/26/2009 10:49 AM 234888]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [4/22/2010 7:49 PM 25824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 05:41]
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-02-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]
.
2012-02-19 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-12-11 06:29]
.
2012-02-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Michele\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 00:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe????????????????????????????????????????????????????????????????????????????????H???????????????????????????????????????????????????????`????v?|????????????????????????x????x?|?????`?????????????????|?????????????????X?w???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-19 00:27:02
ComboFix-quarantined-files.txt 2012-02-19 05:26
ComboFix2.txt 2012-02-17 05:56
.
Pre-Run: 36,674,478,080 bytes free
Post-Run: 36,663,922,688 bytes free
.
- - End Of File - - 55934EFF8EC00C509DA0AF9CC0FA16D4
  • 0

#25
Crag_Hack
Posted 20 February 2012 - 03:50 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello Gostchyld. I finished analyzing your Combofix log. We will now run a fix using Combofix. We will run aswMBR again. Finally we will run an extras scan using OTL. Please do the following:

Step 1

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\docume~1\Michele\LOCALS~1\Temp\musbehco.sys

    Driver::
    musbehco

    RenV::
    c:\program files\Games\Westward III Gold Rush\Westward_III .exe

  • Save this as CFScript.txt, in the same location as ComboFix.exe

    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 3

  • Run OTL
  • Click the None button
  • Select the Use SafeList option in the Extra Registry section
  • Then click the Run Scan button at the top
  • Let the program run unhindered
  • Then post the produced log (Extras.txt in the same directory as OTL)

Things to see in your next post:
C:\Combofix.txt
aswMBR log
Extras.txt
  • 0

Advertisements

#26
Essexboy
Posted 25 February 2012 - 04:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#27
Essexboy
Posted 14 March 2012 - 01:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#28
Gostchyld
Posted 08 April 2012 - 06:09 PM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OK, lost inet connection at home for a bit, here is the previous topic I was working from which I didn't mean to abandon:
http://www.geekstogo...&st=0#msg173505

Managed to get a new bug, which cut off inet service again, but after using combofix was able to restore it. Will post both OTL and the most recent combofix log. Since the previous viral removal attempt, autorun has not worked on anything, my removable hds or programs in general (I'm assuming this is what the last person to help me wanted to address). Windows security essentials recently removed the following:
Exploit:Jave/CVE-2012-0507.D!ldr
Trojan:Win32/Alureon.FK
Trojam:Win32/Orsam!rts

Thank you in advance for all of your help!!!

The following is the OTL log, this was run after combofix:

OTL logfile created on: 4/8/2012 8:01:14 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 24.31% Memory free
5.77 Gb Paging File | 3.85 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 38.84 Gb Free Space | 20.56% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.89 Gb Total Space | 0.58 Gb Free Space | 3.90% Space Free | Partition Type: FAT32

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 21:56:42 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/17 20:41:04 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/10 17:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2011/12/11 01:41:00 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 15:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 18:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 17:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/03 21:56:41 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppgooglenaclpluginchrome.dll
MOD - [2012/04/03 21:56:39 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
MOD - [2012/04/03 21:55:14 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avutil-51.dll
MOD - [2012/04/03 21:55:12 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avformat-53.dll
MOD - [2012/04/03 21:55:11 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll
MOD - [2012/04/03 21:09:30 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
MOD - [2012/02/17 04:14:21 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 04:14:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/17 04:13:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 04:13:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:13:10 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 04:13:05 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/17 04:12:50 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 04:12:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 04:12:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/17 04:12:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/11 01:42:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/11 01:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/11 01:06:02 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/02 08:49:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/27 16:23:10 | 002,743,310 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
MOD - [2011/10/14 03:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 03:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 11:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011/05/10 12:02:20 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
MOD - [2011/05/10 12:02:20 | 000,076,800 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll
MOD - [2011/02/14 17:02:58 | 002,417,664 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 02:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 03:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/06 23:31:36 | 000,024,110 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010/02/10 12:36:20 | 009,565,184 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010/02/10 12:11:00 | 001,148,416 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010/02/10 12:08:16 | 000,398,336 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/06/22 14:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2008/10/14 14:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 20:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 06:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WD_FireWire_HID)
SRV - [2012/04/07 08:59:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/12/11 01:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 22:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 02:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 02:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 20:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 06:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 16:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 16:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 08:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 08:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 22:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 22:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/27 11:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/05/17 00:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/17 00:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 16:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 02:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 02:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 16:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 16:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 04:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 13:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 13:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 16:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 22:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 09:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 17:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 13:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 15:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 04:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 20:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 20:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 02:29:35 | 000,000,000 | ---D | M]

[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 11:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 11:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 20:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 03:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 23:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 03:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 21:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 20:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/03/01 00:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 05:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 09:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/17 00:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 02:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 22:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 02:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2011/05/17 00:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 04:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/08 19:12:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 13:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 13:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 18:48:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/07 12:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\8floor
[2012/04/07 07:35:57 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/07 06:36:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 06:36:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 06:36:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 06:36:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 03:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\DOTC
[2012/04/07 02:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/07 02:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/06 01:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\IronCode
[2012/04/06 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012/04/06 00:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2012/04/06 00:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\ef - a fairy tale of the two
[2012/03/29 22:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/03/29 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/03/25 04:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Anarchy
[2012/03/21 18:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Adore Games
[2012/03/21 18:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Adore Puzzle
[2012/03/19 10:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\My Documents\Sinking Island
[2012/03/18 23:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Fantastic Creations - House of Brass CE
[2010/12/15 18:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/04/08 20:02:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/04/08 19:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/08 19:47:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 19:36:36 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/04/08 19:36:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 19:36:18 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/08 19:29:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/08 19:27:10 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/08 19:24:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 19:12:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/08 18:19:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 18:15:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/04/08 01:15:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/04/07 10:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/07 08:59:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/07 08:59:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/07 07:37:31 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/07 07:37:31 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/07 06:34:47 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Michele\Desktop\ComboFix.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 23:51:34 | 003,608,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 01:53:47 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/04 01:29:19 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/29 22:51:46 | 000,001,403 | -H-- | M] () -- C:\IPH.PH
[2012/03/29 22:51:38 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/29 22:51:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/03/26 23:44:19 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/17 20:41:06 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/17 20:41:06 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/16 11:00:07 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/14 06:42:47 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 06:42:47 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:02:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 04:23:59 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk
[2012/03/11 04:08:30 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/04/07 07:36:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 06:36:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 06:36:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 06:36:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 06:36:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 06:36:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 03:31:31 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Pini Society.lnk
[2012/04/07 03:20:18 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Defender of the Crown - Heroes Live Forever.lnk
[2012/04/06 01:53:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Pahelika Secret Legends.lnk
[2012/04/06 00:47:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/04 01:29:19 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crazy Machines Complete Collection.lnk
[2012/03/30 04:24:21 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Aldorlea Tales - Stars of Destiny.lnk
[2012/03/30 04:04:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/03/24 22:15:48 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Space.lnk
[2012/03/21 18:52:05 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Adore Puzzle.lnk
[2012/03/19 10:38:18 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sinking Island.lnk
[2012/03/18 23:51:59 | 000,002,028 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Fantastic Creations - House of Brass CE.lnk
[2012/03/12 04:23:59 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
[2012/03/12 04:20:07 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Angry Birds - Christmas Edition - Seasons HD .lnk
[2012/03/12 04:20:07 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Read Before Install - Use This Key - Foxy Games.lnk
[2012/03/12 04:20:07 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/03/12 04:20:07 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Crack Angry Birds.lnk
[2012/02/20 00:31:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 01:02:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 04:21:16 | 001,492,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 01:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 20:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 18:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 18:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 23:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 23:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 06:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 06:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 18:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 07:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 08:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 08:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 08:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 06:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 18:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 23:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 23:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 17:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 12:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 08:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 23:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 23:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 11:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 07:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 04:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 01:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 18:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 16:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 14:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 14:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 14:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 21:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 21:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/23 00:44:34 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 03:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 03:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 07:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/14 00:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 18:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 02:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 09:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 18:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 02:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 04:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 18:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 18:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 18:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 18:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 18:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 16:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 13:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 13:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 13:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 13:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 16:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 16:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 16:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 20:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >





The following is the combofix log, which was run prior to the OTL:


ComboFix 12-04-07.02 - Michele 04/08/2012 18:51:24.4.2 - x86
Running from: c:\documents and settings\Michele\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 22:48 . 2012-04-08 22:48 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14AFAB49-C7C8-49FF-B39C-9FA8501695CD}\MpKslae3f3734.sys
2012-04-08 12:19 . 2012-03-20 07:53 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14AFAB49-C7C8-49FF-B39C-9FA8501695CD}\mpengine.dll
2012-04-07 11:35 . 2012-04-07 12:59 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 11:29 . 2012-04-07 11:29 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-06 04:47 . 2009-12-05 23:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-06 04:47 . 2012-04-06 04:47 -------- d-----w- c:\program files\ffdshow
2012-03-30 02:51 . 2012-03-30 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-03-12 08:12 . 2012-03-12 08:12 -------- d-----w- c:\documents and settings\M
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:59 . 2011-06-11 23:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-11-25 08:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:47 . 2004-08-04 20:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-03 09:22 . 2004-08-05 04:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-17 05:02 3072 ------w- c:\windows\system32\iacenc.dll
.
<pre>
c:\program files\Games\Westward III Gold Rush\Westward_III .exe
</pre>
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 21:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2004-08-04 20:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 1999-03-08 06:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-02-20_13.28.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 12:06 . 2012-04-07 12:06 16384 c:\windows\TEMP\Perflib_Perfdata_e58.dat
+ 2011-01-20 09:08 . 2009-02-27 07:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2011-01-20 09:08 . 2009-02-27 07:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
- 2004-08-04 20:00 . 2012-02-17 08:11 99096 c:\windows\system32\perfc009.dat
+ 2004-08-04 20:00 . 2012-03-14 10:42 99096 c:\windows\system32\perfc009.dat
+ 2011-01-20 09:08 . 2009-02-27 07:42 31640 c:\windows\system32\msonpmon.dll
+ 2004-08-04 20:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2012-03-21 06:14 . 2012-03-21 06:14 22016 c:\windows\Installer\232704ce.msi
+ 2012-03-12 08:24 . 2012-03-12 08:24 98472 c:\windows\Installer\{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}\AngryBirdsSeasons.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-04-02 17:01 . 2009-04-02 17:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-03 23:46 . 2009-04-03 23:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2009-03-06 07:48 . 2009-03-06 07:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2011-05-31 20:31 . 2011-05-31 20:31 32128 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\VPREVIEW.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2011-07-20 09:17 . 2011-07-20 09:17 33152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\SETLANG.EXE
+ 2011-07-27 08:53 . 2011-07-27 08:53 39464 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\REFIEBAR.DLL
+ 2009-02-26 23:21 . 2009-02-26 23:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 43352 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OUTLRPC.DLL
+ 2011-07-27 09:17 . 2011-07-27 09:17 22432 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OISCTRL.DLL
+ 2011-07-27 09:25 . 2011-07-27 09:25 53728 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OFFRHD.DLL
+ 2011-07-27 08:53 . 2011-07-27 08:53 64872 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\NAME.DLL
+ 2009-02-26 21:07 . 2009-02-26 21:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 21:07 . 2009-02-26 21:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-26 23:21 . 2009-02-26 23:21 25968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSOEURO.DLL
+ 2011-07-27 08:34 . 2011-07-27 08:34 13712 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSOCFU.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 20352 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MLSHEXT.DLL
+ 2011-05-31 20:26 . 2011-05-31 20:26 88448 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\METCONV.DLL
+ 2011-07-27 21:49 . 2011-07-27 21:49 56696 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\EXP_XPS.DLL
+ 2011-07-27 21:49 . 2011-07-27 21:49 95608 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\EXP_PDF.DLL
+ 2009-02-26 21:07 . 2009-02-26 21:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 55168 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACERCLR.DLL
+ 2009-02-26 15:18 . 2009-02-26 15:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEODTXT.DLL
+ 2009-02-26 15:18 . 2009-02-26 15:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEODPDX.DLL
+ 2009-02-26 15:18 . 2009-02-26 15:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEODEXL.DLL
+ 2009-02-26 15:18 . 2009-02-26 15:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEODDBS.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 47024 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEERR.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 55240 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACECNFLT.EXE
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2012-03-21 07:03 . 2012-03-21 07:03 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-03-21 07:03 . 2012-03-21 07:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2011-01-21 08:02 . 2011-01-21 08:02 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-02-10 03:59 . 2012-04-07 11:30 7508 c:\windows\system32\Restore\rstrlog.dat
+ 2011-01-20 09:08 . 2009-02-27 07:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2011-01-20 09:08 . 2009-02-27 07:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2004-08-04 20:00 . 2012-03-14 10:42 532052 c:\windows\system32\perfh009.dat
- 2004-08-04 20:00 . 2012-02-17 08:11 532052 c:\windows\system32\perfh009.dat
+ 2012-04-07 12:59 . 2012-04-07 12:59 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-07 11:35 . 2012-04-07 11:35 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-07 11:35 . 2012-04-07 11:35 424608 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-07 11:35 . 2012-04-07 12:59 253600 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2006-08-10 17:35 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2011-08-19 04:12 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2012-03-05 13:44 . 2012-03-05 13:44 331264 c:\windows\Installer\c5b9892.msi
+ 2012-03-25 02:15 . 2012-03-25 02:15 756224 c:\windows\Installer\b023dcc.msi
+ 2012-04-02 05:33 . 2012-04-02 05:33 341504 c:\windows\Installer\34eeb588.msi
+ 2012-03-12 08:24 . 2012-03-12 08:24 772096 c:\windows\Installer\31e2686.msi
- 2009-08-19 09:59 . 2012-02-17 08:00 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2011-06-04 04:09 . 2011-06-04 04:09 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-03-21 07:01 . 2012-03-21 07:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-03-25 02:15 . 2012-03-25 02:15 181638 c:\windows\Installer\{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}\AngryBirdsSpace.exe
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 21:45 . 2009-02-26 21:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2011-09-16 00:41 . 2011-09-16 00:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-08 00:51 . 2007-06-08 00:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2011-07-27 08:58 . 2011-07-27 08:58 439160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\SETUP.EXE
+ 2011-07-27 08:54 . 2011-07-27 08:54 503184 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\SELFCERT.EXE
+ 2011-05-27 01:13 . 2011-05-27 01:13 368520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\PPSLAX.DLL
+ 2011-07-27 08:36 . 2011-07-27 08:36 481640 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\PORTCONN.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2011-07-27 09:17 . 2011-07-27 09:17 284560 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OISGRAPH.DLL
+ 2011-07-27 09:16 . 2011-07-27 09:16 997768 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OISAPP.DLL
+ 2011-07-27 09:16 . 2011-07-27 09:16 273792 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OIS.EXE
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2009-02-26 19:24 . 2009-02-26 19:24 231864 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ODEPLOY.EXE
+ 2011-07-20 09:22 . 2011-07-20 09:22 538968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSTORES.DLL
+ 2011-07-20 09:22 . 2011-07-20 09:22 144728 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSTORE.EXE
+ 2011-07-20 09:22 . 2011-07-20 09:22 832360 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSTORDB.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2009-02-26 02:02 . 2009-02-26 02:02 504176 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSSOAP30.DLL
+ 2011-07-27 10:10 . 2011-07-27 10:10 670560 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSQRY32.EXE
+ 2011-05-31 21:19 . 2011-05-31 21:19 732000 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSPROOF6.DLL
+ 2009-02-26 01:46 . 2009-02-26 01:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-27 08:53 . 2011-07-27 08:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2011-07-27 08:34 . 2011-07-27 08:34 160632 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSOCF.DLL
+ 2011-06-23 13:54 . 2011-06-23 13:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2011-07-20 09:22 . 2011-07-20 09:22 828264 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MEDCAT.DLL
+ 2011-07-27 21:49 . 2011-07-27 21:49 177536 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\IETAG.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2009-02-26 19:24 . 2009-02-26 19:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-07-27 09:13 . 2011-07-27 09:13 434080 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\DWTRIG20.EXE
+ 2011-07-27 09:13 . 2011-07-27 09:13 439128 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\DWDCW20.DLL
+ 2011-07-27 08:53 . 2011-07-27 08:53 105872 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\DSSM.EXE
+ 2011-07-27 08:53 . 2011-07-27 08:53 188800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\CONTACTPICKER.DLL
+ 2011-07-27 10:13 . 2011-07-27 10:13 204664 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\CLVIEW.EXE
+ 2011-07-27 10:20 . 2011-07-27 10:20 400216 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\CDLMSO.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 370608 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEXBE.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 223152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACETXT.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 550840 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEREP.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 288688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACER3X.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 255920 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACER2X.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 391096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEPDE.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 378808 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEOLEDB.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 278912 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEODBC.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 206776 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACELTS.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 632752 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEEXCL.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 337848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEEXCH.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 186304 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEES.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 571320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACEDAO.DLL
+ 2011-07-27 08:41 . 2011-07-27 08:41 763848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACECNF.DLL
+ 2006-10-27 22:35 . 2006-10-27 22:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2012-04-07 05:07 . 2012-04-07 05:07 479232 c:\windows\ERDNT\AutoBackup\4-7-2012\Users\00000002\UsrClass.dat
+ 2012-04-07 05:07 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\4-7-2012\ERDNT.EXE
+ 2012-04-07 03:52 . 2012-04-07 03:52 479232 c:\windows\ERDNT\AutoBackup\4-6-2012\Users\00000002\UsrClass.dat
+ 2012-04-07 03:52 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\4-6-2012\ERDNT.EXE
+ 2012-03-22 22:59 . 2012-03-22 22:59 479232 c:\windows\ERDNT\AutoBackup\3-22-2012\Users\00000002\UsrClass.dat
+ 2012-03-22 22:59 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\3-22-2012\ERDNT.EXE
+ 2012-03-21 18:29 . 2012-03-21 18:29 479232 c:\windows\ERDNT\AutoBackup\3-21-2012\Users\00000002\UsrClass.dat
+ 2012-03-21 18:29 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\3-21-2012\ERDNT.EXE
+ 2012-03-03 04:23 . 2012-03-03 04:23 479232 c:\windows\ERDNT\AutoBackup\3-2-2012\Users\00000002\UsrClass.dat
+ 2012-03-03 04:23 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\3-2-2012\ERDNT.EXE
+ 2012-03-14 05:26 . 2012-03-14 05:26 479232 c:\windows\ERDNT\AutoBackup\3-14-2012\Users\00000002\UsrClass.dat
+ 2012-03-14 05:26 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\3-14-2012\ERDNT.EXE
+ 2012-03-11 16:43 . 2012-03-11 16:43 479232 c:\windows\ERDNT\AutoBackup\3-11-2012\Users\00000002\UsrClass.dat
+ 2012-03-11 16:43 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\3-11-2012\ERDNT.EXE
- 2011-01-21 08:02 . 2011-01-21 08:02 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-21 07:03 . 2012-03-21 07:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-21 07:03 . 2012-03-21 07:03 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-04-07 12:59 . 2012-04-07 12:59 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2006-08-10 17:30 . 2012-04-07 03:51 3608064 c:\windows\system32\FNTCACHE.DAT
- 2006-08-10 17:30 . 2012-02-19 08:14 3608064 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-07 06:28 . 2011-07-07 06:28 1193320 c:\windows\system32\FM20.DLL
+ 2009-08-14 13:21 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2012-03-01 03:45 . 2012-03-01 03:45 4989440 c:\windows\Installer\577327.msp
+ 2011-09-15 22:40 . 2011-09-15 22:40 7959552 c:\windows\Installer\2351773a.msp
+ 2011-09-15 22:35 . 2011-09-15 22:35 1411072 c:\windows\Installer\23517542.msp
- 2009-08-19 09:59 . 2012-02-17 08:00 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-19 09:59 . 2012-03-21 07:07 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-08-19 09:59 . 2012-02-17 08:00 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2011-01-20 09:08 . 2011-12-15 08:12 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-01-20 09:08 . 2012-03-21 07:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-10 03:10 . 2009-10-10 03:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2006-10-27 01:25 . 2006-10-27 01:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-20 12:12 . 2011-07-20 12:12 3750776 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\VVIEWER.DLL
+ 2011-06-29 11:02 . 2011-06-29 11:02 1846656 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\VVIEWDWG.DLL
+ 2009-10-10 03:10 . 2009-10-10 03:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-27 22:15 . 2011-07-27 22:15 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\STSLIST.DLL
+ 2011-07-27 08:59 . 2011-07-27 08:59 6540136 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OSETUP.DLL
+ 2011-07-07 06:58 . 2011-07-07 06:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 09:51 . 2011-07-27 09:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-08-03 04:14 . 2011-08-03 04:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2011-07-20 09:31 . 2011-07-20 09:31 1523632 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\NLSD0000.DLL
+ 2011-05-26 23:28 . 2011-05-26 23:28 6637952 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSORES.DLL
+ 2011-07-27 09:09 . 2011-07-27 09:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-06-22 12:16 . 2011-06-22 12:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2011-07-07 06:28 . 2011-07-07 06:28 1193320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\FM20.DLL
+ 2011-08-03 22:27 . 2011-08-03 22:27 1415072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\ACECORE.DLL
+ 2012-04-07 05:07 . 2012-04-07 05:07 8212480 c:\windows\ERDNT\AutoBackup\4-7-2012\Users\00000001\ntuser.dat
+ 2012-04-07 03:52 . 2012-04-07 03:52 8212480 c:\windows\ERDNT\AutoBackup\4-6-2012\Users\00000001\ntuser.dat
+ 2012-03-22 22:59 . 2012-03-22 22:59 8212480 c:\windows\ERDNT\AutoBackup\3-22-2012\Users\00000001\ntuser.dat
+ 2012-03-21 18:29 . 2012-03-21 18:29 8212480 c:\windows\ERDNT\AutoBackup\3-21-2012\Users\00000001\ntuser.dat
+ 2012-03-03 04:23 . 2012-03-03 04:23 8212480 c:\windows\ERDNT\AutoBackup\3-2-2012\Users\00000001\ntuser.dat
+ 2012-03-14 05:26 . 2012-03-14 05:26 8212480 c:\windows\ERDNT\AutoBackup\3-14-2012\Users\00000001\ntuser.dat
+ 2012-03-11 16:43 . 2012-03-11 16:43 8212480 c:\windows\ERDNT\AutoBackup\3-11-2012\Users\00000001\ntuser.dat
+ 2012-03-21 07:03 . 2012-03-21 07:03 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2006-08-10 17:41 . 2012-03-14 07:02 54215544 c:\windows\system32\MRT.exe
+ 2011-09-15 22:39 . 2011-09-15 22:39 11163136 c:\windows\Installer\23517730.msp
+ 2011-09-15 22:38 . 2011-09-15 22:38 10838528 c:\windows\Installer\23517724.msp
+ 2011-09-15 22:37 . 2011-09-15 22:37 16691712 c:\windows\Installer\2351755e.msp
+ 2011-09-15 22:37 . 2011-09-15 22:37 34428416 c:\windows\Installer\23517543.msp
+ 2011-09-16 00:42 . 2011-09-16 00:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-17 14:01 . 2011-08-17 14:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-03 23:53 . 2011-08-03 23:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-15 22:34 . 2011-09-15 22:34 428804608 c:\windows\Installer\2351764f.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-18 742264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2008-10-14 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-12 4464640]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Michele\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-9 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michele^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Michele\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-06-10 22:32 1282048 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
2009-06-12 19:59 4464640 ----a-w- c:\program files\Lenovo\Energy Management\utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 23:25 136176 ----atw- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2010-04-23 00:49 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-11-05 00:29 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
2009-04-23 09:11 2742840 ----a-w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"IviRegMgr"=2 (0x2)
"gupdate"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Michele\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-11 2152152]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]
R3 audiobridge;Virtual Audio Bridge;c:\windows\system32\DRIVERS\aubridge.sys [2007-07-23 22528]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-05-17 13224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-04-23 25824]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-11-05 24304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-02 64512]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-10-09 116608]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-11-05 132456]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-01-11 9472]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ADOBEFLASHPLAYERUPDATESVC
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - MPKSLAE3F3734
*NewlyCreated* - MPKSLE2129611
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - MpKsle2129611
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WD_FireWire_HID
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 05:41]
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:59]
.
2012-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:10]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
- c:\documents and settings\Michele\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 23:25]
.
2012-04-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-03-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-04-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-12-11 06:29]
.
2012-04-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Michele\Application Data\Move Networks
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-ffdshow - c:\program files\K-Lite Codec Pack\ffdshow\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 19:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe????????????????????????????????????????????????????????????????????????????????H???????????????????????????????????????????????????????`????v?|????????????????????????x????x?|?????`?????????????????|?????????????????X?w???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-08 19:17:18
ComboFix-quarantined-files.txt 2012-04-08 23:17
ComboFix2.txt 2012-04-07 11:13
ComboFix3.txt 2012-02-20 13:36
ComboFix4.txt 2012-02-19 05:27
ComboFix5.txt 2012-04-08 22:48
.
Pre-Run: 41,852,973,056 bytes free
Post-Run: 42,630,815,744 bytes free
.
- - End Of File - - CB36C168DD6D52C0933F416DADDC3D28
  • 0

#29
Gostchyld
Posted 09 April 2012 - 01:49 AM

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Have also noticed google redirect at least while using Google Chrome... But it is not consistent.
  • 0

#30
Essexboy
Posted 09 April 2012 - 07:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Topics merged

Crag_Hack informed
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP