Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant do any Windows Update posiible DNS Hijack?


  • This topic is locked This topic is locked
25 replies to this topic

#1 bigkevin20

bigkevin20

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 01 June 2010 - 11:50 AM

Hello my pc was fine going strong for 3 years now Win XP Pro, I recently tried to get a serial number from one of those serialz sites. I know there virus bound to begin with but I usually have some luck getting what I want. Just have to know what not to open, well all that's out the window a this point. Everything else seems fine besides the occasional 100% cpu usage that has increased since the virus. NO virus have been found but no matter what I do I have no update options threw Microsoft, I cant go to any of there sites pertaining updates.

I did remove some lines like worm radar I thought that had something to do with it, please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:14 PM, on 6/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\sstext3d.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HEAVYWEIGHT\Desktop\HijackThis.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickSoundSwitch] "C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to QuickSoundSwitch.lnk = C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - C:\Mushroom Clown 720.jpg

--
End of file - 9028 bytes



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:21 PM

Posted 03 June 2010 - 10:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 09 June 2010 - 09:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 10 June 2010 - 05:46 AM

Re-opened per request.....

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Change "Drivers" to "All"
  5. Click the "Scan All Users" checkbox.
  6. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  7. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  8. Push
  9. A report will open. Copy and Paste that report in your next reply.
  10. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTl.txt
* Extra.txt
* Gmer log
* A clear description of the problems you are experiencing. Redirection, popups??

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 11 June 2010 - 09:56 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 12:02 PM

yes


#7 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 12:07 PM

Ok I am still having the same problems mentioned above but things are getting worse. Im getting explorer.exe crashes now, just in time debugging keeps popping up so I disabled debugging and Im still getting the messages. Also no windows update but if I keep the Ethernet cable unplugged when you first turn it on you will get the windows update a 0% wont let you open it though. Also pc becomes 100 cpu usage after a few hours and you must reboot.

OTI.txt

OTL logfile created on: 6/11/2010 9:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98.07 Gb Total Space | 56.02 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
Drive D: | 269.63 Gb Total Space | 190.62 Gb Free Space | 70.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 98.07 Gb Total Space | 11.80 Gb Free Space | 12.04% Space Free | Partition Type: NTFS

Computer Name: HEAVYWEI-D3366D
Current User Name: HEAVYWEIGHT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 08:33:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\OTL.exe
PRC - [2010/06/02 08:39:38 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 08:39:38 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 08:39:38 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 08:39:11 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 08:39:10 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/12 19:02:24 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/04/04 15:21:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 23:55:32 | 000,110,592 | ---- | M] (Private) -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe
PRC - [2010/03/28 09:20:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/23 12:09:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/26 19:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJack.exe
PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/02/08 12:09:00 | 001,634,304 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/01/20 12:13:32 | 000,099,704 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/29 17:25:28 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/07/29 17:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/07/29 17:20:58 | 000,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/07/29 17:20:40 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/07/07 21:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 08:33:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/06 09:33:20 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/23 12:09:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/01/20 12:13:32 | 000,099,704 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2005/07/29 17:23:52 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/07/29 17:20:58 | 000,118,843 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/07/29 17:20:40 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005/07/07 21:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBAAPL)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SenFiltService)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ossrv)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ctsfm2k)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASInsHelp)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AEAudioService)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ADIHdAudAddService)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/06/06 09:33:26 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:39:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 08:39:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/30 21:58:04 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2010/03/23 12:09:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/16 02:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/01/28 10:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/26 01:29:58 | 001,142,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/17 14:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/14 06:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 05:51:44 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 05:51:44 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/14 05:51:44 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/14 05:51:44 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/14 05:51:44 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 05:51:44 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 05:51:44 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 05:51:44 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 05:51:44 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 05:43:24 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 05:43:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 05:43:22 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 01:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 01:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/14 01:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/14 01:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 01:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/14 01:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 01:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 01:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 01:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 01:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 01:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 01:09:50 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/14 01:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 00:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 00:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 00:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 00:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 00:47:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 00:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 00:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 00:27:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/14 00:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 00:27:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 00:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 00:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 00:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 00:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 00:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 00:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 00:24:30 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 00:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 00:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 00:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/14 00:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/14 00:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:16:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008/04/14 00:16:24 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/14 00:16:22 | 000,121,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/04/14 00:16:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/14 00:16:20 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 00:15:36 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/14 00:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 00:14:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 00:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 00:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 00:10:50 | 000,043,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2008/04/14 00:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 00:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/14 00:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 00:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 00:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/14 00:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 00:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 00:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/14 00:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/14 00:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/14 00:03:30 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 00:03:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 00:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 00:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 00:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 23:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 20:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 20:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/13 20:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/13 20:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/13 19:53:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/06 19:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/23 15:17:00 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (ZOOM705)
DRV - [2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/14 05:52:28 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/03/31 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2003/03/31 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2003/03/31 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/10 08:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.SYS -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA D3 00 A1 40 FF CA 01 [binary data]
IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-220523388-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Creative Commons"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 11:21:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 09:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 03:28:55 | 000,000,000 | ---D | M]

[2008/11/20 04:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Extensions
[2010/06/10 20:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions
[2010/04/27 08:08:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 15:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{3780b850-ba40-11db-8314-0800200c9a66}
[2009/11/04 22:55:29 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/03/23 11:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010/03/23 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\info@djzig(2).com
[2010/03/24 08:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\info@djzig.com
[2010/01/08 19:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com
[2010/01/08 19:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com-trash
[2010/06/10 20:08:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-436374069-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-220523388-436374069-682003330-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKU\S-1-5-21-220523388-436374069-682003330-1003..\Run: [cdloader] C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-220523388-436374069-682003330-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-220523388-436374069-682003330-1003..\Run: [QuickSoundSwitch] C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe (Private)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\HEAVYWEIGHT\Start Menu\Programs\Startup\Shortcut to QuickSoundSwitch.lnk = C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe (Private)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - C:\Mushroom Clown 720.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 02:43:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{629de292-bdbb-11dd-a69f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{629de292-bdbb-11dd-a69f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{629de292-bdbb-11dd-a69f-806d6172696f}\Shell\AutoRun\command - "" = G:\install.exe -- File not found
O33 - MountPoints2\{83db4562-c04a-11dd-b367-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -- [2007/09/20 20:38:02 | 000,967,976 | ---- | M] (CyberLink Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/20 02:43:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {75E8339C-5048-E2C8-F564-0F47B78FFF8F} - DirectAnimation
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/09 22:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help
[2010/06/04 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\Youcam
[2010/06/04 22:57:33 | 000,171,520 | ---- | C] (AVEO Corp) -- C:\WINDOWS\System32\drivers\aveodcnt.sys
[2010/06/04 22:57:33 | 000,057,344 | ---- | C] (Xirlink, Inc.) -- C:\WINDOWS\System32\sx_cam_i420.dll
[2010/06/04 22:57:33 | 000,036,864 | ---- | C] (AVEO) -- C:\WINDOWS\System32\AVEOCamIntfc.ax
[2010/06/04 22:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVEO
[2010/06/04 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Yahoo
[2010/06/04 09:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/04 09:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Yahoo!
[2010/06/04 09:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/04 09:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/04 09:27:25 | 000,418,304 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\msgr10us.exe
[2010/06/04 00:13:08 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010/06/04 00:13:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/06/04 00:13:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/06/01 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 20:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Malwarebytes
[2010/05/31 20:20:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 20:20:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 20:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 20:19:09 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\mbam-setup-1.46.exe
[2010/05/31 20:12:49 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HousecallLauncher.exe
[2010/05/31 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/31 14:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\backups
[2010/05/31 14:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/05/31 12:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/31 12:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/31 03:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/30 00:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\Pinnacle Studio
[2010/05/29 22:36:53 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/29 22:36:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2010/05/29 22:36:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/05/29 22:36:50 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/29 22:36:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/29 22:36:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/29 22:36:49 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/29 22:36:48 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/05/29 22:36:45 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/29 22:36:43 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/29 22:36:40 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/29 22:36:33 | 000,022,528 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\emAudio.sys
[2010/05/29 22:36:20 | 000,100,957 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emDevice.sys
[2010/05/29 22:36:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/29 22:36:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/29 22:36:20 | 000,081,920 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\PCLECoInst.dll
[2010/05/29 22:36:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/29 22:36:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/29 22:36:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/05/29 22:36:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/29 22:36:20 | 000,045,056 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emVFW.dll
[2010/05/29 22:36:20 | 000,032,768 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emProp.ax
[2010/05/29 22:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/05/29 22:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/29 22:36:20 | 000,024,269 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emStream.sys
[2010/05/29 22:36:20 | 000,017,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emYUV.dll
[2010/05/29 22:36:20 | 000,009,739 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emUSD.dll
[2010/05/29 22:36:20 | 000,005,245 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emFilter.sys
[2010/05/29 22:36:20 | 000,004,493 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emScan.sys
[2010/05/29 22:36:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/29 22:36:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/29 22:36:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/05/29 22:36:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010/05/29 22:36:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010/05/29 22:36:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/05/29 21:21:14 | 000,171,520 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\MarvinBus.sys
[2010/05/29 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/05/29 21:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Downloaded Installations
[2010/05/29 21:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/05/29 21:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Projects
[2010/05/29 21:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2010/05/29 21:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/05/29 21:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/05/29 16:11:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HijackThis.exe
[2010/05/29 15:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices
[2010/05/29 12:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\WMTools Downloaded Files
[2010/05/29 11:07:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HEAVYWEIGHT\IECompatCache
[2010/05/24 15:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Photoshop Art
[2010/05/22 11:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/22 11:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/22 11:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/22 10:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\xrajsource
[2006/10/10 03:11:17 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/11 08:55:40 | 060,940,122 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/11 08:36:10 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003UA.job
[2010/06/11 08:36:05 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003Core.job
[2010/06/11 05:21:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\prvlcl.dat
[2010/06/10 20:06:56 | 000,000,486 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HEAVYWEIGHT.job
[2010/06/09 23:54:34 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\ntuser.dat
[2010/06/09 23:18:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 19:22:57 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\magicJack.lnk
[2010/06/09 19:21:54 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/09 19:21:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 18:31:01 | 000,513,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 18:31:01 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 18:31:01 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 18:28:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/09 18:26:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/09 18:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 17:48:40 | 000,001,319 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 23:05:40 | 004,231,474 | -H-- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\IconCache.db
[2010/06/08 21:59:09 | 469,291,520 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\AveoClip0003.AVI
[2010/06/08 15:38:57 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/07 23:23:27 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 09:33:26 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/04 23:01:11 | 045,573,120 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\AveoClip0000.AVI
[2010/06/04 23:00:55 | 058,982,454 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\AveoStill0000.bmp
[2010/06/04 22:59:50 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\CyberLink YouCam.lnk
[2010/06/04 22:57:33 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2010/06/04 09:49:31 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/04 09:27:25 | 000,418,304 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\msgr10us.exe
[2010/06/02 08:39:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 08:39:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 15:57:48 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\default.pls
[2010/06/01 11:19:18 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/31 20:20:03 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:19:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\mbam-setup-1.46.exe
[2010/05/31 20:13:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 20:12:51 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HousecallLauncher.exe
[2010/05/31 15:20:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\ntuser.ini
[2010/05/31 15:20:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 15:20:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/31 12:50:21 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/05/31 12:50:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/31 09:51:13 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\DivX Movies.lnk
[2010/05/30 09:26:52 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/05/30 00:17:42 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/29 23:47:10 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 22:52:17 | 000,103,512 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 16:11:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HijackThis.exe
[2010/05/29 15:37:17 | 000,130,337 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices.zip
[2010/05/29 11:01:26 | 000,054,296 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/21 21:02:03 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\save ryab.bmp
[2010/05/21 20:59:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\New Windows Bitmap Image.bmp
[2010/05/18 21:59:57 | 001,328,783 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 020.jpg
[2010/05/18 21:59:56 | 001,507,253 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 017.jpg
[2010/05/18 21:59:56 | 001,431,281 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 018.jpg
[2010/05/18 21:59:56 | 001,330,886 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 019.jpg
[2010/05/18 21:59:55 | 002,739,853 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 016.jpg
[2010/05/16 15:43:22 | 006,365,732 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\matt Truck head copy.jpg
[2010/05/15 15:20:06 | 010,307,298 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv.part
[2010/05/15 15:05:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv
[2010/05/14 21:55:21 | 000,077,431 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\28302_1278160158774_1373111365_30616677_8109123_n.jpg
[2010/05/12 22:00:57 | 000,220,063 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\R's.jpg
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 21:57:35 | 469,291,520 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\AveoClip0003.AVI
[2010/06/04 23:01:02 | 045,573,120 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\AveoClip0000.AVI
[2010/06/04 23:00:54 | 058,982,454 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\AveoStill0000.bmp
[2010/06/04 22:59:50 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\CyberLink YouCam.lnk
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\newspaper_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\aim_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\3_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\2_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\1_640_480.bmp
[2010/06/04 22:57:33 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\magnifier_640_480.bmp
[2010/06/04 22:57:33 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\4_640_480.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\newspaper_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\magnifier_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\aim_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\3_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\2_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\1_320_240.bmp
[2010/06/04 22:57:33 | 000,230,454 | ---- | C] () -- C:\WINDOWS\System32\4_320_240.bmp
[2010/06/04 22:57:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2010/06/04 22:57:32 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2010/06/04 09:49:31 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/05/31 20:20:03 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:13:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:20:30 | 000,002,085 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010/05/31 15:20:30 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Start Menu\Programs\Startup\Shortcut to QuickSoundSwitch.lnk
[2010/05/31 12:50:23 | 000,000,486 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for HEAVYWEIGHT.job
[2010/05/31 12:50:21 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/05/31 12:50:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/31 09:51:13 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\DivX Movies.lnk
[2010/05/29 22:36:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/05/29 22:36:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/05/29 22:36:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/05/29 22:36:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/05/29 22:36:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/05/29 22:36:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/05/29 21:19:05 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/05/29 21:04:25 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/29 15:37:14 | 000,130,337 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices.zip
[2010/05/21 21:02:03 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\save ryab.bmp
[2010/05/21 20:59:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\New Windows Bitmap Image.bmp
[2010/05/18 18:56:14 | 001,328,783 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 020.jpg
[2010/05/18 18:56:02 | 001,330,886 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 019.jpg
[2010/05/18 18:55:14 | 001,431,281 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 018.jpg
[2010/05/18 18:54:48 | 001,507,253 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 017.jpg
[2010/05/16 15:43:16 | 006,365,732 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\matt Truck head copy.jpg
[2010/05/15 15:05:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv
[2010/05/15 15:05:11 | 010,307,298 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv.part
[2010/05/14 21:55:21 | 000,077,431 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\28302_1278160158774_1373111365_30616677_8109123_n.jpg
[2010/05/12 22:00:52 | 000,220,063 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\R's.jpg
[2010/05/12 09:59:00 | 000,124,134 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Chocolate Salty Balls.mp3
[2010/04/02 02:40:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/03/25 20:55:56 | 000,002,191 | R--- | C] () -- C:\WINDOWS\P17EP.ini
[2010/03/25 20:55:56 | 000,001,694 | R--- | C] () -- C:\WINDOWS\P17EP51.ini
[2010/03/25 20:55:55 | 000,143,872 | R--- | C] () -- C:\WINDOWS\System32\OemSpiE.dll
[2010/03/25 20:55:55 | 000,014,848 | R--- | C] () -- C:\WINDOWS\System32\P17RunE.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/02 21:16:22 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2009/02/05 00:28:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/28 22:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/11/20 04:26:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/20 04:03:45 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/20 04:03:45 | 000,004,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/20 03:53:20 | 000,000,705 | ---- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/11/20 03:53:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/11/20 03:52:54 | 000,020,905 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/20 03:52:51 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/15 22:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/10/10 03:11:38 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2003/10/02 06:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/22 11:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/08 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2010/01/30 06:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2010/04/02 01:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/03/31 03:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company(2)
[2010/04/02 01:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/05/29 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/05/29 21:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/05/29 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/05/29 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2010/04/21 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/02/13 03:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/03/28 09:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/05/29 16:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\KingsIsle Entertainment
[2009/10/24 18:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\.purple
[2010/01/27 21:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\AVCWare Studio
[2010/04/02 16:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2008/11/21 01:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\FLVPlayer4Free
[2009/03/27 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\GetRightToGo
[2010/03/23 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Gmote
[2010/04/02 02:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Macro Recorder
[2010/06/09 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp
[2010/04/11 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Opera
[2009/01/20 02:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Power Sound Editor Free
[2010/04/27 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Temp
[2010/06/09 18:28:03 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/04/02 16:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/31 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/04/02 01:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/02/13 03:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/22 11:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/08 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2010/04/09 21:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/05/31 09:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/01/30 06:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2010/04/02 01:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/03/31 03:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company(2)
[2010/04/02 01:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/06/09 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/03/28 09:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/31 20:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/04 00:16:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/31 12:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/31 12:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/03/24 23:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/04/01 09:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/02/11 10:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/29 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/05/29 21:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/05/29 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/03/28 15:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/05/29 21:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2010/05/31 12:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/21 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/11/20 04:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/04 09:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/08 20:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/02/13 03:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/03/28 09:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/07/04 14:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2010/02/04 11:53:47 | 002,954,656 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2010/03/24 14:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
[2010/03/24 14:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
[2010/03/24 14:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
[2009/02/13 03:39:10 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
[2010/04/09 02:22:10 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2010/05/31 09:50:44 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010/04/19 12:42:11 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
[2010/05/31 09:50:45 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2009/10/17 13:07:01 | 000,530,158 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2009/10/17 13:07:20 | 000,530,158 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010/04/09 02:22:42 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2010/05/31 09:51:13 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010/04/09 02:22:42 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2010/04/19 12:42:38 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2010/04/19 12:42:38 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2010/04/09 02:22:44 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010/04/09 02:22:32 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2010/04/09 02:22:31 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010/05/31 09:51:09 | 000,057,679 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
[2010/04/09 02:22:13 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010/05/31 09:49:41 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2010/05/31 09:49:26 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010/04/09 02:22:35 | 000,054,629 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2010/04/19 12:42:41 | 000,084,040 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
[2010/05/31 09:51:12 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010/04/09 02:23:19 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2010/02/24 00:07:21 | 000,040,304 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\Installer\C4USelfUpdater.exe
[2010/02/24 00:07:21 | 000,316,784 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Registration.exe
[2010/02/24 00:07:21 | 000,041,840 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe
[2010/06/06 09:33:20 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/06/06 09:33:21 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/04/28 09:33:34 | 000,755,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010/06/06 09:33:23 | 001,509,384 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/06/06 09:33:23 | 000,902,208 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/06/06 09:33:24 | 000,891,968 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/04/28 09:34:33 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/06/06 09:34:01 | 000,911,480 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2009/10/24 18:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\.purple
[2010/05/12 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Adobe
[2009/10/01 23:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\AdobeUM
[2009/06/18 19:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Ahead
[2009/04/14 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Apple Computer
[2010/01/27 21:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\AVCWare Studio
[2010/04/02 16:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/04/03 11:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\CyberLink
[2010/04/10 09:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\DivX
[2008/11/21 01:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\FLVPlayer4Free
[2009/03/27 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\GetRightToGo
[2010/03/23 11:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Gmote
[2009/03/03 00:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Help
[2008/11/20 03:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Identities
[2010/04/12 18:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\InstallShield
[2010/04/02 02:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Macro Recorder
[2008/11/20 04:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Macromedia
[2010/05/31 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Malwarebytes
[2010/05/29 21:21:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Microsoft
[2010/06/09 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp
[2008/11/20 04:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla
[2010/04/11 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Opera
[2009/01/20 02:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Power Sound Editor Free
[2010/03/28 15:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Real
[2010/04/06 19:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Realtime Soft
[2009/01/30 03:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Sun
[2010/04/27 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Temp
[2010/02/01 23:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\U3
[2008/12/06 03:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\WinRAR
[2010/06/04 10:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2010/05/29 21:21:18 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010/02/26 19:43:54 | 000,050,520 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe
[2010/02/26 19:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJack.exe
[2010/02/26 19:51:08 | 000,705,936 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJackLoader.exe
[2010/02/26 19:43:58 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJackSplash.exe
[2010/02/26 19:45:32 | 000,743,872 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ar00000\install.exe
[2009/08/01 12:11:34 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ar00000\magicJackSplash.exe
[2009/08/01 12:13:26 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ar00000\mjsetup.exe
[2010/02/26 19:43:58 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\in00000\magicJackSplash.exe
[2010/02/26 19:45:28 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\in00000\mjsetup.exe
[2010/02/26 19:51:10 | 006,870,864 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\in00000\setup.exe
[2010/02/26 19:43:58 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\st00000\magicJackSplash.exe
[2010/02/26 19:50:28 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\st00000\mjsetup.exe
[2010/02/26 19:45:32 | 000,743,872 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ug00000\install.exe
[2010/02/26 19:43:58 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ug00000\magicJackSplash.exe
[2010/02/26 19:51:10 | 006,870,864 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\ug00000\setup.exe
[2010/02/26 19:45:32 | 000,743,872 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\Upgrade\install2.exe
[2010/02/26 19:51:10 | 006,870,864 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\Upgrade\setup2.exe
[2010/01/06 13:08:08 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010/01/06 13:08:08 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2010/03/28 09:18:34 | 000,734,728 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Real\RealPlayer\setup\AU_setup13.exe
[2010/03/23 18:02:36 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Real\Update\setup3.10\setup.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/06/06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/12 02:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvata.sys
[2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\nvata.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/19 21:24:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/19 21:24:16 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/19 21:24:16 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[45 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


Extra.txt

OTL Extras logfile created on: 6/11/2010 9:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98.07 Gb Total Space | 56.02 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
Drive D: | 269.63 Gb Total Space | 190.62 Gb Free Space | 70.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 98.07 Gb Total Space | 11.80 Gb Free Space | 12.04% Space Free | Partition Type: NTFS

Computer Name: HEAVYWEI-D3366D
Current User Name: HEAVYWEIGHT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"30850:TCP" = 30850:TCP:*:Enabled:net support
"30850:UDP" = 30850:UDP:*:Enabled:netsupport
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FunPix\FunPixService.exe" = C:\Program Files\FunPix\FunPixService.exe:*:Enabled:FunPix -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\FunPix\FunPixApp.exe" = C:\Program Files\FunPix\FunPixApp.exe:*:Enabled:FunPix -- File not found
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\NetSupport Manager\PCICTLUI.EXE" = C:\Program Files\NetSupport Manager\PCICTLUI.EXE:*:Enabled:NetSupport Control -- (NetSupport Ltd)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4E8FD73A-B055-4A62-9C37-FF36D2186328}" = AVEO USB2.0 PC Camera(S5HVTV1P20821)
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{F324D324-6531-33DC-F5BA-CD360B156275}" = Comcast Access
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AsusUpdate" = AsusUpdate
"AVG9Uninstall" = AVG Free 9.0
"BtcMaestro" = HP Wireless Multimedia Keyboard and Mouse Driver V1.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DynDNSUpdater" = DynDNS Updater
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.2.0.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSupport Manager" = NetSupport Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pidgin" = Pidgin
"RealPlayer 12.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZOTAC FireStorm" = ZOTAC FireStorm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-436374069-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2010 5:41:18 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 5:41:18 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 7:10:57 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 7:10:57 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 7:34:18 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 7:34:18 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 9:00:57 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 9:00:57 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 9:13:23 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/11/2010 9:13:23 AM | Computer Name = HEAVYWEI-D3366D | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 6/8/2010 11:32:54 AM | Computer Name = HEAVYWEI-D3366D | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/8/2010 11:33:30 AM | Computer Name = HEAVYWEI-D3366D | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 6/8/2010 11:07:39 PM | Computer Name = HEAVYWEI-D3366D | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/8/2010 11:07:39 PM | Computer Name = HEAVYWEI-D3366D | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/8/2010 11:08:16 PM | Computer Name = HEAVYWEI-D3366D | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 6/9/2010 5:17:35 PM | Computer Name = HEAVYWEI-D3366D | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/9/2010 6:26:24 PM | Computer Name = HEAVYWEI-D3366D | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/9/2010 6:26:24 PM | Computer Name = HEAVYWEI-D3366D | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/9/2010 6:26:59 PM | Computer Name = HEAVYWEI-D3366D | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 6/10/2010 9:38:45 AM | Computer Name = HEAVYWEI-D3366D | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.


< End of report >

GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-11 20:10:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HEAVYW~1\LOCALS~1\Temp\kxxiyfoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB811887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8118BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\dmload.sys entry point in ".rsrc" section [0xB85AD114]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73CA380, 0x566465, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007A000C
.text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00C2000A
.text C:\WINDOWS\explorer.exe[2536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\explorer.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\explorer.exe[2536] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\nvata \Device\Harddisk0\DR0 8AB44CEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\dmload.sys suspicious modification
File C:\WINDOWS\system32\drivers\nvata.sys suspicious modification

---- EOF - GMER 1.0.15 ----







#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 12 June 2010 - 12:54 PM

Well done. thumbup2.gif

You have a TDL3 rootkit. Let's fix that.

If you have troubles downloading these apps then you can use a flash drive to transfer to the sick computer

==========

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
  • It shall produce a log located at C:\RKill. Please copy and paste it into your next reply.

==========

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

We need to run an OTL Custom Scan
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    /md5start
    dmload.sy*
    nvata.sy*
    /md5stop

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* RKill log
* TDSSKiller log
* Combofix.txt
* OTL.txt
* What problems remain?

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 01:40 PM

to soon

Edited by bigkevin20, 12 June 2010 - 01:41 PM.


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 12 June 2010 - 02:49 PM


Huh????
Everything alright?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 03:49 PM

so far looks good. gettiing updates at the moment will post logs after updates and reboots. much better so far.

#12 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 03:56 PM

update got this error trying to install an update. i did about 15 updates and rebooted same response for express and custom.

running logs now



[Error number: 0x80072EE2]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

Edited by bigkevin20, 12 June 2010 - 03:59 PM.


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 12 June 2010 - 04:16 PM

We will work out the updates later. Please post the logs I have requested.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 04:53 PM

Rkill

ComboFix 10-06-11.01 - HEAVYWEIGHT 06/12/2010 17:19:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1981 [GMT -4:00]
Running from: c:\documents and settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\thcbytes.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\nvcohda(10).dll
c:\windows\system32\nvcohda(11).dll
c:\windows\system32\nvcohda(12).dll
c:\windows\system32\nvcohda(13).dll
c:\windows\system32\nvcohda(14).dll
c:\windows\system32\nvcohda(15).dll
c:\windows\system32\nvcohda(16).dll
c:\windows\system32\nvcohda(17).dll
c:\windows\system32\nvcohda(18).dll
c:\windows\system32\nvcohda(19).dll
c:\windows\system32\nvcohda(2).dll
c:\windows\system32\nvcohda(20).dll
c:\windows\system32\nvcohda(21).dll
c:\windows\system32\nvcohda(22).dll
c:\windows\system32\nvcohda(23).dll
c:\windows\system32\nvcohda(24).dll
c:\windows\system32\nvcohda(25).dll
c:\windows\system32\nvcohda(26).dll
c:\windows\system32\nvcohda(27).dll
c:\windows\system32\nvcohda(28).dll
c:\windows\system32\nvcohda(29).dll
c:\windows\system32\nvcohda(3).dll
c:\windows\system32\nvcohda(30).dll
c:\windows\system32\nvcohda(31).dll
c:\windows\system32\nvcohda(32).dll
c:\windows\system32\nvcohda(33).dll
c:\windows\system32\nvcohda(34).dll
c:\windows\system32\nvcohda(35).dll
c:\windows\system32\nvcohda(36).dll
c:\windows\system32\nvcohda(37).dll
c:\windows\system32\nvcohda(38).dll
c:\windows\system32\nvcohda(39).dll
c:\windows\system32\nvcohda(4).dll
c:\windows\system32\nvcohda(40).dll
c:\windows\system32\nvcohda(41).dll
c:\windows\system32\nvcohda(42).dll
c:\windows\system32\nvcohda(43).dll
c:\windows\system32\nvcohda(5).dll
c:\windows\system32\nvcohda(6).dll
c:\windows\system32\nvcohda(64).dll
c:\windows\system32\nvcohda(65).dll
c:\windows\system32\nvcohda(66).dll
c:\windows\system32\nvcohda(67).dll
c:\windows\system32\nvcohda(68).dll
c:\windows\system32\nvcohda(69).dll
c:\windows\system32\nvcohda(7).dll
c:\windows\system32\nvcohda(70).dll
c:\windows\system32\nvcohda(71).dll
c:\windows\system32\nvcohda(72).dll
c:\windows\system32\nvcohda(73).dll
c:\windows\system32\nvcohda(74).dll
c:\windows\system32\nvcohda(75).dll
c:\windows\system32\nvcohda(76).dll
c:\windows\system32\nvcohda(77).dll
c:\windows\system32\nvcohda(78).dll
c:\windows\system32\nvcohda(79).dll
c:\windows\system32\nvcohda(8).dll
c:\windows\system32\nvcohda(80).dll
c:\windows\system32\nvcohda(81).dll
c:\windows\system32\nvcohda(82).dll
c:\windows\system32\nvcohda(83).dll
c:\windows\system32\nvcohda(9).dll
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-12 21:02 . 2010-05-31 14:41 998736 ----a-w- C:\TDSSKiller.exe
2010-06-12 20:45 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\in00000\setup.exe
2010-06-12 20:45 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\ar00000\install.exe
2010-06-12 19:21 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 19:21 . 2010-06-12 19:21 -------- dc-h--w- c:\windows\ie8
2010-06-07 06:21 . 2010-06-07 06:21 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Yahoo
2010-06-07 06:21 . 2010-06-07 06:21 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2010-06-05 02:57 . 2010-06-05 02:57 -------- d-----w- c:\program files\AVEO
2010-06-05 02:57 . 2008-05-27 19:35 171520 ----a-w- c:\windows\system32\drivers\aveodcnt.sys
2010-06-05 02:57 . 2007-07-05 17:20 28672 ------w- c:\windows\system32\MFC_InstDrvDLL.dll
2010-06-05 02:57 . 2005-01-21 14:42 57344 ------w- c:\windows\system32\sx_cam_i420.dll
2010-06-04 14:04 . 2010-06-04 14:04 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Yahoo
2010-06-04 13:54 . 2010-06-09 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-04 13:54 . 2010-06-04 14:04 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Yahoo!
2010-06-04 13:49 . 2010-06-04 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-04 13:49 . 2010-04-20 20:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-06-04 13:48 . 2010-06-04 13:54 -------- d-----w- c:\program files\Yahoo!
2010-06-04 04:13 . 2008-04-14 04:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-06-04 04:13 . 2008-04-14 04:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-06-02 12:39 . 2010-06-02 12:39 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 12:39 . 2010-06-02 12:39 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Malwarebytes
2010-06-01 00:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-01 00:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 18:48 . 2010-06-11 23:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\windows\system32\drivers\NSS
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\program files\Norton Security Scan
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\program files\NortonInstaller
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-31 13:51 . 2010-05-31 13:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-31 13:51 . 2010-05-31 13:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-31 13:51 . 2010-05-31 13:51 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-31 13:50 . 2010-05-31 13:50 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-31 13:50 . 2010-05-31 13:50 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-31 13:49 . 2010-05-31 13:49 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-05-30 16:32 . 2010-05-30 16:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-05-30 16:32 . 2010-05-30 16:33 -------- d-----w- c:\documents and settings\Administrator
2010-05-30 14:15 . 2010-05-30 14:15 -------- d-----w- c:\documents and settings\Guest\Application Data\DivX
2010-05-30 01:21 . 2010-05-30 01:21 29926 ----a-r- c:\documents and settings\HEAVYWEIGHT\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-05-30 01:21 . 2005-09-24 03:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-05-30 01:21 . 2010-05-30 01:21 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-05-30 01:21 . 2010-05-30 01:21 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Downloaded Installations
2010-05-30 01:20 . 2010-05-30 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Pinnacle
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 12
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2010-05-30 01:02 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-29 16:06 . 2010-05-29 16:06 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\WMTools Downloaded Files
2010-05-29 15:07 . 2010-05-29 15:07 -------- d-sh--w- c:\documents and settings\HEAVYWEIGHT\IECompatCache
2010-05-27 16:24 . 2010-05-27 16:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 01:09 . 2010-05-22 01:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-17 00:43 . 2010-05-17 00:43 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman Kodak Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 20:45 . 2010-01-24 00:03 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp
2010-06-12 20:44 . 2009-11-28 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-12 19:21 . 2009-11-20 06:43 0 ----a-w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\prvlcl.dat
2010-06-12 19:21 . 2009-11-16 13:52 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-06-12 18:50 . 2003-03-31 12:00 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-06-08 19:38 . 2009-10-05 15:09 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 13:33 . 2010-03-28 13:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 03:00 . 2008-11-20 07:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 02:59 . 2008-11-29 02:21 -------- d-----w- c:\program files\CyberLink
2010-06-02 12:39 . 2009-04-09 22:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 12:39 . 2009-04-09 22:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 13:53 . 2010-04-09 06:24 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-31 13:53 . 2010-04-09 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-31 13:51 . 2008-12-17 04:47 -------- d-----w- c:\program files\DivX
2010-05-31 13:49 . 2010-04-09 06:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-31 13:49 . 2010-04-09 06:23 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-30 11:38 . 2009-05-29 20:04 103512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-30 02:52 . 2008-12-24 17:00 103512 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 15:01 . 2010-03-24 00:10 54296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 15:46 . 2009-11-14 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-06 10:41 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 13:34 . 2010-03-28 15:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-27 22:43 . 2009-11-28 22:02 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Temp
2010-04-21 17:34 . 2010-04-03 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-04-20 05:30 . 2008-04-14 09:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 16:42 . 2010-04-19 16:42 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-16 16:09 . 2010-04-16 16:09 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-12 23:02 . 2010-04-12 23:02 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-04-09 06:23 . 2010-04-09 06:23 56978 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54629 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54101 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 52963 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54073 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 56969 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-07 14:04 . 2010-04-07 14:04 768 -c--a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 20:35 . 2010-05-30 16:32 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-02 17:37 . 2010-04-02 06:44 20 -c--a-w- c:\windows\system32\nvModes.dat
2010-03-31 06:48 . 2010-03-31 06:48 64 -c--a-w- c:\windows\system32\rp_stats.dat
2010-03-31 06:48 . 2010-03-31 06:48 44 -c--a-w- c:\windows\system32\rp_rules.dat
2010-03-31 01:58 . 2008-12-17 04:47 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-12-17 04:47 133616 -c----w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-12-17 04:47 125424 -c----w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-12-17 04:47 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-03-28 13:33 . 2010-03-28 13:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-28 13:21 . 2010-03-28 13:21 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-28 13:21 . 2010-03-28 13:21 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-28 13:21 . 2010-03-28 13:21 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-28 13:21 . 2010-03-28 13:21 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-28 13:21 . 2010-03-28 13:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-28 13:20 . 2008-11-29 02:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-28 13:20 . 2008-11-29 02:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-28 13:18 . 2010-03-28 13:18 734728 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-24 07:31 . 2010-04-01 13:30 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-23 22:02 . 2010-03-08 05:00 439816 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Application Data\Real\Update\setup3.10\setup.exe
2010-03-23 16:09 . 2010-03-23 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-23 16:09 . 2009-04-09 22:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 07:37 . 2010-03-16 07:37 278120 -c--a-w- c:\windows\system32\nvmccs.dll
2010-03-16 07:37 . 2010-03-16 07:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 07:37 . 2010-03-16 07:37 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2010-03-16 07:37 . 2010-03-16 07:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 07:37 . 2010-03-16 07:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 07:37 . 2010-03-16 07:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51 . 2010-04-01 05:34 61440 -c--a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51 . 2010-04-01 05:34 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2010-04-01 05:34 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51 . 2010-04-01 05:34 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51 . 2010-04-01 05:34 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51 . 2010-04-01 05:34 2030184 -c--a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51 . 2010-04-01 05:34 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2010-04-01 05:34 215656 -c--a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2010-04-01 05:34 215656 -c--a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2010-04-01 05:34 11640832 -c--a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51 . 2010-04-01 05:34 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-16 06:51 . 2010-04-01 05:34 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-12_18.59.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 20:44 . 2010-06-12 20:44 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
+ 2010-06-12 20:44 . 2010-06-12 20:44 16384 c:\windows\Temp\Perflib_Perfdata_2bc.dat
+ 2008-04-14 09:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 09:42 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2009-04-15 07:35 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2003-03-31 12:00 . 2010-06-12 20:49 68680 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2010-06-12 18:56 68680 c:\windows\system32\perfc009.dat
+ 2008-04-14 01:56 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 09:41 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
- 2009-06-11 21:57 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 21:57 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-14 01:56 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-11-20 08:32 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 09:41 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2010-04-16 16:09 . 2010-04-16 16:09 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-06 00:27 . 2008-04-14 09:41 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-03 13:00 . 2010-04-16 11:43 41984 c:\windows\system32\dllcache\iecompat.dll
+ 2008-11-20 08:32 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2008-11-20 06:41 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2010-06-12 18:52 . 2010-06-12 20:42 14478 c:\windows\SoftwareDistribution\EventCache\{7E62A6D4-77E8-4868-99D8-A0FACF8F7639}.bin
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-12 19:21 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-12 19:21 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-12 19:21 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 37888 c:\windows\ie8\url.dll
+ 2010-06-12 19:21 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 39424 c:\windows\ie8\pngfilt.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 96256 c:\windows\ie8\occache.dll
+ 2010-06-12 19:21 . 2008-04-14 01:56 56832 c:\windows\ie8\mshtmler.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 29184 c:\windows\ie8\mshta.exe
+ 2010-06-12 19:21 . 2008-08-26 07:24 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 22016 c:\windows\ie8\licmgr10.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 15872 c:\windows\ie8\jsproxy.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 96256 c:\windows\ie8\inseng.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 35840 c:\windows\ie8\imgutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 93184 c:\windows\ie8\iexplore.exe
+ 2010-06-12 19:21 . 2008-04-14 09:41 62976 c:\windows\ie8\iesetup.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 48640 c:\windows\ie8\iernonce.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 81920 c:\windows\ie8\ieencode.dll
+ 2010-06-12 19:21 . 2009-01-11 05:00 79360 c:\windows\ie8\iecompat.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-06-12 19:21 . 2008-08-26 07:24 63488 c:\windows\ie8\icardie.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 38912 c:\windows\ie8\hmmapi.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 35328 c:\windows\ie8\corpol.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 99840 c:\windows\ie8\advpack.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 61440 c:\windows\ie8\admparse.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-12 19:29 . 2010-06-12 19:29 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-11-29 08:12 . 2009-11-29 08:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-11-20 08:26 . 2010-06-12 20:30 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-12 19:21 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB982632-IE8\iecompat.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-30 01:15 . 2009-11-30 01:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-11-20 06:41 . 2009-08-06 23:23 209624 c:\windows\system32\wuweb.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2008-04-14 09:42 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2008-04-14 09:42 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2010-06-12 20:49 436228 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-06-12 18:56 436228 c:\windows\system32\perfh009.dat
+ 2008-04-14 09:42 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-11-20 06:41 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-04-14 09:42 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2008-11-20 01:24 . 2010-05-30 04:17 336256 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-20 01:24 . 2010-06-12 20:01 336256 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 09:41 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-11-20 06:41 . 2009-08-06 23:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-11-20 06:41 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-04-14 09:42 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2008-11-20 06:41 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-11-20 06:41 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
- 2009-06-11 21:57 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 21:57 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-11-20 08:32 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 09:42 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 09:41 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 09:39 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 09:39 . 2008-04-14 09:39 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\1d444c.msp
+ 2008-11-20 08:26 . 2010-06-12 20:30 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-12 19:21 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-12 19:21 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-12 19:21 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-12 19:21 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-12 19:21 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-12 19:21 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-12 19:21 . 2008-04-14 09:42 666112 c:\windows\ie8\wininet.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 276480 c:\windows\ie8\webcheck.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 851968 c:\windows\ie8\vgx.dll
+ 2010-06-12 19:21 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 619520 c:\windows\ie8\urlmon.dll
+ 2010-06-12 19:21 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2008-04-14 09:42 532480 c:\windows\ie8\mstime.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 146432 c:\windows\ie8\msrating.dll
+ 2010-06-12 19:21 . 2003-03-31 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 449024 c:\windows\ie8\mshtmled.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 459264 c:\windows\ie8\msfeeds.dll
+ 2010-06-12 19:21 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 267776 c:\windows\ie8\iertutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 251904 c:\windows\ie8\iepeers.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-06-12 19:21 . 2003-03-31 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 216576 c:\windows\ie8\ieaksie.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 143360 c:\windows\ie8\ieakeng.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 205312 c:\windows\ie8\dxtrans.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-11-30 01:15 . 2009-11-30 01:15 303104 c:\windows\assembly\temp\OY6FOX5ENW\System.Runtime.Remoting.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-12 19:33 . 2010-06-12 19:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-12 20:18 . 2010-06-12 20:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-12 19:32 . 2010-06-12 19:32 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-29 08:12 . 2009-11-29 08:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-06-12 19:22 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-06-12 19:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2008-04-14 09:43 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2010-04-16 16:09 1509888 c:\windows\system32\shdocvw.dll
+ 2008-04-14 09:42 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2008-04-14 09:42 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-04-14 09:43 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 05:00 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 09:42 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2010-04-16 16:09 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 09:42 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-04-14 09:42 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-11-20 06:41 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-11-20 08:32 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
- 2008-04-14 09:41 . 2008-04-14 09:41 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2008-04-14 09:41 . 2010-04-16 16:09 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 09:41 . 2010-04-16 16:09 1025024 c:\windows\system32\browseui.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\1d445a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\1d4459.msp
+ 2009-10-16 22:07 . 2009-10-16 22:07 6115328 c:\windows\Installer\193431.msp
+ 2010-04-21 21:46 . 2010-04-21 21:46 5522432 c:\windows\Installer\19341a.msp
+ 2010-06-12 19:21 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-12 19:21 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 3066880 c:\windows\ie8\mshtml.dll
+ 2010-06-12 19:21 . 2008-10-03 17:41 6066176 c:\windows\ie8\ieframe.dll
+ 2010-06-12 19:21 . 2007-04-17 09:32 2455488 c:\windows\ie8\ieapfltr.dat
+ 2010-06-12 19:29 . 2010-06-12 19:29 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 3858944 c:\windows\assembly\NativeImages_v2.0.50727_32\twaingui\f8bb534e33e5e0a2ead89f5ed0c9b6e4\twaingui.ni.exe
+ 2010-06-12 19:28 . 2010-06-12 19:28 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-12 20:18 . 2010-06-12 20:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-12 19:29 . 2010-06-12 19:29 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-12 19:22 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2008-11-20 08:29 . 2010-04-30 15:51 32058312 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\1d446a.msp
+ 2010-06-12 19:21 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSoundSwitch"="c:\documents and settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe" [2010-03-31 110592]
"cdloader"="c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-12 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 270336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-02-08 1634304]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\HEAVYWEIGHT\Start Menu\Programs\Startup\
Shortcut to QuickSoundSwitch.lnk - c:\documents and settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe [2010-3-30 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-12 67128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Mushroom Clown 720.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-23 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\NetSupport Manager\\PCICTLUI.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\HEAVYWEIGHT\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9322:TCP"= 9322:TCP:EKDiscovery
"30850:TCP"= 30850:TCP:net support
"30850:UDP"= 30850:UDP:netsupport
"9323:TCP"= 9323:TCP:EKDiscovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2010 9:33 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2009 6:20 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2009 6:20 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/23/2010 12:09 PM 308064]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [1/20/2010 12:13 PM 99704]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2/11/2010 3:36 PM 300400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/30/2010 9:02 PM 58600]
S3 ZOOM705;Zoom Wireless-G USB 705 driver;c:\windows\system32\drivers\WlanUIG.sys [8/23/2006 3:17 PM 357792]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd23
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:33]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003Core.job
- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-12 05:07]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003UA.job
- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-12 05:07]

2010-06-11 c:\windows\Tasks\Norton Security Scan for HEAVYWEIGHT.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-31 04:04]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\
FF - prefs.js: browser.search.selectedEngine - Creative Commons
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-06-12 17:26:40
ComboFix-quarantined-files.txt 2010-06-12 21:26
ComboFix2.txt 2010-06-12 19:00

Pre-Run: 57,260,830,720 bytes free
Post-Run: 63,758,983,168 bytes free

- - End Of File - - 1977CD10FAEC511E7F10C5A85BCC9CE0


TDS

17:00:58:593 5428 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:00:58:593 5428 ================================================================================
17:00:58:593 5428 SystemInfo:

17:00:58:593 5428 OS Version: 5.1.2600 ServicePack: 3.0
17:00:58:593 5428 Product type: Workstation
17:00:58:593 5428 ComputerName: HEAVYWEI-D3366D
17:00:58:593 5428 UserName: HEAVYWEIGHT
17:00:58:593 5428 Windows directory: C:\WINDOWS
17:00:58:593 5428 Processor architecture: Intel x86
17:00:58:593 5428 Number of processors: 1
17:00:58:593 5428 Page size: 0x1000
17:00:58:609 5428 Boot type: Normal boot
17:00:58:609 5428 ================================================================================
17:00:59:171 5428 Initialize success
17:00:59:171 5428
17:00:59:171 5428 Scanning Services ...
17:00:59:250 5428 Raw services enum returned 369 services
17:00:59:265 5428
17:00:59:265 5428 Scanning Drivers ...
17:01:00:046 5428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:00:109 5428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:00:171 5428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:00:234 5428 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:01:00:281 5428 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:01:00:312 5428 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:01:00:375 5428 AsIO (c959989e2ce8da9bde8cafddba84badf) C:\WINDOWS\system32\drivers\AsIO.sys
17:01:00:375 5428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:00:421 5428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:00:453 5428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:00:484 5428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:00:531 5428 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\System32\Drivers\avgldx86.sys
17:01:00:562 5428 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
17:01:00:671 5428 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\System32\Drivers\avgtdix.sys
17:01:00:750 5428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:00:859 5428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:00:890 5428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:00:906 5428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:00:953 5428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:00:984 5428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:01:046 5428 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
17:01:01:078 5428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:01:156 5428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:01:234 5428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:01:01:250 5428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:01:265 5428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:01:281 5428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:01:312 5428 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
17:01:01:343 5428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:01:359 5428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:01:375 5428 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
17:01:01:406 5428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:01:01:421 5428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:01:01:468 5428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:01:01:484 5428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:01:625 5428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:01:703 5428 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:01:750 5428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:01:843 5428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:01:01:859 5428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:01:906 5428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:01:937 5428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:01:984 5428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:02:015 5428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:01:02:031 5428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:02:046 5428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:02:078 5428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:02:109 5428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:02:140 5428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:02:171 5428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:02:203 5428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:02:218 5428 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:02:250 5428 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:01:02:281 5428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:02:328 5428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:02:375 5428 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:01:02:406 5428 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
17:01:02:453 5428 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
17:01:02:546 5428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:02:578 5428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:01:02:671 5428 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:01:02:734 5428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:02:796 5428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:02:812 5428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:02:843 5428 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:01:02:859 5428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:02:921 5428 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:02:953 5428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:02:968 5428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:02:968 5428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:03:000 5428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:03:031 5428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:03:031 5428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:03:062 5428 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:01:03:062 5428 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:01:03:093 5428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:03:140 5428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:03:156 5428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:03:171 5428 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:03:187 5428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:03:218 5428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:03:218 5428 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:03:265 5428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:03:296 5428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:03:328 5428 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:01:03:343 5428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:03:406 5428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:03:453 5428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:03:812 5428 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:04:093 5428 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
17:01:04:109 5428 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:01:04:140 5428 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
17:01:04:156 5428 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:01:04:187 5428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:04:203 5428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:04:250 5428 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:01:04:296 5428 P17 (4988ac8b88c9814ccb0b2f93869af1e0) C:\WINDOWS\system32\drivers\P17.sys
17:01:04:390 5428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:04:421 5428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:04:453 5428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:04:562 5428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:04:593 5428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:04:703 5428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:04:812 5428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:04:828 5428 PQNTDrv (474543751522111dd7c0cf09e17f6d9f) C:\WINDOWS\system32\drivers\PQNTDrv.sys
17:01:04:843 5428 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:01:04:859 5428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:01:04:890 5428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:04:921 5428 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:01:04:968 5428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:05:000 5428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:05:015 5428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:05:015 5428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:05:062 5428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:05:078 5428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:05:109 5428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:01:05:125 5428 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:05:156 5428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:05:203 5428 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
17:01:05:234 5428 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
17:01:05:265 5428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:05:281 5428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:05:312 5428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:05:328 5428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:05:359 5428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:05:390 5428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:05:437 5428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:05:468 5428 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:05:500 5428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:05:500 5428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:05:593 5428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:05:671 5428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:01:05:796 5428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:01:05:859 5428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:01:05:859 5428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:01:05:890 5428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:01:05:921 5428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:01:05:968 5428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:01:06:000 5428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:01:06:031 5428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:01:06:062 5428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:01:06:093 5428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:01:06:109 5428 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:01:06:125 5428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:01:06:156 5428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:01:06:187 5428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:01:06:218 5428 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:01:06:234 5428 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
17:01:06:265 5428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:01:06:312 5428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:01:06:328 5428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:01:06:359 5428 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:01:06:390 5428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:06:421 5428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:06:437 5428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:01:06:468 5428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:06:562 5428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:06:609 5428 ZOOM705 (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
17:01:06:687 5428
17:01:06:687 5428 Completed
17:01:06:687 5428
17:01:06:687 5428 Results:
17:01:06:687 5428 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:01:06:687 5428 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:01:06:687 5428
17:01:06:687 5428 KLMD(ARK) unloaded successfully



COMBO

ComboFix 10-06-11.01 - HEAVYWEIGHT 06/12/2010 17:19:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1981 [GMT -4:00]
Running from: c:\documents and settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\thcbytes.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\nvcohda(10).dll
c:\windows\system32\nvcohda(11).dll
c:\windows\system32\nvcohda(12).dll
c:\windows\system32\nvcohda(13).dll
c:\windows\system32\nvcohda(14).dll
c:\windows\system32\nvcohda(15).dll
c:\windows\system32\nvcohda(16).dll
c:\windows\system32\nvcohda(17).dll
c:\windows\system32\nvcohda(18).dll
c:\windows\system32\nvcohda(19).dll
c:\windows\system32\nvcohda(2).dll
c:\windows\system32\nvcohda(20).dll
c:\windows\system32\nvcohda(21).dll
c:\windows\system32\nvcohda(22).dll
c:\windows\system32\nvcohda(23).dll
c:\windows\system32\nvcohda(24).dll
c:\windows\system32\nvcohda(25).dll
c:\windows\system32\nvcohda(26).dll
c:\windows\system32\nvcohda(27).dll
c:\windows\system32\nvcohda(28).dll
c:\windows\system32\nvcohda(29).dll
c:\windows\system32\nvcohda(3).dll
c:\windows\system32\nvcohda(30).dll
c:\windows\system32\nvcohda(31).dll
c:\windows\system32\nvcohda(32).dll
c:\windows\system32\nvcohda(33).dll
c:\windows\system32\nvcohda(34).dll
c:\windows\system32\nvcohda(35).dll
c:\windows\system32\nvcohda(36).dll
c:\windows\system32\nvcohda(37).dll
c:\windows\system32\nvcohda(38).dll
c:\windows\system32\nvcohda(39).dll
c:\windows\system32\nvcohda(4).dll
c:\windows\system32\nvcohda(40).dll
c:\windows\system32\nvcohda(41).dll
c:\windows\system32\nvcohda(42).dll
c:\windows\system32\nvcohda(43).dll
c:\windows\system32\nvcohda(5).dll
c:\windows\system32\nvcohda(6).dll
c:\windows\system32\nvcohda(64).dll
c:\windows\system32\nvcohda(65).dll
c:\windows\system32\nvcohda(66).dll
c:\windows\system32\nvcohda(67).dll
c:\windows\system32\nvcohda(68).dll
c:\windows\system32\nvcohda(69).dll
c:\windows\system32\nvcohda(7).dll
c:\windows\system32\nvcohda(70).dll
c:\windows\system32\nvcohda(71).dll
c:\windows\system32\nvcohda(72).dll
c:\windows\system32\nvcohda(73).dll
c:\windows\system32\nvcohda(74).dll
c:\windows\system32\nvcohda(75).dll
c:\windows\system32\nvcohda(76).dll
c:\windows\system32\nvcohda(77).dll
c:\windows\system32\nvcohda(78).dll
c:\windows\system32\nvcohda(79).dll
c:\windows\system32\nvcohda(8).dll
c:\windows\system32\nvcohda(80).dll
c:\windows\system32\nvcohda(81).dll
c:\windows\system32\nvcohda(82).dll
c:\windows\system32\nvcohda(83).dll
c:\windows\system32\nvcohda(9).dll
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\VB6KO.DLL

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-12 21:02 . 2010-05-31 14:41 998736 ----a-w- C:\TDSSKiller.exe
2010-06-12 20:45 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\in00000\setup.exe
2010-06-12 20:45 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\ar00000\install.exe
2010-06-12 19:21 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 19:21 . 2010-06-12 19:21 -------- dc-h--w- c:\windows\ie8
2010-06-07 06:21 . 2010-06-07 06:21 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Yahoo
2010-06-07 06:21 . 2010-06-07 06:21 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2010-06-05 02:57 . 2010-06-05 02:57 -------- d-----w- c:\program files\AVEO
2010-06-05 02:57 . 2008-05-27 19:35 171520 ----a-w- c:\windows\system32\drivers\aveodcnt.sys
2010-06-05 02:57 . 2007-07-05 17:20 28672 ------w- c:\windows\system32\MFC_InstDrvDLL.dll
2010-06-05 02:57 . 2005-01-21 14:42 57344 ------w- c:\windows\system32\sx_cam_i420.dll
2010-06-04 14:04 . 2010-06-04 14:04 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Yahoo
2010-06-04 13:54 . 2010-06-09 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-04 13:54 . 2010-06-04 14:04 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Yahoo!
2010-06-04 13:49 . 2010-06-04 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-04 13:49 . 2010-04-20 20:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-06-04 13:48 . 2010-06-04 13:54 -------- d-----w- c:\program files\Yahoo!
2010-06-04 04:13 . 2008-04-14 04:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-06-04 04:13 . 2008-04-14 04:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-06-02 12:39 . 2010-06-02 12:39 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 12:39 . 2010-06-02 12:39 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Malwarebytes
2010-06-01 00:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-01 00:20 . 2010-06-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-01 00:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 18:48 . 2010-06-11 23:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\windows\system32\drivers\NSS
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\program files\Norton Security Scan
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\program files\NortonInstaller
2010-05-31 16:50 . 2010-05-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-31 13:51 . 2010-05-31 13:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-31 13:51 . 2010-05-31 13:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-31 13:51 . 2010-05-31 13:51 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-31 13:50 . 2010-05-31 13:50 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-31 13:50 . 2010-05-31 13:50 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-31 13:49 . 2010-05-31 13:49 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-05-30 16:32 . 2010-05-30 16:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-05-30 16:32 . 2010-05-30 16:33 -------- d-----w- c:\documents and settings\Administrator
2010-05-30 14:15 . 2010-05-30 14:15 -------- d-----w- c:\documents and settings\Guest\Application Data\DivX
2010-05-30 01:21 . 2010-05-30 01:21 29926 ----a-r- c:\documents and settings\HEAVYWEIGHT\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-05-30 01:21 . 2005-09-24 03:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-05-30 01:21 . 2010-05-30 01:21 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-05-30 01:21 . 2010-05-30 01:21 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Downloaded Installations
2010-05-30 01:20 . 2010-05-30 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Pinnacle
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 12
2010-05-30 01:15 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2010-05-30 01:02 . 2010-05-30 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-29 16:06 . 2010-05-29 16:06 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\WMTools Downloaded Files
2010-05-29 15:07 . 2010-05-29 15:07 -------- d-sh--w- c:\documents and settings\HEAVYWEIGHT\IECompatCache
2010-05-27 16:24 . 2010-05-27 16:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 01:09 . 2010-05-22 01:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-17 00:43 . 2010-05-17 00:43 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman Kodak Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 20:45 . 2010-01-24 00:03 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp
2010-06-12 20:44 . 2009-11-28 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-12 19:21 . 2009-11-20 06:43 0 ----a-w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\prvlcl.dat
2010-06-12 19:21 . 2009-11-16 13:52 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\prvlcl.dat
2010-06-12 18:50 . 2003-03-31 12:00 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-06-08 19:38 . 2009-10-05 15:09 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 13:33 . 2010-03-28 13:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 03:00 . 2008-11-20 07:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 02:59 . 2008-11-29 02:21 -------- d-----w- c:\program files\CyberLink
2010-06-02 12:39 . 2009-04-09 22:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 12:39 . 2009-04-09 22:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 13:53 . 2010-04-09 06:24 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-31 13:53 . 2010-04-09 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-31 13:51 . 2008-12-17 04:47 -------- d-----w- c:\program files\DivX
2010-05-31 13:49 . 2010-04-09 06:23 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-31 13:49 . 2010-04-09 06:23 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-30 11:38 . 2009-05-29 20:04 103512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-30 02:52 . 2008-12-24 17:00 103512 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 15:01 . 2010-03-24 00:10 54296 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 15:46 . 2009-11-14 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-06 10:41 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 13:34 . 2010-03-28 15:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-27 22:43 . 2009-11-28 22:02 -------- d-----w- c:\documents and settings\HEAVYWEIGHT\Application Data\Temp
2010-04-21 17:34 . 2010-04-03 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-04-20 05:30 . 2008-04-14 09:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 16:42 . 2010-04-19 16:42 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-19 16:42 . 2010-04-19 16:42 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-16 16:09 . 2010-04-16 16:09 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-12 23:02 . 2010-04-12 23:02 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-04-09 06:23 . 2010-04-09 06:23 56978 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54629 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54101 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 52963 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 54073 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-09 06:22 . 2010-04-09 06:22 56969 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-07 14:04 . 2010-04-07 14:04 768 -c--a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 20:35 . 2010-05-30 16:32 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-02 17:37 . 2010-04-02 06:44 20 -c--a-w- c:\windows\system32\nvModes.dat
2010-03-31 06:48 . 2010-03-31 06:48 64 -c--a-w- c:\windows\system32\rp_stats.dat
2010-03-31 06:48 . 2010-03-31 06:48 44 -c--a-w- c:\windows\system32\rp_rules.dat
2010-03-31 01:58 . 2008-12-17 04:47 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-12-17 04:47 133616 -c----w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-12-17 04:47 125424 -c----w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-12-17 04:47 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-03-28 13:33 . 2010-03-28 13:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-28 13:21 . 2010-03-28 13:21 49152 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-28 13:21 . 2010-03-28 13:21 45056 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-28 13:21 . 2010-03-28 13:21 40960 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-28 13:21 . 2010-03-28 13:21 341600 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-28 13:21 . 2010-03-28 13:21 308808 -c--a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-28 13:21 . 2010-03-28 13:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-28 13:20 . 2008-11-29 02:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-28 13:20 . 2008-11-29 02:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-28 13:18 . 2010-03-28 13:18 734728 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-24 07:31 . 2010-04-01 13:30 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-23 22:02 . 2010-03-08 05:00 439816 -c--a-w- c:\documents and settings\HEAVYWEIGHT\Application Data\Real\Update\setup3.10\setup.exe
2010-03-23 16:09 . 2010-03-23 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-23 16:09 . 2009-04-09 22:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 07:37 . 2010-03-16 07:37 278120 -c--a-w- c:\windows\system32\nvmccs.dll
2010-03-16 07:37 . 2010-03-16 07:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 07:37 . 2010-03-16 07:37 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2010-03-16 07:37 . 2010-03-16 07:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 07:37 . 2010-03-16 07:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 07:37 . 2010-03-16 07:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51 . 2010-04-01 05:34 61440 -c--a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51 . 2010-04-01 05:34 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2010-04-01 05:34 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51 . 2010-04-01 05:34 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51 . 2010-04-01 05:34 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51 . 2010-04-01 05:34 2030184 -c--a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51 . 2010-04-01 05:34 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2010-04-01 05:34 215656 -c--a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2010-04-01 05:34 215656 -c--a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2010-04-01 05:34 11640832 -c--a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51 . 2010-04-01 05:34 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-16 06:51 . 2010-04-01 05:34 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-12_18.59.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 20:44 . 2010-06-12 20:44 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
+ 2010-06-12 20:44 . 2010-06-12 20:44 16384 c:\windows\Temp\Perflib_Perfdata_2bc.dat
+ 2008-04-14 09:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 09:42 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2009-04-15 07:35 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2003-03-31 12:00 . 2010-06-12 20:49 68680 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2010-06-12 18:56 68680 c:\windows\system32\perfc009.dat
+ 2008-04-14 01:56 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 09:41 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
- 2009-06-11 21:57 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 21:57 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-14 01:56 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 09:42 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-11-20 08:32 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 09:41 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2010-04-16 16:09 . 2010-04-16 16:09 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-04-06 00:27 . 2008-04-14 09:41 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-03 13:00 . 2010-04-16 11:43 41984 c:\windows\system32\dllcache\iecompat.dll
+ 2008-11-20 08:32 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2008-11-20 06:41 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2008-04-14 09:41 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2010-06-12 18:52 . 2010-06-12 20:42 14478 c:\windows\SoftwareDistribution\EventCache\{7E62A6D4-77E8-4868-99D8-A0FACF8F7639}.bin
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-12 19:21 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-12 19:21 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-12 19:21 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 37888 c:\windows\ie8\url.dll
+ 2010-06-12 19:21 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 39424 c:\windows\ie8\pngfilt.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 96256 c:\windows\ie8\occache.dll
+ 2010-06-12 19:21 . 2008-04-14 01:56 56832 c:\windows\ie8\mshtmler.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 29184 c:\windows\ie8\mshta.exe
+ 2010-06-12 19:21 . 2008-08-26 07:24 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 22016 c:\windows\ie8\licmgr10.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 15872 c:\windows\ie8\jsproxy.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 96256 c:\windows\ie8\inseng.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 35840 c:\windows\ie8\imgutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 93184 c:\windows\ie8\iexplore.exe
+ 2010-06-12 19:21 . 2008-04-14 09:41 62976 c:\windows\ie8\iesetup.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 48640 c:\windows\ie8\iernonce.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 81920 c:\windows\ie8\ieencode.dll
+ 2010-06-12 19:21 . 2009-01-11 05:00 79360 c:\windows\ie8\iecompat.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-06-12 19:21 . 2008-08-26 07:24 63488 c:\windows\ie8\icardie.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 38912 c:\windows\ie8\hmmapi.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 35328 c:\windows\ie8\corpol.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 99840 c:\windows\ie8\advpack.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 61440 c:\windows\ie8\admparse.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-12 19:29 . 2010-06-12 19:29 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-11-29 08:12 . 2009-11-29 08:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-11-20 08:26 . 2010-06-12 20:30 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-12 19:21 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB982632-IE8\iecompat.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-30 01:15 . 2009-11-30 01:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-11-20 06:41 . 2009-08-06 23:23 209624 c:\windows\system32\wuweb.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2008-04-14 09:42 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2008-04-14 09:42 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2003-03-31 12:00 . 2010-06-12 20:49 436228 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-06-12 18:56 436228 c:\windows\system32\perfh009.dat
+ 2008-04-14 09:42 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-11-20 06:41 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-04-14 09:42 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2008-11-20 01:24 . 2010-05-30 04:17 336256 c:\windows\system32\FNTCACHE.DAT
+ 2008-11-20 01:24 . 2010-06-12 20:01 336256 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 09:41 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-11-20 06:41 . 2009-08-06 23:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-11-20 06:41 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-04-14 09:42 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 09:42 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2008-11-20 06:41 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-11-20 06:41 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
- 2009-06-11 21:57 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 21:57 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 09:41 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-11-20 08:32 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-03-31 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 09:41 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 09:42 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 09:41 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 09:41 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 09:39 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 09:39 . 2008-04-14 09:39 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 09:41 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\1d444c.msp
+ 2008-11-20 08:26 . 2010-06-12 20:30 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-20 08:26 . 2010-06-12 20:30 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-11-20 08:26 . 2010-04-15 07:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-12 19:21 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-12 19:21 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-12 19:21 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-12 19:21 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-12 19:21 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-12 19:21 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-12 19:21 . 2008-04-14 09:42 666112 c:\windows\ie8\wininet.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 276480 c:\windows\ie8\webcheck.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 851968 c:\windows\ie8\vgx.dll
+ 2010-06-12 19:21 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 619520 c:\windows\ie8\urlmon.dll
+ 2010-06-12 19:21 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-06-12 19:21 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-06-12 19:21 . 2008-04-14 09:42 532480 c:\windows\ie8\mstime.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 146432 c:\windows\ie8\msrating.dll
+ 2010-06-12 19:21 . 2003-03-31 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 449024 c:\windows\ie8\mshtmled.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 459264 c:\windows\ie8\msfeeds.dll
+ 2010-06-12 19:21 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 267776 c:\windows\ie8\iertutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 251904 c:\windows\ie8\iepeers.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-06-12 19:21 . 2008-08-26 07:24 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-06-12 19:21 . 2003-03-31 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 216576 c:\windows\ie8\ieaksie.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 143360 c:\windows\ie8\ieakeng.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 205312 c:\windows\ie8\dxtrans.dll
+ 2010-06-12 19:21 . 2008-04-14 09:41 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-11-30 01:15 . 2009-11-30 01:15 303104 c:\windows\assembly\temp\OY6FOX5ENW\System.Runtime.Remoting.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-12 19:33 . 2010-06-12 19:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-12 20:18 . 2010-06-12 20:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-12 19:32 . 2010-06-12 19:32 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-12 20:08 . 2010-06-12 20:08 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-29 08:12 . 2009-11-29 08:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-06-12 19:22 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-06-12 19:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-06-12 19:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2008-04-14 09:43 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2010-04-16 16:09 1509888 c:\windows\system32\shdocvw.dll
+ 2008-04-14 09:42 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2008-04-14 09:42 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-04-14 09:43 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 05:00 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 09:42 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2010-04-16 16:09 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 09:42 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-04-14 09:42 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-11-20 06:41 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-11-20 06:41 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 09:42 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-11-20 08:32 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
- 2008-04-14 09:41 . 2008-04-14 09:41 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2008-04-14 09:41 . 2010-04-16 16:09 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 09:41 . 2008-04-14 09:41 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 09:41 . 2010-04-16 16:09 1025024 c:\windows\system32\browseui.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\1d445a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\1d4459.msp
+ 2009-10-16 22:07 . 2009-10-16 22:07 6115328 c:\windows\Installer\193431.msp
+ 2010-04-21 21:46 . 2010-04-21 21:46 5522432 c:\windows\Installer\19341a.msp
+ 2010-06-12 19:21 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-12 19:21 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-12 19:21 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-12 19:21 . 2008-04-14 09:42 3066880 c:\windows\ie8\mshtml.dll
+ 2010-06-12 19:21 . 2008-10-03 17:41 6066176 c:\windows\ie8\ieframe.dll
+ 2010-06-12 19:21 . 2007-04-17 09:32 2455488 c:\windows\ie8\ieapfltr.dat
+ 2010-06-12 19:29 . 2010-06-12 19:29 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 3858944 c:\windows\assembly\NativeImages_v2.0.50727_32\twaingui\f8bb534e33e5e0a2ead89f5ed0c9b6e4\twaingui.ni.exe
+ 2010-06-12 19:28 . 2010-06-12 19:28 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-12 20:20 . 2010-06-12 20:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-12 20:07 . 2010-06-12 20:07 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-12 20:18 . 2010-06-12 20:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-12 19:29 . 2010-06-12 19:29 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-12 20:09 . 2010-06-12 20:09 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-12 19:28 . 2010-06-12 19:28 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-30 01:14 . 2009-11-30 01:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-12 19:27 . 2010-06-12 19:27 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-11-30 01:15 . 2009-11-30 01:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-12 19:22 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2008-11-20 08:29 . 2010-04-30 15:51 32058312 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2008-11-20 08:32 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\1d446a.msp
+ 2010-06-12 19:21 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-12 19:33 . 2010-06-12 19:33 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-12 20:19 . 2010-06-12 20:19 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-12 20:08 . 2010-06-12 20:08 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-12 19:32 . 2010-06-12 19:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-12 19:31 . 2010-06-12 19:31 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSoundSwitch"="c:\documents and settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe" [2010-03-31 110592]
"cdloader"="c:\documents and settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-12 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 270336]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-02-08 1634304]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\HEAVYWEIGHT\Start Menu\Programs\Startup\
Shortcut to QuickSoundSwitch.lnk - c:\documents and settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe [2010-3-30 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-12 67128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Mushroom Clown 720.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-23 16:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\NetSupport Manager\\PCICTLUI.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\HEAVYWEIGHT\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9322:TCP"= 9322:TCP:EKDiscovery
"30850:TCP"= 30850:TCP:net support
"30850:UDP"= 30850:UDP:netsupport
"9323:TCP"= 9323:TCP:EKDiscovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2010 9:33 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2009 6:20 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2009 6:20 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/23/2010 12:09 PM 308064]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [1/20/2010 12:13 PM 99704]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2/11/2010 3:36 PM 300400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/30/2010 9:02 PM 58600]
S3 ZOOM705;Zoom Wireless-G USB 705 driver;c:\windows\system32\drivers\WlanUIG.sys [8/23/2006 3:17 PM 357792]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd23
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:33]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003Core.job
- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-12 05:07]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003UA.job
- c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-12 05:07]

2010-06-11 c:\windows\Tasks\Norton Security Scan for HEAVYWEIGHT.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-31 04:04]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\
FF - prefs.js: browser.search.selectedEngine - Creative Commons
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\HEAVYWEIGHT\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-06-12 17:26:40
ComboFix-quarantined-files.txt 2010-06-12 21:26
ComboFix2.txt 2010-06-12 19:00

Pre-Run: 57,260,830,720 bytes free
Post-Run: 63,758,983,168 bytes free

- - End Of File - - 1977CD10FAEC511E7F10C5A85BCC9CE0


#15 bigkevin20

bigkevin20
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 12 June 2010 - 04:59 PM

OLT


OTL logfile created on: 6/12/2010 5:31:26 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 6000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 98.07 Gb Total Space | 59.40 Gb Free Space | 60.57% Space Free | Partition Type: NTFS
Drive D: | 269.63 Gb Total Space | 190.62 Gb Free Space | 70.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 98.07 Gb Total Space | 8.08 Gb Free Space | 8.24% Space Free | Partition Type: NTFS

Computer Name: HEAVYWEI-D3366D
Current User Name: HEAVYWEIGHT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 08:33:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\OTL.exe
PRC - [2010/06/06 09:33:21 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/06 09:33:20 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/02 08:39:38 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 08:39:38 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 08:39:11 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 08:39:10 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/04 15:21:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/28 09:20:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/23 12:09:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/01/20 12:13:32 | 000,099,704 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/29 17:25:28 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/07/29 17:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/07/29 17:20:58 | 000,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/07/29 17:20:40 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/07/07 21:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 08:33:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/06 09:33:20 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/23 12:09:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/01/20 12:13:32 | 000,099,704 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2005/07/29 17:23:52 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/07/29 17:20:58 | 000,118,843 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/07/29 17:20:40 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005/07/07 21:29:52 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/06 09:33:26 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:39:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 08:39:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/23 12:09:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/16 02:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/28 10:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/02/26 01:29:58 | 001,142,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 19:53:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/08/23 15:17:00 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (ZOOM705)
DRV - [2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/14 05:52:28 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/10 08:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.SYS -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA D3 00 A1 40 FF CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Creative Commons"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 11:21:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 09:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 03:28:55 | 000,000,000 | ---D | M]

[2008/11/20 04:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Extensions
[2010/06/12 15:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions
[2010/04/27 08:08:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/25 15:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{3780b850-ba40-11db-8314-0800200c9a66}
[2009/11/04 22:55:29 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/03/23 11:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2010/03/23 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\info@djzig(2).com
[2010/03/24 08:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\info@djzig.com
[2010/01/08 19:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com
[2010/01/08 19:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Mozilla\Firefox\Profiles\nno1zy8p.default\extensions\piclens@cooliris.com-trash
[2010/06/12 15:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/12 17:24:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\HEAVYWEIGHT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [QuickSoundSwitch] C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe (Private)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\HEAVYWEIGHT\Start Menu\Programs\Startup\Shortcut to QuickSoundSwitch.lnk = C:\Documents and Settings\HEAVYWEIGHT\My Documents\QuickSoundSwitch.exe (Private)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1276370229500 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - C:\Mushroom Clown 720.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 02:43:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 17:02:22 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/06/12 15:21:42 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/12 15:21:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/12 14:47:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/12 14:44:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/12 14:44:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/12 14:44:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/12 14:44:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/12 14:43:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/12 14:42:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/12 14:33:00 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\TDSSKiller.exe
[2010/06/12 14:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\tdsskiller
[2010/06/09 22:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Bleepincomputer fix help
[2010/06/04 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\Youcam
[2010/06/04 22:57:33 | 000,171,520 | ---- | C] (AVEO Corp) -- C:\WINDOWS\System32\drivers\aveodcnt.sys
[2010/06/04 22:57:33 | 000,057,344 | ---- | C] (Xirlink, Inc.) -- C:\WINDOWS\System32\sx_cam_i420.dll
[2010/06/04 22:57:33 | 000,036,864 | ---- | C] (AVEO) -- C:\WINDOWS\System32\AVEOCamIntfc.ax
[2010/06/04 22:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVEO
[2010/06/04 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Yahoo
[2010/06/04 09:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/04 09:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Yahoo!
[2010/06/04 09:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/04 09:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/04 09:27:25 | 000,418,304 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\msgr10us.exe
[2010/06/04 00:13:08 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2010/06/04 00:13:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/06/04 00:13:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/06/01 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 20:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Application Data\Malwarebytes
[2010/05/31 20:20:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/31 20:20:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/31 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/31 20:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/31 20:19:09 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\mbam-setup-1.46.exe
[2010/05/31 20:12:49 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HousecallLauncher.exe
[2010/05/31 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/31 14:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\backups
[2010/05/31 14:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/31 12:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/05/31 12:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/31 12:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/31 03:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/30 00:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\My Documents\Pinnacle Studio
[2010/05/29 22:36:53 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/29 22:36:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2010/05/29 22:36:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/05/29 22:36:50 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/29 22:36:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/29 22:36:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/29 22:36:49 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/29 22:36:48 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/05/29 22:36:45 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/29 22:36:43 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/29 22:36:40 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/29 22:36:33 | 000,022,528 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\emAudio.sys
[2010/05/29 22:36:20 | 000,100,957 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emDevice.sys
[2010/05/29 22:36:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/29 22:36:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/29 22:36:20 | 000,081,920 | ---- | C] (Pinnacle Systems) -- C:\WINDOWS\System32\PCLECoInst.dll
[2010/05/29 22:36:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/29 22:36:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/29 22:36:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/05/29 22:36:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/29 22:36:20 | 000,045,056 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emVFW.dll
[2010/05/29 22:36:20 | 000,032,768 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emProp.ax
[2010/05/29 22:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/05/29 22:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/29 22:36:20 | 000,024,269 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emStream.sys
[2010/05/29 22:36:20 | 000,017,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\emYUV.dll
[2010/05/29 22:36:20 | 000,009,739 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emUSD.dll
[2010/05/29 22:36:20 | 000,005,245 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emFilter.sys
[2010/05/29 22:36:20 | 000,004,493 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emScan.sys
[2010/05/29 22:36:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/29 22:36:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/29 22:36:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/05/29 22:36:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010/05/29 22:36:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010/05/29 22:36:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/05/29 21:21:14 | 000,171,520 | ---- | C] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\MarvinBus.sys
[2010/05/29 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/05/29 21:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\Downloaded Installations
[2010/05/29 21:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/05/29 21:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2010/05/29 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Projects
[2010/05/29 21:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2010/05/29 21:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/05/29 21:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/05/29 16:11:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HijackThis.exe
[2010/05/29 15:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices
[2010/05/29 12:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\WMTools Downloaded Files
[2010/05/29 11:07:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HEAVYWEIGHT\IECompatCache
[2010/05/24 15:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Photoshop Art
[2010/05/22 11:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/22 11:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/22 11:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/22 10:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\xrajsource
[2006/10/10 03:11:17 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/12 17:27:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/12 17:26:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/12 17:24:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/12 17:24:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/12 16:49:04 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 16:49:03 | 000,513,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 16:49:03 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 16:48:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/12 16:45:34 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\magicJack.lnk
[2010/06/12 16:44:44 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/12 16:44:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/12 16:43:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 16:42:42 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\ntuser.dat
[2010/06/12 16:42:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\ntuser.ini
[2010/06/12 16:36:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003UA.job
[2010/06/12 16:01:50 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 15:30:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/12 15:21:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\prvlcl.dat
[2010/06/12 14:47:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/12 12:02:43 | 060,960,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/11 19:31:57 | 000,000,486 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HEAVYWEIGHT.job
[2010/06/11 17:41:57 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 08:36:05 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-436374069-682003330-1003Core.job
[2010/06/08 23:05:40 | 004,231,474 | -H-- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\IconCache.db
[2010/06/08 15:38:57 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/07 23:23:27 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 09:33:26 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/04 23:00:55 | 058,982,454 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\AveoStill0000.bmp
[2010/06/04 22:59:50 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\CyberLink YouCam.lnk
[2010/06/04 22:57:33 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2010/06/04 09:49:31 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/04 09:27:25 | 000,418,304 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\msgr10us.exe
[2010/06/02 08:39:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 08:39:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 15:57:48 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\default.pls
[2010/06/01 11:19:18 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/31 20:20:03 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:19:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\mbam-setup-1.46.exe
[2010/05/31 20:13:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 20:12:51 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HousecallLauncher.exe
[2010/05/31 15:20:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/31 12:50:21 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/05/31 12:50:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\TDSSKiller.exe
[2010/05/31 09:51:13 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\DivX Movies.lnk
[2010/05/30 09:26:52 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/05/29 22:52:17 | 000,103,512 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 16:11:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\HijackThis.exe
[2010/05/29 15:37:17 | 000,130,337 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices.zip
[2010/05/29 11:01:26 | 000,054,296 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/21 21:02:03 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\save ryab.bmp
[2010/05/21 20:59:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\New Windows Bitmap Image.bmp
[2010/05/18 21:59:57 | 001,328,783 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 020.jpg
[2010/05/18 21:59:56 | 001,507,253 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 017.jpg
[2010/05/18 21:59:56 | 001,431,281 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 018.jpg
[2010/05/18 21:59:56 | 001,330,886 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 019.jpg
[2010/05/18 21:59:55 | 002,739,853 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 016.jpg
[2010/05/16 15:43:22 | 006,365,732 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\matt Truck head copy.jpg
[2010/05/15 15:20:06 | 010,307,298 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv.part
[2010/05/15 15:05:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv
[2010/05/14 21:55:21 | 000,077,431 | ---- | M] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\28302_1278160158774_1373111365_30616677_8109123_n.jpg
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/12 14:47:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/12 14:47:33 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/12 14:44:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/12 14:44:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/12 14:44:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/12 14:44:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/12 14:44:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/04 23:00:54 | 058,982,454 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\AveoStill0000.bmp
[2010/06/04 22:59:50 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\CyberLink YouCam.lnk
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\newspaper_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\aim_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\3_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\2_640_480.bmp
[2010/06/04 22:57:33 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\1_640_480.bmp
[2010/06/04 22:57:33 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\magnifier_640_480.bmp
[2010/06/04 22:57:33 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\4_640_480.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\newspaper_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\magnifier_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\aim_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\3_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\2_320_240.bmp
[2010/06/04 22:57:33 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\1_320_240.bmp
[2010/06/04 22:57:33 | 000,230,454 | ---- | C] () -- C:\WINDOWS\System32\4_320_240.bmp
[2010/06/04 22:57:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2010/06/04 22:57:32 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2010/06/04 09:49:31 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/05/31 20:20:03 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/31 20:13:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:20:30 | 000,002,085 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010/05/31 15:20:30 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Start Menu\Programs\Startup\Shortcut to QuickSoundSwitch.lnk
[2010/05/31 12:50:23 | 000,000,486 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for HEAVYWEIGHT.job
[2010/05/31 12:50:21 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/05/31 12:50:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/05/31 09:51:13 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\DivX Movies.lnk
[2010/05/29 22:36:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/05/29 22:36:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/05/29 22:36:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/05/29 22:36:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/05/29 22:36:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/05/29 22:36:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/05/29 21:19:05 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/05/29 21:04:25 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/29 15:37:14 | 000,130,337 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\getservices.zip
[2010/05/21 21:02:03 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\save ryab.bmp
[2010/05/21 20:59:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\New Windows Bitmap Image.bmp
[2010/05/18 18:56:14 | 001,328,783 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 020.jpg
[2010/05/18 18:56:02 | 001,330,886 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 019.jpg
[2010/05/18 18:55:14 | 001,431,281 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 018.jpg
[2010/05/18 18:54:48 | 001,507,253 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\Picture 017.jpg
[2010/05/16 15:43:16 | 006,365,732 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\matt Truck head copy.jpg
[2010/05/15 15:05:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv
[2010/05/15 15:05:11 | 010,307,298 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\btra6636500k.wmv.part
[2010/05/14 21:55:21 | 000,077,431 | ---- | C] () -- C:\Documents and Settings\HEAVYWEIGHT\Desktop\28302_1278160158774_1373111365_30616677_8109123_n.jpg
[2010/04/02 02:40:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/03/25 20:55:56 | 000,002,191 | R--- | C] () -- C:\WINDOWS\P17EP.ini
[2010/03/25 20:55:56 | 000,001,694 | R--- | C] () -- C:\WINDOWS\P17EP51.ini
[2010/03/25 20:55:55 | 000,014,848 | R--- | C] () -- C:\WINDOWS\System32\P17RunE.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/02 21:16:22 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2009/02/05 00:28:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/28 22:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/11/20 04:26:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/20 04:03:45 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/11/20 04:03:45 | 000,004,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/11/20 03:53:20 | 000,000,705 | ---- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/11/20 03:53:20 | 000,000,265 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/11/20 03:52:54 | 000,020,905 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/20 03:52:51 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/15 22:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/10/10 03:11:38 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2003/10/02 06:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========



< MD5 for: DMLOAD.SY_ >
[2001/08/17 13:58:20 | 000,002,859 | ---- | M] () MD5=5ACB957591C3666670511D2607B665C3 -- C:\cmdcons\DMLOAD.SY_

< MD5 for: DMLOAD.SYS >
[2003/03/31 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\dllcache\dmload.sys
[2010/06/12 14:50:49 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys

< MD5 for: NVATA.SYS >
[2005/08/12 02:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvata.sys
[2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/01/27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\nvata.sys
< End of report >






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users