Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Get Answers Fast Google redirect, GMER scan incomplete


  • This topic is locked This topic is locked
9 replies to this topic

#1 coastermill

coastermill

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 15 November 2011 - 01:14 PM

When i would click on a google result, i would get redirected by Get-Answers-Fast. when it first started happening about a week ago, my computer ran fine, but now my computer is lagging quite a bit. being the male that i am, i thought i could get rid of it myself, so i ran combofix (which, after reading these forums, i found out i should not have). i did the DDS scan, the results are posted below. i attempted the GMER scan a few times, with no luck, as my computer would restart a few minutes into it. i have everything backed up that i need to have backed up, so i am ready to roll. thank you in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.1.0
Run by brendanjames at 19:11:56 on 2011-11-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
StartupFolder: c:\docume~1\brenda~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\brendanjames\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8804C003-DD0C-455B-A3D1-71017D14CE2B} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: ZB - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brendanjames\application data\mozilla\firefox\profiles\4gjokkwv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\brendanjames\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\brendanjames\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\brendanjames\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S2 FdRedir;FdRedir;\??\c:\program files\common files\protector suite ql\drivers\fdredir.sys --> c:\program files\common files\protector suite ql\drivers\FdRedir.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 smihlp;SMI helper driver;\??\c:\program files\protector suite ql\smihlp.sys --> c:\program files\protector suite ql\smihlp.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\25.tmp --> c:\windows\system32\25.tmp [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\program files\zune\wmzunecomm.exe" --> c:\program files\zune\WMZuneComm.exe [?]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2011-2-24 25952]
.
=============== File Associations ===============
.
txtfile=%windir%\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-15 01:11:17 221184 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IDriverT.exe
2011-11-15 01:11:15 270336 ----a-w- c:\program files\windows media player\wmlaunch.exe
2011-11-15 01:09:32 581120 ----a-w- c:\windows\system32\wiaacmgr.exe
2011-11-15 01:09:31 765952 ----a-w- c:\program files\common files\installshield\driver\7\intel 32\IDriver.exe
2011-11-15 01:09:28 258048 ----a-w- c:\windows\system32\cselect.exe
2011-11-15 01:09:23 192000 ----a-w- c:\windows\system32\alg.exe
2011-11-15 01:09:21 303104 ----a-w- c:\windows\system32\RAMASST.exe
2011-11-15 01:07:58 437248 ----a-w- c:\windows\system32\OLD243.tmp
2011-11-15 01:07:56 662016 ----a-w- c:\windows\system32\logonui(2).exe
2011-11-15 01:07:48 289792 -c--a-w- c:\windows\system32\dllcache\vssvc.exe
2011-11-15 01:07:48 289792 ----a-w- c:\windows\system32\vssvc.exe
2011-11-15 01:07:37 505344 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPVIEW.EXE
2011-11-15 01:07:20 319488 ----a-w- c:\windows\system32\nvsvc32.exe
2011-11-15 01:07:17 425984 ----a-w- c:\program files\common files\installshield\updateservice\ISDM.exe
2011-11-15 01:07:05 264192 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP11.EXE
2011-11-15 01:06:53 -------- d-----w- c:\program files\tvuplayer
2011-11-15 01:06:44 153600 ----a-w- c:\windows\system32\msdtc.exe
2011-11-15 01:06:44 1138688 ----a-w- c:\program files\windows media player\migrate.exe
2011-11-15 01:06:43 1179648 ----a-w- c:\program files\netmeeting\conf.exe
2011-11-15 01:06:42 1032192 ----a-w- c:\program files\msn\msncorefiles\install\msn9components\Digcore.exe
2011-11-15 01:06:40 921600 ----a-w- c:\program files\common files\installshield\driver\1050\intel 32\IDriver2.exe
2011-11-15 01:06:31 574976 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2011-11-15 01:06:21 686592 ----a-w- c:\program files\windows nt\dialer.exe
2011-11-15 01:06:12 216576 ----a-w- c:\windows\system32\OLD23D.tmp
2011-11-15 01:06:12 207872 ----a-w- c:\program files\outlook express\OLD23B.tmp
2011-11-15 01:06:11 177664 ----a-w- c:\program files\outlook express\OLD239.tmp
2011-11-15 01:06:00 176128 ----a-w- c:\program files\windows media player\wmpenc.exe
2011-11-15 01:04:55 1475072 ----a-w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-11-15 00:53:51 -------- d-----w- c:\documents and settings\brendanjames\local settings\application data\Sun
2011-11-15 00:53:31 611224 ----a-w- c:\program files\mozilla firefox\plugins\REN213.tmp
2011-11-14 23:54:24 388096 ----a-r- c:\documents and settings\brendanjames\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-14 23:54:24 -------- d-----w- c:\program files\Trend Micro
2011-11-14 23:49:13 266240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-11-14 23:49:11 151040 ----a-w- c:\program files\mozilla firefox\smitfraudfix\Policies.exe
2011-11-14 23:49:11 1064960 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-11-14 23:49:10 315392 ----a-w- c:\program files\mozilla firefox\smitfraudfix\unzip.exe
2011-11-14 23:49:08 409600 ----a-w- c:\program files\mozilla firefox\updater.exe
2011-11-10 03:16:35 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe
2011-11-10 03:16:35 36864 ----a-w- c:\program files\common files\microsoft shared\speech\sapisvr.exe
2011-11-09 23:38:55 -------- d-----w- C:\ComboFix(2)
2011-11-09 21:52:55 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-09 21:52:38 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-09 04:47:27 98816 ----a-w- c:\windows\sed.exe
2011-11-09 04:47:27 518144 ----a-w- c:\windows\SWREG.exe
2011-11-09 04:47:27 256000 ----a-w- c:\windows\PEV.exe
2011-11-09 04:47:27 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 03:08:49 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-11-09 03:08:49 119808 ----a-w- c:\windows\system32\winmine.exe
2011-11-09 03:08:35 39936 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2011-11-09 03:08:35 187392 ----a-w- c:\program files\common files\microsoft shared\msinfo\msinfo32.exe
2011-11-09 03:08:34 286208 ----a-w- c:\windows\system32\sndvol32.exe
2011-11-09 03:08:34 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2011-11-09 01:49:41 114 ----a-w- c:\documents and settings\brendanjames\local settings\application data\wsr20zt32.dll
2011-10-30 21:47:11 131 ----a-w- C:\DeletePrintJobs.cmd
2011-10-22 22:03:36 -------- d-----w- c:\documents and settings\brendanjames\riotsGamesLogs
2011-10-21 15:44:20 -------- d-----w- c:\documents and settings\brendanjames\application data\Braid
.
==================== Find3M ====================
.
2011-11-15 01:12:24 686080 ----a-w- c:\windows\system32\spider.exe
2011-11-15 01:12:24 204288 ----a-w- c:\windows\system32\sol.exe
2011-11-15 01:12:23 274432 ----a-w- c:\windows\system32\mshearts.exe
2011-11-15 01:12:23 202752 ----a-w- c:\windows\system32\freecell.exe
2011-11-15 01:10:40 211456 ----a-w- c:\windows\system32\cleanmgr.exe
2011-11-15 01:10:05 290816 ----a-w- c:\windows\system32\OLD260.tmp
2011-11-15 01:10:02 243200 ----a-w- c:\windows\system32\OLD25A.tmp
2011-11-15 01:10:02 227840 ----a-w- c:\windows\system32\charmap.exe
2011-11-15 01:10:02 197632 ----a-w- c:\windows\system32\OLD25D.tmp
2011-11-15 01:09:51 825344 ----a-w- c:\windows\system32\mstsc.exe
2011-11-15 01:08:42 288768 ----a-w- c:\windows\system32\OLD255.tmp
2011-11-15 01:08:38 180224 ----a-w- c:\windows\system32\OLD253.tmp
2011-11-15 01:08:25 494592 ----a-w- c:\windows\system32\OLD249.tmp
2011-11-15 01:08:02 258048 ----a-w- c:\windows\system32\DVDRAMSV.exe
2011-11-15 01:08:01 201216 ----a-w- c:\windows\system32\OLD246.tmp
2011-11-15 01:07:58 490496 ----a-w- c:\windows\system32\mspaint.exe
2011-11-15 01:07:47 279040 ----a-w- c:\windows\system32\sndrec32.exe
2011-11-15 01:07:25 262144 ----a-w- c:\windows\system32\calc.exe
2011-11-15 01:07:15 331776 ----a-w- c:\windows\system32\accwiz.exe
2011-11-15 01:05:42 222720 ----a-w- c:\windows\system32\OLD22E.tmp
2011-11-15 00:53:12 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 00:53:12 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-10 16:44:28 536576 ----a-w- c:\windows\system32\cmd.exe
2011-11-10 16:44:27 363008 ----a-w- c:\windows\system32\osk.exe
2011-11-10 16:44:26 220160 ----a-w- c:\windows\system32\magnify.exe
2011-11-10 16:32:18 226304 ----a-w- c:\windows\system32\msiexec.exe
2011-11-10 03:44:40 273920 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-11-10 03:44:40 206336 ----a-w- c:\windows\system32\spoolsv.exe
2011-11-10 03:12:26 454144 ----a-w- c:\windows\IsUninst.exe
2011-11-10 03:09:46 245760 ----a-w- c:\windows\DLA.EXE
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 02:42:30 140624 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-20 02:42:24 266752 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-20 02:42:24 266752 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-17 14:46:07 266752 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-09-13 19:26:20 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-23 15:44:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 23:19:18 3104177971 ----a-w- c:\program files\VindictusSetupV135.exe
.
============= FINISH: 19:13:01.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 PM

Posted 20 November 2011 - 09:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 coastermill

coastermill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 20 November 2011 - 12:27 PM

OTL logfile created on: 11/20/2011 10:27:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\brendanjames\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.62% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.06 Gb Total Space | 55.16 Gb Free Space | 29.64% Space Free | Partition Type: NTFS

Computer Name: BRENDAN | User Name: brendanjames | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 10:24:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brendanjames\Desktop\OTL.exe
PRC - [2011/11/15 11:44:32 | 001,181,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011/11/15 00:14:37 | 000,903,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2011/11/15 00:13:06 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2011/11/15 00:13:06 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2011/11/14 19:09:49 | 000,753,664 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2011/11/14 19:09:21 | 000,303,104 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2011/11/14 19:09:13 | 000,188,416 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2011/11/14 19:09:12 | 000,622,592 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe
PRC - [2011/11/14 19:07:19 | 002,568,704 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/14 19:06:31 | 000,197,632 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2011/11/14 19:05:44 | 001,126,400 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2011/11/14 19:05:17 | 000,225,280 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2011/11/14 19:03:48 | 000,196,096 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2011/11/14 18:46:20 | 000,548,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2011/11/14 17:49:11 | 001,064,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/12/16 18:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/20 10:21:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/15 00:13:06 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2011/11/15 00:13:06 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2011/11/14 19:09:13 | 000,188,416 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2011/11/09 10:08:41 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/09 10:08:38 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/30 07:59:18 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/23 09:44:53 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/16 22:47:18 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/09/14 17:24:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/01/30 08:12:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/11/28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/03 12:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZuneWlanCfgSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ZuneNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- -- (WMZuneComm)
SRV - File not found [On_Demand | Stopped] -- -- (TlntSvr)
SRV - File not found [On_Demand | Stopped] -- -- (SysmonLog)
SRV - File not found [Auto | Stopped] -- -- (RSVP)
SRV - File not found [Auto | Stopped] -- -- (ose)
SRV - File not found [Disabled | Stopped] -- -- (NetDDEdsdm)
SRV - File not found [Auto | Stopped] -- -- (NetDDE)
SRV - File not found [Auto | Stopped] -- -- (mnmsrvc)
SRV - File not found [Auto | Stopped] -- -- (ImapiService)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - File not found [Auto | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (HP Status Server)
SRV - File not found [Auto | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Stopped] -- -- (dmadmin)
SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand | Stopped] -- -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/11/14 19:09:13 | 000,188,416 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2011/11/14 19:08:02 | 000,258,048 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2011/11/14 19:06:31 | 000,197,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/11/14 19:05:27 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/14 19:05:17 | 000,225,280 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/24 11:31:17 | 000,458,752 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2011/02/24 11:31:14 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wnsdrvr.sys -- (WnsDrvr)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 02:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 16:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/06 19:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS -- (SMCB000)
DRV - [2005/12/04 11:55:00 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 21:43:16 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/30 12:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 15:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/22 23:29:58 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/16 00:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/11 17:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/15 20:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/01 18:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 20:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/06/10 23:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 16:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/11 11:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/06 15:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D4 CB D6 02 84 3E 29 4C A9 9A 8D 16 E7 6D 77 A0 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D4 CB D6 02 84 3E 29 4C A9 9A 8D 16 E7 6D 77 A0 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D4 CB D6 02 84 3E 29 4C A9 9A 8D 16 E7 6D 77 A0 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D4 CB D6 02 84 3E 29 4C A9 9A 8D 16 E7 6D 77 A0 [binary data]

IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D4 CB D6 02 84 3E 29 4C A9 9A 8D 16 E7 6D 77 A0 [binary data]
IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\brendanjames\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\brendanjames\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\brendanjames\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\brendanjames\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/09/06 14:28:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 07:59:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 20:19:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/09/06 14:28:58 | 000,000,000 | ---D | M]

[2010/09/12 20:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Extensions
[2011/11/14 18:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions
[2011/01/31 10:04:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/03 19:08:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions\{c4fdbc65-2947-4b51-a93c-5ab7fa2ca5ce}
[2011/11/08 19:49:42 | 000,000,000 | ---D | M] (.) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2011/08/12 07:41:37 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions\battlefieldplay4free@ea.com
[2010/12/12 22:42:39 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\extensions\searchtoolbar@zugo.com
[2011/10/05 10:37:28 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\Mozilla\Firefox\Profiles\4gjokkwv.default\searchplugins\conduit.xml
[2011/11/14 18:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/27 08:59:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/04 10:43:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 17:32:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/11/14 18:53:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2010/09/04 10:43:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/30 07:59:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/14 18:53:12 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 04:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/05/12 08:30:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/10 10:32:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\brendanjames\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\brendanjames\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8804C003-DD0C-455B-A3D1-71017D14CE2B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\itlnfw32: DllName - (itlnfw32.dll) - File not found
O20 - Winlogon\Notify\itlntfy: DllName - (itlnfw32.dll) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ZB: DllName - (itlnfw32.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\brendanjames\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\brendanjames\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/27 12:59:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{897fcc99-adfa-11df-8054-001302d25996}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{897fcc99-adfa-11df-8054-001302d25996}\Shell\AutoRun\command - "" = F:\NIKOLIC\\baswala.exe
O33 - MountPoints2\{897fcc99-adfa-11df-8054-001302d25996}\Shell\explore\command - "" = F:\NIKOLIC\\\baswala.exe
O33 - MountPoints2\{897fcc99-adfa-11df-8054-001302d25996}\Shell\open\command - "" = F:\NIKOLIC\\\baswala.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - File not found
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.bdmpeg - C:\WINDOWS\System32\bdmpega.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mpeg - C:\WINDOWS\System32\bdmpegv.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 10:33:08 | 000,000,000 | ---D | C] -- C:\48f93f6d89c9683f66
[2011/11/20 10:24:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\brendanjames\Desktop\OTL.exe
[2011/11/15 19:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\PCHealth
[2011/11/15 12:13:00 | 000,000,000 | ---D | C] -- C:\9c76b237a0dd248463222e2798
[2011/11/15 10:44:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 19:10:40 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2011/11/14 19:10:05 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mobsync.exe
[2011/11/14 19:10:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scardsvr.exe
[2011/11/14 19:10:02 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2011/11/14 19:10:02 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\utilman.exe
[2011/11/14 19:09:32 | 000,581,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2011/11/14 19:09:28 | 000,258,048 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\cselect.exe
[2011/11/14 19:09:21 | 000,303,104 | ---- | C] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
[2011/11/14 19:08:42 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/11/14 19:08:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2011/11/14 19:08:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcad32.exe
[2011/11/14 19:08:25 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tourstrt.exe
[2011/11/14 19:08:25 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2011/11/14 19:08:20 | 001,277,952 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\brendanjames\Desktop\fsbl.exe
[2011/11/14 19:08:02 | 000,258,048 | ---- | C] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
[2011/11/14 19:08:01 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2011/11/14 19:08:01 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\narrator.exe
[2011/11/14 19:07:56 | 000,662,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui(2).exe
[2011/11/14 19:07:48 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssvc.exe
[2011/11/14 19:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\tvuplayer
[2011/11/14 19:05:56 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notepad.exe
[2011/11/14 19:05:56 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/11/14 19:05:53 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/11/14 19:05:42 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\locator.exe
[2011/11/14 19:05:12 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/11/14 19:01:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\brendanjames\Desktop\dds.scr
[2011/11/14 18:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/11/14 18:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\Sun
[2011/11/14 18:53:30 | 000,356,352 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/11/14 18:53:30 | 000,315,904 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/11/14 18:53:30 | 000,315,904 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/11/14 17:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/14 17:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brendanjames\Start Menu\Programs\HiJackThis
[2011/11/10 10:38:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/09 21:16:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/11/09 17:38:55 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011/11/09 15:52:55 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/11/09 15:52:38 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/11/08 22:47:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/08 22:47:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/08 22:47:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/08 22:47:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/08 21:08:49 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/11/08 21:08:49 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/11/08 21:08:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/11/08 21:08:34 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/11/08 21:08:34 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/10/25 18:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brendanjames\Desktop\music
[2011/10/22 16:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brendanjames\riotsGamesLogs

========== Files - Modified Within 30 Days ==========

[2011/11/20 10:24:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brendanjames\Desktop\OTL.exe
[2011/11/20 10:18:11 | 000,196,334 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/20 10:16:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/20 10:16:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 10:16:09 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/15 11:44:32 | 001,181,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011/11/15 00:14:37 | 000,903,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2011/11/14 20:01:30 | 000,215,552 | ---- | M] () -- C:\WINDOWS\zip.exe
[2011/11/14 20:01:01 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2011/11/14 20:00:42 | 002,293,760 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\UNNMP.exe
[2011/11/14 20:00:37 | 002,433,024 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\UNNeroVision.exe
[2011/11/14 20:00:33 | 000,406,016 | ---- | M] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2011/11/14 20:00:32 | 000,173,056 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2011/11/14 20:00:24 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2011/11/14 20:00:22 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/11/14 20:00:20 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2011/11/14 20:00:19 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2011/11/14 20:00:18 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2011/11/14 20:00:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmsd.exe
[2011/11/14 20:00:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2011/11/14 20:00:13 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/11/14 20:00:11 | 001,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011/11/14 20:00:09 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2011/11/14 19:59:58 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32tm.exe
[2011/11/14 19:59:56 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.exe
[2011/11/14 19:59:56 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe
[2011/11/14 19:59:55 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/11/14 19:59:55 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2011/11/14 19:59:54 | 000,221,184 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2011/11/14 19:59:53 | 000,212,992 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2011/11/14 19:59:52 | 000,229,376 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2011/11/14 19:59:48 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011/11/14 19:59:46 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2011/11/14 19:59:44 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\typeperf.exe
[2011/11/14 19:59:43 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/11/14 19:59:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert6.exe
[2011/11/14 19:59:41 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2011/11/14 19:59:39 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2011/11/14 19:59:39 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\tosmreg.exe
[2011/11/14 19:59:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2011/11/14 19:59:37 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2011/11/14 19:59:37 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe
[2011/11/14 19:59:35 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2011/11/14 19:59:34 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2011/11/14 19:59:33 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2011/11/14 19:59:32 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2011/11/14 19:59:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syskey.exe
[2011/11/14 19:59:31 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syncapp.exe
[2011/11/14 19:59:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2011/11/14 19:59:15 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2011/11/14 19:59:14 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2011/11/14 19:59:10 | 000,225,280 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/11/14 19:59:10 | 000,184,320 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/11/14 19:59:09 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2011/11/14 19:59:08 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2011/11/14 19:59:07 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2011/11/14 19:59:07 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2011/11/14 19:59:05 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/11/14 19:59:05 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.exe
[2011/11/14 19:59:04 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2011/11/14 19:59:03 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2011/11/14 19:59:01 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2011/11/14 19:59:01 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2011/11/14 19:58:59 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2011/11/14 19:58:58 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2011/11/14 19:58:57 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2011/11/14 19:58:56 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2011/11/14 19:58:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe
[2011/11/14 19:58:55 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2011/11/14 19:58:55 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsopprov.exe
[2011/11/14 19:58:54 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmui.exe
[2011/11/14 19:58:53 | 000,196,608 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\rsm.exe
[2011/11/14 19:58:53 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe
[2011/11/14 19:58:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\routemon.exe
[2011/11/14 19:58:52 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe
[2011/11/14 19:58:52 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2011/11/14 19:58:51 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2011/11/14 19:58:49 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\relog.exe
[2011/11/14 19:58:24 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/11/14 19:58:24 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2011/11/14 19:58:22 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/11/14 19:58:21 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/11/14 19:58:21 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/11/14 19:58:20 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2011/11/14 19:58:20 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2011/11/14 19:58:19 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2011/11/14 19:58:15 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2011/11/14 19:58:14 | 000,274,432 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2011/11/14 19:58:14 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/11/14 19:58:12 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2011/11/14 19:58:10 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2011/11/14 19:58:09 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping6.exe
[2011/11/14 19:58:07 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2011/11/14 19:58:06 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe
[2011/11/14 19:58:05 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2011/11/14 19:58:04 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2011/11/14 19:57:56 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2011/11/14 19:57:56 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2011/11/14 19:57:55 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwscript.exe
[2011/11/14 19:57:52 | 001,798,144 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2011/11/14 19:57:47 | 001,486,848 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/11/14 19:57:44 | 000,937,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2011/11/14 19:57:42 | 000,290,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/11/14 19:57:41 | 000,589,824 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/11/14 19:57:39 | 000,568,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2011/11/14 19:57:35 | 001,348,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2011/11/14 19:57:32 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2011/11/14 19:57:30 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2011/11/14 19:57:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2011/11/14 19:57:29 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2011/11/14 19:57:28 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2011/11/14 19:57:27 | 000,303,104 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2011/11/14 19:57:27 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2011/11/14 19:57:26 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2011/11/14 19:57:25 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/11/14 19:57:25 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe
[2011/11/14 19:57:06 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/11/14 19:57:05 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2011/11/14 19:54:59 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe
[2011/11/14 19:54:58 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/11/14 19:54:58 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe
[2011/11/14 19:54:56 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/11/14 19:54:54 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2011/11/14 19:54:52 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2011/11/14 19:54:48 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpr.exe
[2011/11/14 19:54:48 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe
[2011/11/14 19:54:45 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2011/11/14 19:54:43 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logagent.exe
[2011/11/14 19:54:42 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lnkstub.exe
[2011/11/14 19:54:40 | 000,577,536 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2011/11/14 19:54:39 | 000,356,352 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/11/14 19:54:39 | 000,315,904 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/11/14 19:54:38 | 000,315,904 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/11/14 19:54:37 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2011/11/14 19:54:37 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2011/11/14 19:54:36 | 000,203,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2011/11/14 19:54:36 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2011/11/14 19:54:34 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2011/11/14 19:54:33 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011/11/14 19:54:32 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/11/14 19:54:31 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardagt.exe
[2011/11/14 19:54:29 | 000,217,088 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2011/11/14 19:54:29 | 000,212,992 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2011/11/14 19:54:28 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe
[2011/11/14 19:54:27 | 000,209,408 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\HdAShCut.exe
[2011/11/14 19:54:27 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2011/11/14 19:54:26 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2011/11/14 19:54:26 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpupdate.exe
[2011/11/14 19:54:25 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2011/11/14 19:54:24 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsutil.exe
[2011/11/14 19:54:24 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2011/11/14 19:54:23 | 000,340,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2011/11/14 19:54:21 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2011/11/14 19:54:21 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2011/11/14 19:54:20 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2011/11/14 19:54:19 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2011/11/14 19:54:18 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2011/11/14 19:54:17 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2011/11/14 19:54:17 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2011/11/14 19:54:16 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2011/11/14 19:54:15 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2011/11/14 19:54:14 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2011/11/14 19:54:13 | 000,340,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2011/11/14 19:54:12 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe
[2011/11/14 19:54:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2011/11/14 19:54:09 | 001,445,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2011/11/14 19:54:06 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2011/11/14 19:54:06 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2011/11/14 19:54:04 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2011/11/14 19:53:52 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2011/11/14 19:53:48 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2011/11/14 19:53:47 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2011/11/14 19:53:46 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2011/11/14 19:53:46 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2011/11/14 19:53:44 | 000,225,280 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/11/14 19:53:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/11/14 19:53:42 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wupdmgr.exe
[2011/11/14 19:53:41 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2011/11/14 19:53:38 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2011/11/14 19:53:37 | 000,267,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/11/14 19:53:36 | 001,075,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WgaTray.exe
[2011/11/14 19:53:35 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/11/14 19:53:34 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/11/14 19:53:33 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssvc.exe
[2011/11/14 19:53:33 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\utilman.exe
[2011/11/14 19:53:32 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tourstrt.exe
[2011/11/14 19:53:31 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2011/11/14 19:53:30 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2011/11/14 19:53:30 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2011/11/14 19:53:29 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2011/11/14 19:53:27 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/11/14 19:53:27 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/11/14 19:53:26 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2011/11/14 19:53:25 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/11/14 19:53:24 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scardsvr.exe
[2011/11/14 19:53:23 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/11/14 19:53:22 | 000,527,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2011/11/14 19:53:21 | 000,744,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/11/14 19:53:20 | 000,428,544 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/11/14 19:53:19 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/11/14 19:53:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcad32.exe
[2011/11/14 19:53:10 | 001,348,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntbackup.exe
[2011/11/14 19:53:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notepad.exe
[2011/11/14 19:53:07 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2011/11/14 19:53:07 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\narrator.exe
[2011/11/14 19:53:06 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/11/14 19:53:05 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2011/11/14 19:53:05 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2011/11/14 19:53:04 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/11/14 19:53:03 | 000,264,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtgsvc.exe
[2011/11/14 19:53:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqbkup.exe
[2011/11/14 19:52:59 | 003,706,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/11/14 19:52:54 | 000,392,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migwiz.exe
[2011/11/14 19:52:54 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mobsync.exe
[2011/11/14 19:52:53 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2011/11/14 19:52:52 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\locator.exe
[2011/11/14 19:52:51 | 000,825,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/11/14 19:52:49 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/11/14 19:52:48 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2011/11/14 19:52:47 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/11/14 19:52:47 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2011/11/14 19:52:46 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/11/14 19:52:45 | 000,891,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/11/14 19:52:44 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/11/14 19:52:42 | 001,122,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2011/11/14 19:52:41 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2011/11/14 19:52:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2011/11/14 19:52:39 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2011/11/14 19:52:39 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2011/11/14 19:52:38 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/11/14 19:52:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/11/14 19:52:37 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2011/11/14 19:52:34 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2011/11/14 19:52:33 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2011/11/14 19:52:32 | 000,252,928 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2011/11/14 19:52:32 | 000,230,400 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2011/11/14 19:52:31 | 000,172,544 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2011/11/14 19:52:30 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2011/11/14 19:52:28 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2011/11/14 19:52:25 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2011/11/14 19:52:23 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2011/11/14 19:52:22 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2011/11/14 19:51:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2011/11/14 19:51:48 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2011/11/14 19:51:47 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2011/11/14 19:51:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2011/11/14 19:51:45 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/11/14 19:51:45 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2011/11/14 19:51:44 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2011/11/14 19:51:44 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe
[2011/11/14 19:51:42 | 000,209,408 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\CHDAudPropShortcut.exe
[2011/11/14 19:51:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2011/11/14 19:51:35 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2011/11/14 19:51:35 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2011/11/14 19:51:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2011/11/14 19:51:30 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2011/11/14 19:51:29 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2011/11/14 19:51:28 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2011/11/14 19:51:25 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2011/11/14 19:51:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2011/11/14 19:49:40 | 000,184,320 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/11/14 19:45:42 | 000,246,272 | ---- | M] () -- C:\WINDOWS\sed.exe
[2011/11/14 19:45:13 | 000,403,456 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/11/14 19:22:41 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2011/11/14 19:12:24 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/11/14 19:12:24 | 000,267,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/11/14 19:12:24 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/11/14 19:12:23 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/11/14 19:12:23 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/11/14 19:10:40 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2011/11/14 19:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/11/14 19:09:32 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2011/11/14 19:09:28 | 000,258,048 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\cselect.exe
[2011/11/14 19:09:21 | 000,303,104 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
[2011/11/14 19:08:20 | 001,277,952 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\brendanjames\Desktop\fsbl.exe
[2011/11/14 19:08:02 | 000,258,048 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
[2011/11/14 19:07:58 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/11/14 19:07:56 | 000,662,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui(2).exe
[2011/11/14 19:07:47 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/11/14 19:07:25 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/11/14 19:07:15 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/11/14 19:01:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\brendanjames\Desktop\dds.scr
[2011/11/14 19:00:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\brendanjames\defogger_reenable
[2011/11/14 18:53:12 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/14 18:53:12 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/11/14 17:54:36 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\brendanjames\Desktop\HiJackThis.lnk
[2011/11/10 10:44:28 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2011/11/10 10:44:27 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2011/11/10 10:44:26 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2011/11/10 10:32:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/10 07:01:25 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/10 06:58:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/09 21:12:26 | 000,454,144 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/11/09 21:09:46 | 000,245,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\DLA.EXE
[2011/11/09 19:05:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\brendanjames\Desktop\rkill.com
[2011/11/09 17:14:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 07:57:32 | 000,477,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 07:57:32 | 000,086,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/09 01:04:54 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/11/08 19:49:41 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\wsr20zt32.dll
[2011/11/05 16:39:22 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\brendanjames\Application Data\6f377c2a
[2011/11/04 20:46:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/04 17:18:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/01 19:46:38 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2011/10/31 10:46:28 | 000,445,682 | ---- | M] () -- C:\Documents and Settings\brendanjames\Desktop\bird breeding census resize.pdf.jpg
[2011/10/31 10:46:28 | 000,003,524 | ---- | M] () -- C:\Documents and Settings\brendanjames\.recently-used.xbel
[2011/10/30 15:47:11 | 000,000,131 | ---- | M] () -- C:\DeletePrintJobs.cmd
[2011/10/27 16:47:28 | 000,049,653 | ---- | M] () -- C:\Documents and Settings\brendanjames\Desktop\bird breeding census.jpg

========== Files Created - No Company Name ==========

[2011/11/15 11:48:02 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/14 19:00:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\defogger_reenable
[2011/11/14 17:54:24 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\brendanjames\Desktop\HiJackThis.lnk
[2011/11/10 05:49:50 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/09 19:05:54 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\brendanjames\Desktop\rkill.com
[2011/11/08 22:47:27 | 000,403,456 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/08 22:47:27 | 000,246,272 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/08 22:47:27 | 000,215,552 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/08 22:47:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/08 22:47:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/08 19:49:41 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\wsr20zt32.dll
[2011/10/31 10:46:28 | 000,003,524 | ---- | C] () -- C:\Documents and Settings\brendanjames\.recently-used.xbel
[2011/10/30 15:47:11 | 000,000,131 | ---- | C] () -- C:\DeletePrintJobs.cmd
[2011/10/27 17:55:31 | 000,445,682 | ---- | C] () -- C:\Documents and Settings\brendanjames\Desktop\bird breeding census resize.pdf.jpg
[2011/10/27 16:47:27 | 000,049,653 | ---- | C] () -- C:\Documents and Settings\brendanjames\Desktop\bird breeding census.jpg
[2011/10/09 14:33:06 | 000,000,397 | ---- | C] () -- C:\WINDOWS\CODUO.ini
[2011/10/09 14:16:00 | 000,000,745 | ---- | C] () -- C:\WINDOWS\COD.INI
[2011/09/13 13:18:46 | 000,000,626 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/09/12 17:11:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\brendanjames\Application Data\6f377c2a
[2011/09/06 17:02:09 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat.temp
[2011/09/06 14:13:52 | 000,146,480 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2011/09/06 14:13:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2011/08/12 08:15:20 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\brendanjames\Application Data\PnkBstrK.sys
[2011/08/02 16:16:35 | 3104,177,971 | ---- | C] () -- C:\Program Files\VindictusSetupV135.exe
[2011/07/25 07:36:49 | 000,001,196 | -HS- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:36:49 | 000,001,196 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:36:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rtsv.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\strp.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qita.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qblp.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hshr.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\gtxb.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\fuuv.exe
[2011/07/25 07:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\deit.exe
[2011/04/15 13:50:42 | 000,105,048 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2011/04/15 13:50:41 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2011/04/14 15:26:16 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/04/08 14:05:01 | 000,000,769 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/04/08 14:03:15 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/03/28 19:30:01 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2011/03/22 13:25:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2011/03/22 13:23:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/03/22 13:22:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2011/01/26 11:45:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/06 14:17:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\Builder.ini
[2010/11/05 19:09:38 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/20 21:53:23 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/09/18 23:47:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/05 22:19:12 | 000,140,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/05 22:19:03 | 000,266,752 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/09/05 22:15:39 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/27 08:54:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\prvlcl.dat
[2010/08/23 07:57:08 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2010/08/19 08:39:58 | 000,041,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/18 23:53:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/08/18 00:09:17 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\brendanjames\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 00:02:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/08/18 00:01:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/08/18 00:01:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/08/18 00:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/08/18 00:01:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/08/18 00:01:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/08/18 00:01:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/29 14:56:48 | 000,434,176 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_3_0_7_0.dll
[2009/07/29 14:56:30 | 001,110,016 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_18_0.dll
[2009/07/21 17:51:02 | 001,110,016 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_17_0.dll
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/06/24 10:17:10 | 000,999,424 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_3_0_3_0.dll
[2009/06/24 10:17:10 | 000,413,696 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_3_0_5_0.dll
[2009/06/03 15:41:52 | 000,409,600 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_30_0.dll
[2009/05/11 16:50:54 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_29_0.dll
[2009/04/24 13:58:44 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_28_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_26_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_25_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_24_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_23_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_22_0.dll
[2009/04/08 15:45:00 | 000,991,232 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_21_0.dll
[2009/04/08 15:44:58 | 000,983,040 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_2_0_20_0.dll
[2009/03/12 16:34:48 | 001,105,920 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_16_0.dll
[2009/03/12 16:34:48 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_15_0.dll
[2009/01/13 15:30:10 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_14_0.dll
[2009/01/13 15:30:10 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_13_0.dll
[2008/10/31 11:31:38 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_12_0.dll
[2008/10/31 11:31:38 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_11_0.dll
[2008/10/31 11:31:38 | 001,101,824 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_10_0.dll
[2008/10/31 11:31:38 | 001,097,728 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_9_0.dll
[2008/10/31 11:31:38 | 001,085,440 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_8_0.dll
[2008/10/31 11:31:38 | 001,024,000 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_7_0.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/23 14:40:26 | 001,028,096 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_6_0.dll
[2008/07/14 18:13:02 | 001,024,000 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_5_0.dll
[2008/07/09 17:46:36 | 001,024,000 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_4_0.dll
[2008/06/13 20:05:56 | 000,978,944 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_1_2.dll
[2008/05/08 18:40:00 | 000,978,944 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_3_0.dll
[2008/04/29 10:32:58 | 000,978,944 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_2_0.dll
[2008/03/14 13:31:00 | 000,954,368 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_0_12.dll
[2007/10/30 11:48:10 | 000,925,696 | R--- | C] () -- C:\WINDOWS\System32\LGNPST_GenericModel_Ver_1_0_0_1.dll
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/03/02 12:54:05 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 12:54:05 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/02/16 09:34:00 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/16 09:34:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/16 09:34:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/16 09:34:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/16 09:34:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/16 09:34:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/16 09:34:00 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/16 09:34:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/16 09:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/27 16:07:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/27 16:02:20 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/27 16:00:11 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/27 15:58:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/27 15:58:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/27 15:58:12 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/27 15:58:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/27 14:05:44 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/12/27 13:54:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/27 13:43:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/12/27 13:05:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/27 13:02:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/27 12:56:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/27 11:39:35 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/27 11:36:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/27 11:36:26 | 000,477,376 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/27 11:36:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/27 11:36:26 | 000,086,186 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/27 11:36:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/27 11:36:25 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/27 11:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/27 11:36:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/27 11:36:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/27 11:36:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/27 11:35:58 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/27 11:35:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/27 04:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/27 04:51:18 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/16 11:35:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 13:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 22:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/24 17:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/11/15 11:44:32 | 001,181,184 | ---- | M] (Microsoft Corporation) MD5=9066F83E93FAFE6C8445BB2E5E27A23F -- C:\WINDOWS\explorer.exe
[2011/11/14 19:10:05 | 001,179,648 | ---- | M] (Microsoft Corporation) MD5=A744DE10EBA6C8840131F5A202D388A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2011/11/09 21:15:27 | 001,181,184 | ---- | M] (Microsoft Corporation) MD5=B0F2EB8D6E37EE4580F6ECA04C164863 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/11/09 21:09:55 | 001,181,184 | ---- | M] (Microsoft Corporation) MD5=D5D40C618858F3DCBC97838E191C65F0 -- C:\WINDOWS\ERDNT\cache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 986 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:jp90Y3dVKkG8zYj1NYi0
@Alternate Data Stream - 1061 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:EdHjwhB8TC27nr81TSpj1cMaf

< End of report >

OTL Extras logfile created on: 11/20/2011 10:27:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\brendanjames\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.62% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.06 Gb Total Space | 55.16 Gb Free Space | 29.64% Space Free | Partition Type: NTFS

Computer Name: BRENDAN | User Name: brendanjames | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57681:TCP" = 57681:TCP:*:Enabled:Pando Media Booster
"57681:UDP" = 57681:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57681:TCP" = 57681:TCP:*:Enabled:Pando Media Booster
"57681:UDP" = 57681:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\fpupdate.exe" = C:\Program Files\EA GAMES\MOHAA\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142Pace.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142Pace.exe:*:Enabled:BF2142Pace -- ()
"C:\Documents and Settings\brendanjames\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\brendanjames\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Zachtronics Industries\Infiniminer\InfiniminerServer.exe" = C:\Program Files\Zachtronics Industries\Infiniminer\InfiniminerServer.exe:*:Enabled:InfiniminerServer -- ()
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Documents and Settings\brendanjames\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\brendanjames\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A08615A-6113-46F9-8819-5BA66B6600FD}" = Toshiba Hotkey Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9E74130B-D907-43EA-860F-1208EA78E0FA}" = LGNPST GenericModels
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE293B67-446D-47E3-BF47-F7136A5E3725}" = LGNPST Components
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}" = Medal of Honor Allied Assault™ Spearhead
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{c4809d4c-1f28-41cc-8578-a72b75defb39}" = D2600
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E31E8CDA-7D26-4ec1-9862-5780AF65DA65}_is1" = GizmoRip version 3.007
"{e382eb50-c5f2-42ca-bad0-901a12fc81ba}" = DJ_SF_05_D2600_Software_Min
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA6197F3-B467-4c70-B450-42D9E0C11400}" = HP Deskjet D2600 Printer Driver Software 12.0 Rel .5
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF3091E4-188B-402A-BD74-21DC20CFE2C4}" = LGNPST
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Canon CanoScan LiDE 70 User Registration" = Canon CanoScan LiDE 70 User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DVD Shrink_is1" = DVD Shrink 3.2
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4032095566-249966700-2805130777-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 12:30:57 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 11/20/2011 12:30:57 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB2596972): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/20/2011 12:32:40 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 11/20/2011 12:32:40 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Excel 2003 (KB2553072): EXCEL' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/20/2011 12:45:02 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2572073'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2572073_20111120_163329562-Msi0.txt.

Error - 11/20/2011 12:45:08 PM | Computer Name = BRENDAN | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 11/20/2011 12:46:26 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office OneNote 2003 -- Error 25090. Office Setup
encountered a problem with the Office Source Engine, system error: -2147024894.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 11/20/2011 12:46:26 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office OneNote 2003 - Update 'Security Update for
Office 2003 (KB2584052): MSO' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software packages.
Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/20/2011 1:01:51 PM | Computer Name = BRENDAN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2539631'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2539631_20111120_164652531-Msi0.txt.

Error - 11/20/2011 1:02:04 PM | Computer Name = BRENDAN | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 11/20/2011 12:30:57 PM | Computer Name = BRENDAN | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 11/20/2011 12:32:39 PM | Computer Name = BRENDAN | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 11/20/2011 12:32:40 PM | Computer Name = BRENDAN | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 11/20/2011 12:35:06 PM | Computer Name = BRENDAN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB2596972).

Error - 11/20/2011 12:35:06 PM | Computer Name = BRENDAN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2553072).

Error - 11/20/2011 12:45:36 PM | Computer Name = BRENDAN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2572073).

Error - 11/20/2011 12:46:24 PM | Computer Name = BRENDAN | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 11/20/2011 12:46:26 PM | Computer Name = BRENDAN | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 11/20/2011 12:46:32 PM | Computer Name = BRENDAN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).

Error - 11/20/2011 1:02:40 PM | Computer Name = BRENDAN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2539631).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 PM

Posted 20 November 2011 - 12:30 PM

Hi,

can you give me of the things you've tried? Looks like you tried to run ComboFix? (If so please post the log in C:\combofix.txt) Did you do a repair install?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 coastermill

coastermill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 20 November 2011 - 12:55 PM

I ran combofix and malwarebytes. when i ran malwarebytes, thousands of files popped up as infected with Expiro, and when i removed them, most of my programs would not work, so i restored everything that i had just put in the virus vault. thank you for your help. here is the combofix log:

ComboFix 11-11-08.02 - Administrator 11/10/2011 9:52.7.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1775 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP477\A0084089.exe
.
Infected copy of c:\windows\hh.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089492.exe
.
Infected copy of c:\windows\notepad.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089559.exe
.
Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089568.exe
.
Infected copy of c:\windows\inf\unregmp2.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089525.exe
.
Infected copy of c:\windows\msagent\agentsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089556.exe
.
Infected copy of c:\windows\mui\muisetup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\muisetup.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\helpctr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089560.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\HelpHost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089561.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\helpsvc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\helpsvc.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\hscupd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089563.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\msconfig.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msconfig.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\notiflag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP478\A0089565.exe
.
Infected copy of c:\windows\pchealth\UploadLB\Binaries\uploadm.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\uploadm.exe
.
Infected copy of c:\windows\system32\accwiz.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090956.exe
.
Infected copy of c:\windows\system32\calc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090957.exe
.
Infected copy of c:\windows\system32\charmap.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090962.exe
.
Infected copy of c:\windows\system32\cmd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP477\A0084085.exe
.
Infected copy of c:\windows\system32\dllhost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP477\A0083967.exe
.
Infected copy of c:\windows\system32\freecell.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090967.exe
.
Infected copy of c:\windows\system32\magnify.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\magnify.exe
.
Infected copy of c:\windows\system32\mshearts.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090968.exe
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msiexec.exe
.
Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mspaint.exe
.
Infected copy of c:\windows\system32\mstsc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP479\A0090960.exe
.
Infected copy of c:\windows\system32\ntbackup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntbackup.exe
.
Infected copy of c:\windows\system32\osk.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\osk.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D99B3CF9-7523-47EF-AAC1-C1F442A95699}\RP477\A0084089.exe
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 16:29 . 2011-11-10 16:29 -------- d-----w- c:\windows\LastGood
2011-11-10 03:16 . 2004-08-03 21:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe
2011-11-10 03:16 . 2004-08-03 21:00 36864 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvr.exe
2011-11-10 01:07 . 2011-11-10 01:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-09 21:52 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-09 21:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-09 03:08 . 2011-11-10 15:47 267264 ----a-w- c:\windows\system32\winmine.exe
2011-11-09 03:08 . 2004-08-03 21:00 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-11-09 03:08 . 2011-11-10 15:47 187392 ----a-w- c:\program files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
2011-11-09 03:08 . 2004-08-03 21:00 39936 -c--a-w- c:\windows\system32\dllcache\msinfo32.exe
2011-11-09 03:08 . 2011-11-09 07:04 286208 ----a-w- c:\windows\system32\sndvol32.exe
2011-11-09 03:08 . 2004-08-03 21:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2011-10-30 21:47 . 2011-10-30 21:47 131 ----a-w- C:\DeletePrintJobs.cmd
2011-10-22 22:03 . 2011-10-22 22:59 -------- d-----w- c:\documents and settings\brendanjames\riotsGamesLogs
2011-10-12 22:28 . 2011-10-12 22:28 -------- d-----w- c:\program files\iPod
2011-10-12 22:28 . 2011-11-09 01:53 -------- d-----w- c:\program files\iTunes
2011-10-12 22:24 . 2011-11-10 03:15 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 16:32 . 2005-12-27 17:36 226304 ----a-w- c:\windows\system32\msiexec.exe
2011-11-10 15:48 . 2005-12-27 17:36 179712 ----a-w- c:\windows\system32\wupdmgr.exe
2011-11-10 15:47 . 2005-12-27 18:55 686080 ----a-w- c:\windows\system32\spider.exe
2011-11-10 15:47 . 2005-12-27 18:55 204288 ----a-w- c:\windows\system32\sol.exe
2011-11-10 15:46 . 2008-04-14 00:12 279040 ----a-w- c:\windows\system32\sndrec32.exe
2011-11-10 03:44 . 2005-12-27 18:55 273920 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2011-11-10 03:44 . 2005-12-27 17:36 206336 ----a-w- c:\windows\system32\spoolsv.exe
2011-11-10 03:12 . 2005-12-27 20:02 454144 ----a-w- c:\windows\IsUninst.exe
2011-11-10 03:09 . 2010-08-18 05:45 245760 ----a-w- c:\windows\DLA.EXE
2011-10-10 14:22 . 2005-12-27 18:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2005-12-27 17:36 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2005-12-27 17:36 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-20 02:42 . 2010-09-06 04:19 140624 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-20 02:42 . 2010-09-06 04:19 266752 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-20 02:42 . 2010-09-06 04:18 266752 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-17 14:46 . 2010-09-06 04:19 266752 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-09-13 19:26 . 2010-09-06 04:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-09 09:12 . 2005-12-27 17:35 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2005-12-27 17:36 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2010-08-22 14:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-23 15:44 . 2011-05-21 12:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 13:49 . 2005-12-27 17:35 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-02 23:19 . 2011-08-02 22:16 3104177971 ----a-w- c:\program files\VindictusSetupV135.exe
2011-09-30 13:59 . 2011-05-12 14:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-10 . 3D8FEFFED831D134F07A897B0F41D06C . 206336 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2011-11-10 . BCAC129E8CF8CC4AFAD664A8823D6DF9 . 206336 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2011-11-10 . B32DE72FF3CA4DAA8EA6E7FDDE3265A4 . 205312 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2011-11-10 . 45A4953750E7668E08D53518DFF67138 . 205312 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-11-09_05.12.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-11 07:58 . 2011-06-11 07:58 51024 c:\windows\system32\vcomp100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 51024 c:\windows\system32\vcomp100.dll
- 2010-08-19 13:32 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2010-08-19 13:32 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2005-12-27 17:36 . 2011-11-09 13:57 86186 c:\windows\system32\perfc009.dat
- 2005-12-27 17:36 . 2011-11-09 03:09 86186 c:\windows\system32\perfc009.dat
+ 2011-06-11 07:58 . 2011-06-11 07:58 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 81744 c:\windows\system32\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 62288 c:\windows\system32\mfc100ita.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 62288 c:\windows\system32\mfc100ita.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 36176 c:\windows\system32\mfc100chs.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100chs.dll
+ 2005-12-27 17:36 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2011-09-26 17:41 . 2011-09-26 17:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2005-12-27 17:36 . 2008-04-14 00:12 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2005-12-27 18:55 . 2004-08-03 21:00 80384 c:\windows\system32\dllcache\charmap.exe
+ 2011-07-08 20:00 . 2011-07-08 20:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 21:55 . 2010-09-23 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-07-07 18:04 . 2011-07-07 18:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 08:26 . 2010-09-23 08:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-07-07 18:04 . 2011-07-07 18:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 08:26 . 2010-09-23 08:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-07-07 18:03 . 2011-07-07 18:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 08:26 . 2010-09-23 08:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-07-07 19:09 . 2011-07-07 19:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 09:17 . 2010-09-23 09:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-07-07 19:09 . 2011-07-07 19:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-09-23 09:17 . 2010-09-23 09:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-10-16 15:41 . 2011-11-10 12:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-10-16 15:41 . 2011-06-16 08:06 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1fef0dd7\System.Drawing.Design.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0354db0f\CustomMarshalers.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-03-04 09:02 . 2011-03-04 09:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-10 11:47 . 2011-11-10 11:47 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2005-12-27 17:36 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
+ 2005-12-27 17:36 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 00:12 . 2011-11-10 15:47 392704 c:\windows\system32\usmt\migwiz.exe
+ 2008-04-14 00:12 . 2011-11-10 15:47 527872 c:\windows\system32\Restore\rstrui.exe
+ 2005-12-27 17:36 . 2011-11-09 13:57 477376 c:\windows\system32\perfh009.dat
- 2005-12-27 17:36 . 2011-11-09 03:09 477376 c:\windows\system32\perfh009.dat
- 2011-02-19 05:40 . 2011-02-19 05:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 773968 c:\windows\system32\msvcr100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 421200 c:\windows\system32\msvcp100.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 421200 c:\windows\system32\msvcp100.dll
- 2005-12-27 18:55 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
+ 2005-12-27 18:55 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
+ 2005-12-27 18:55 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
- 2005-12-27 18:55 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2005-12-27 10:51 . 2011-07-14 08:22 215264 c:\windows\system32\FNTCACHE.DAT
+ 2005-12-27 10:51 . 2011-11-10 13:01 215264 c:\windows\system32\FNTCACHE.DAT
+ 2005-12-27 18:55 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2005-12-27 18:55 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2005-12-27 17:36 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2005-12-27 17:36 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2005-12-27 17:35 . 2011-11-10 16:27 152576 c:\windows\system32\dllhost.exe
- 2005-12-27 17:35 . 2011-11-09 05:12 152576 c:\windows\system32\dllhost.exe
+ 2005-12-27 18:55 . 2008-04-14 00:12 126464 c:\windows\system32\dllcache\wmiapsrv.exe
- 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-09-26 17:41 . 2011-09-26 17:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2005-12-27 18:55 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
- 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2010-08-19 13:38 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-08-19 13:38 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2005-12-27 18:55 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-09-09 09:12 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2005-12-27 18:55 . 2004-08-03 21:00 114688 c:\windows\system32\dllcache\calc.exe
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-06-11 07:58 . 2011-06-11 07:58 138056 c:\windows\system32\atl100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 138056 c:\windows\system32\atl100.dll
+ 2010-08-19 13:54 . 2011-11-10 03:15 348160 c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2010-08-19 13:54 . 2011-11-10 03:15 307200 c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2010-08-19 13:54 . 2011-11-10 03:15 458752 c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2010-08-19 13:54 . 2011-11-10 03:15 208896 c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2010-08-19 13:54 . 2011-11-10 03:15 627712 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 299008 c:\windows\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 171008 c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 200704 c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 203264 c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 167936 c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 297984 c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 16:10 . 2011-11-10 03:15 331776 c:\windows\ServicePackFiles\i386\ilasm.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 178176 c:\windows\ServicePackFiles\i386\iisrstas.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 262144 c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 165888 c:\windows\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 181760 c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 172032 c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 233472 c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 361984 c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 165888 c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 158208 c:\windows\ServicePackFiles\i386\hh.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 891904 c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 916480 c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 186880 c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 268288 c:\windows\ServicePackFiles\i386\gprslt.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 207360 c:\windows\ServicePackFiles\i386\getmac.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 376832 c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 290304 c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 189952 c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 340480 c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 339968 c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 176128 c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 257536 c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 162816 c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 168448 c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 170496 c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 174592 c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 168448 c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 171520 c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 230400 c:\windows\ServicePackFiles\i386\evtrig.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 239616 c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 171520 c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 198144 c:\windows\ServicePackFiles\i386\evcreate.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 340480 c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 327680 c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 165376 c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 158208 c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 210432 c:\windows\ServicePackFiles\i386\drvqry.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 230912 c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 165376 c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 177152 c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 372224 c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 152576 c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 311296 c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 234496 c:\windows\ServicePackFiles\i386\diantz.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 686592 c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 252928 c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 230400 c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 172544 c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 177664 c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 189952 c:\windows\ServicePackFiles\i386\davcdata.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 162816 c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 286720 c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-13 16:10 . 2011-11-10 03:15 196608 c:\windows\ServicePackFiles\i386\csc.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 157184 c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 210944 c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 187392 c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 173056 c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 536576 c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 180736 c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 250368 c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 167936 c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 211456 c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 153088 c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 204288 c:\windows\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 339968 c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 167424 c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 290304 c:\windows\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 219136 c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 172544 c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 180224 c:\windows\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 177664 c:\windows\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-13 16:10 . 2011-11-10 03:14 180224 c:\windows\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-13 16:10 . 2011-11-10 03:14 180224 c:\windows\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 16:10 . 2011-11-10 03:14 172032 c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 192000 c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 245760 c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 403968 c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 151552 c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:12 . 2011-11-10 03:14 331776 c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 221184 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 176128 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 270336 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 339968 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 221184 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 356352 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 933888 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
+ 2005-12-27 22:10 . 2011-11-10 03:14 244224 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 251392 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2005-12-27 22:10 . 2011-11-10 03:14 186368 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-12-27 22:10 . 2011-11-10 03:14 194560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-12-27 22:10 . 2011-11-10 03:14 186368 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe
+ 2005-12-27 22:10 . 2011-11-10 03:14 194560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\uwdf.exe
+ 2011-04-14 21:26 . 2011-11-10 03:14 194048 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
+ 2011-04-14 21:26 . 2011-11-10 03:14 228352 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe
+ 2011-04-14 21:26 . 2011-11-10 03:14 164352 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe
+ 2011-04-14 21:26 . 2011-11-10 03:14 175616 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 966656 c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 921600 c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
+ 2010-09-17 12:40 . 2011-11-10 03:13 705536 c:\windows\network diagnostic\xpnetdiag.exe
+ 2008-07-30 05:40 . 2011-11-10 03:13 334336 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 00:47 . 2011-11-10 03:13 407552 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 00:47 . 2011-11-10 03:13 235520 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-25 17:17 . 2011-11-10 03:13 200192 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 17:17 . 2011-11-10 03:13 239104 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 17:17 . 2011-11-10 03:12 369152 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 17:16 . 2011-11-10 03:12 173568 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 17:16 . 2011-11-10 03:12 218624 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2010-09-22 15:43 . 2011-11-10 03:12 172032 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 17:16 . 2011-11-10 03:12 171520 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 17:17 . 2011-11-10 03:12 197120 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2004-07-15 19:23 . 2011-11-10 03:12 884736 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2009-06-25 02:56 . 2011-11-10 03:12 221184 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2003-02-21 03:09 . 2011-11-10 03:12 221184 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2009-06-25 02:56 . 2011-11-10 03:12 245760 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2011-07-07 18:04 . 2011-07-07 18:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 08:26 . 2010-09-23 08:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-07-07 18:01 . 2011-07-07 18:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 08:25 . 2010-09-23 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 08:35 . 2011-11-10 03:12 344064 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-10-08 22:30 . 2011-11-10 03:12 229376 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 12:12 . 2011-11-10 03:12 176128 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2004-07-15 19:23 . 2011-11-10 03:12 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 09:49 . 2011-11-10 03:12 180224 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 09:49 . 2011-11-10 03:12 167936 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2011-07-07 19:09 . 2011-07-07 19:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-09-23 09:17 . 2010-09-23 09:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-07 07:07 . 2011-11-10 03:12 228352 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-10-26 15:45 . 2011-11-10 03:11 192512 c:\windows\Installer\OfficeAssistant\Assistant.exe
+ 2010-08-18 05:45 . 2011-11-10 03:11 700416 c:\windows\Installer\iProInst.exe
+ 2010-08-18 05:45 . 2011-11-10 03:11 466944 c:\windows\Installer\iProData\iconvrtr.exe
+ 2010-09-17 12:48 . 2011-11-10 03:11 369152 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-09-17 12:48 . 2011-11-10 03:11 769536 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-09-17 12:48 . 2011-11-10 03:11 160768 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-09-17 12:48 . 2011-11-10 03:11 202240 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-09-18 14:08 . 2011-11-10 03:11 353792 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2011-06-16 08:06 . 2011-11-10 03:11 369152 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2011-06-16 08:11 . 2011-11-10 03:11 369152 c:\windows\ie7updates\KB2530548-IE7\spuninst\spuninst.exe
+ 2011-06-16 08:11 . 2011-11-10 03:11 775168 c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
+ 2011-06-16 08:11 . 2011-11-10 03:11 161280 c:\windows\ie7updates\KB2530548-IE7\ieudinit.exe
+ 2011-06-16 08:11 . 2011-11-10 03:11 218112 c:\windows\ie7updates\KB2530548-IE7\ie4uinit.exe
+ 2011-04-16 19:20 . 2011-11-10 03:11 369152 c:\windows\ie7updates\KB2497640-IE7\spuninst\spuninst.exe
+ 2011-04-16 19:20 . 2011-11-10 03:11 775168 c:\windows\ie7updates\KB2497640-IE7\iexplore.exe
+ 2011-04-16 19:20 . 2011-11-10 03:11 161280 c:\windows\ie7updates\KB2497640-IE7\ieudinit.exe
+ 2011-04-16 19:20 . 2011-11-10 03:11 218112 c:\windows\ie7updates\KB2497640-IE7\ie4uinit.exe
+ 2011-03-04 09:07 . 2011-11-10 03:11 369152 c:\windows\ie7updates\KB2482017-IE7\spuninst\spuninst.exe
+ 2011-03-04 09:07 . 2011-11-10 03:11 775168 c:\windows\ie7updates\KB2482017-IE7\iexplore.exe
+ 2011-03-04 09:07 . 2011-11-10 03:11 161280 c:\windows\ie7updates\KB2482017-IE7\ieudinit.exe
+ 2011-03-04 09:07 . 2011-11-10 03:11 218112 c:\windows\ie7updates\KB2482017-IE7\ie4uinit.exe
+ 2010-09-17 12:47 . 2011-11-10 03:10 353792 c:\windows\ie7\spuninst\spuninst.exe
+ 2010-09-17 12:47 . 2011-11-10 03:10 213504 c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2010-09-17 12:44 . 2011-11-10 03:10 176640 c:\windows\ie7\mshta.exe
+ 2010-09-17 12:44 . 2011-11-10 03:10 165888 c:\windows\ie7\iedw.exe
+ 2010-09-17 12:44 . 2011-11-10 03:10 181760 c:\windows\ie7\ie4uinit.exe
+ 2005-12-27 17:39 . 2011-11-10 03:10 195584 c:\windows\I386\WINNT32.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 222720 c:\windows\I386\TELNET.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 392192 c:\windows\I386\SYSPARSE.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 293888 c:\windows\I386\REGEDIT.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 179200 c:\windows\I386\NTSD.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 477184 c:\windows\I386\NETSETUP.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 168448 c:\windows\I386\FAXPATCH.EXE
+ 2005-12-27 17:38 . 2011-11-10 03:10 163328 c:\windows\I386\EXPAND.EXE
+ 2005-12-27 17:39 . 2011-11-10 03:10 303104 c:\windows\I386\DRW\DWWIN.EXE
+ 2005-12-27 23:44 . 2011-11-10 03:09 274432 c:\windows\Driver Cache\PROUnstl.exe
+ 2010-08-19 13:38 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
- 2010-08-19 13:38 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-12-27 23:44 . 2011-11-10 03:09 178688 c:\windows\Driver Cache\DrvUpdt.exe
+ 2011-11-10 11:48 . 2011-11-10 11:48 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e687ce7e\System.Drawing.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e5a3db27\System.Drawing.Design.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e5543519\CustomMarshalers.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-03-03 16:59 . 2011-11-10 03:06 293888 c:\windows\$NtUninstallWudf01009$\wudfhost.exe
+ 2011-03-03 16:59 . 2011-11-10 03:06 369664 c:\windows\$NtUninstallWudf01009$\spuninst\spuninst.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 361984 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 966656 c:\windows\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 186368 c:\windows\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 194560 c:\windows\$NtUninstallWMFDist11$\uwdf.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 353792 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2011-03-03 16:44 . 2011-11-10 03:06 244224 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2011-03-03 17:00 . 2011-11-10 03:06 361984 c:\windows\$NtUninstallwinusb0100$\spuninst\spuninst.exe
+ 2011-01-29 09:01 . 2011-11-10 03:06 361984 c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2011-03-03 16:47 . 2011-11-10 03:06 369664 c:\windows\$NtUninstallWdf01009$\spuninst\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2011-03-04 09:16 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2011-03-04 09:02 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-09-18 14:08 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2011-03-04 09:13 . 2011-11-10 03:06 363008 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2011-03-04 09:13 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:06 369152 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 490496 c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2011-03-03 16:17 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973687_1$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2011-03-03 16:46 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB973442_WM11$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2011-03-03 16:15 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2011-03-16 08:01 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:05 369152 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2011-01-30 09:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB961118_0$\spuninst\spuninst.exe
+ 2011-03-03 16:14 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 225792 c:\windows\$NtUninstallKB960859$\tlntsess.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 223232 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 365568 c:\windows\$NtUninstallKB956572$\wmiprvse.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 256000 c:\windows\$NtUninstallKB956572$\services.exe
+ 2011-03-03 16:13 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2011-07-31 18:40 . 2011-11-10 03:04 361984 c:\windows\$NtUninstallKB952011$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:04 303104 c:\windows\$NtUninstallKB951978$\wscript.exe
+ 2011-03-04 09:15 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:04 286720 c:\windows\$NtUninstallKB951978$\cscript.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2011-03-03 16:12 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2011-01-26 17:36 . 2011-11-10 03:04 353792 c:\windows\$NtUninstallKB934428-v3$\spuninst\spuninst.exe
+ 2011-03-03 16:46 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB932716-v2$\spuninst\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:04 353792 c:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2011-01-30 09:07 . 2011-11-10 03:04 197632 c:\windows\$NtUninstallKB925720$\utilman.exe
+ 2011-01-30 09:07 . 2011-11-10 03:04 353792 c:\windows\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2011-01-30 09:07 . 2011-11-10 03:04 363008 c:\windows\$NtUninstallKB925720$\osk.exe
+ 2011-01-30 09:07 . 2011-11-10 03:04 201216 c:\windows\$NtUninstallKB925720$\narrator.exe
+ 2011-01-30 09:07 . 2011-11-10 03:04 220160 c:\windows\$NtUninstallKB925720$\magnify.exe
+ 2011-03-03 16:11 . 2011-11-10 03:04 361984 c:\windows\$NtUninstallKB923561$\wordpad.exe
+ 2011-03-03 16:11 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe
+ 2010-09-17 12:43 . 2011-11-10 03:04 353792 c:\windows\$NtUninstallKB915865$\spuninst\spuninst.exe
+ 2010-09-17 12:42 . 2011-11-10 03:04 353792 c:\windows\$NtUninstallKB914440$\spuninst\spuninst.exe
+ 2011-07-14 08:01 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
+ 2011-06-16 08:02 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2544893$\spuninst\spuninst.exe
+ 2011-06-29 08:01 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
+ 2011-06-16 08:02 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2536276$\spuninst\spuninst.exe
+ 2011-06-16 08:03 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2535512$\spuninst\spuninst.exe
+ 2011-03-24 08:01 . 2011-11-10 03:04 369152 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-04-16 19:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2511455$\spuninst\spuninst.exe
+ 2011-04-16 19:21 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2510581$\spuninst\spuninst.exe
+ 2011-04-16 19:07 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2509553$\spuninst\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2508429$\spuninst\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2508272$\spuninst\spuninst.exe
+ 2011-07-14 08:05 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2507618$\spuninst\spuninst.exe
+ 2011-04-16 19:21 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2506223$\spuninst\spuninst.exe
+ 2011-04-16 19:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2506212$\spuninst\spuninst.exe
+ 2011-06-16 08:05 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2503665$\spuninst\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2503658$\spuninst\spuninst.exe
+ 2011-04-16 19:22 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2485663$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-03-09 09:01 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2481109$\spuninst\spuninst.exe
+ 2011-03-09 09:01 . 2011-11-10 03:03 825344 c:\windows\$NtUninstallKB2481109$\mstsc.exe
+ 2011-03-09 09:04 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-03-04 09:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-06-16 08:05 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2476490$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 03:03 193536 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2011-03-04 09:01 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-04-16 19:20 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2412687$\spuninst\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-03-04 09:16 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2011-03-04 09:00 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:03 205312 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2011-03-03 16:11 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2011-03-03 16:11 . 2011-11-10 03:03 891904 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2011-03-04 09:01 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2011-03-04 09:13 . 2011-11-10 03:03 369152 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 03:02 369152 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2011-03-04 09:13 . 2011-11-10 03:02 369152 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-17 12:44 . 2011-11-10 03:02 353792 c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2010-09-17 12:44 . 2011-11-10 03:02 353792 c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2011-03-04 09:01 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-08-19 14:35 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB982381\update\update.exe
+ 2010-08-19 14:35 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB982381\spuninst.exe
+ 2010-09-17 12:48 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
+ 2010-09-17 12:48 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
+ 2010-09-17 12:47 . 2011-11-10 03:01 775168 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
+ 2010-09-17 12:47 . 2011-11-10 03:01 161280 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-09-17 12:47 . 2011-11-10 03:01 218112 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2011-03-04 09:16 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2011-03-04 09:16 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2011-03-04 09:02 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2011-03-04 09:02 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-08-20 04:30 . 2011-11-10 03:01 856576 c:\windows\$hf_mig$\KB981350\update\update.exe
+ 2010-08-20 04:30 . 2011-11-10 03:01 353792 c:\windows\$hf_mig$\KB981350\spuninst.exe
+ 2010-09-18 14:08 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-09-18 14:08 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2011-03-04 09:03 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2011-03-04 09:03 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-08-20 04:30 . 2011-11-10 03:01 893440 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-08-20 04:30 . 2011-11-10 03:01 369152 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-08-20 04:30 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-08-20 04:30 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2011-03-04 09:13 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2011-03-04 09:13 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2011-11-10 03:00 365568 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2010-08-20 04:30 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-08-20 04:30 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-08-20 04:24 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-08-20 04:24 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-16 18:27 . 2011-11-10 03:00 490496 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2009-12-16 18:43 . 2011-11-10 03:00 490496 c:\windows\$hf_mig$\KB978706\SP3GDR\mspaint.exe
+ 2009-12-16 13:37 . 2011-11-10 03:00 490496 c:\windows\$hf_mig$\KB978706\SP2QFE\mspaint.exe
+ 2010-08-20 04:24 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-08-20 04:24 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-08-20 04:27 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-08-20 04:27 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-08-20 04:28 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-08-20 04:28 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 03:00 369152 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-08-20 04:25 . 2011-11-10 03:00 893440 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-08-20 04:25 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-08-20 04:25 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-08-20 04:25 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-08-19 14:34 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2010-08-19 14:34 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2010-08-19 14:38 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2010-08-19 14:38 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2010-08-20 04:28 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2010-08-20 04:28 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2010-08-20 04:27 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2010-08-20 04:27 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2010-08-19 14:38 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2010-08-19 14:38 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 893440 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:59 369152 c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2010-08-20 04:25 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2010-08-20 04:25 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2010-08-20 04:25 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2010-08-20 04:25 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2010-08-20 04:27 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-08-20 04:27 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2010-08-22 03:39 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2010-08-22 03:39 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2010-08-20 04:27 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2010-08-20 04:27 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2010-08-20 04:30 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-08-20 04:30 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:58 856576 c:\windows\$hf_mig$\KB971032\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:58 353792 c:\windows\$hf_mig$\KB971032\spuninst.exe
+ 2009-06-22 11:30 . 2011-11-10 02:58 264704 c:\windows\$hf_mig$\KB971032\SP2QFE\mqtgsvc.exe
+ 2009-06-22 11:30 . 2011-11-10 02:58 167424 c:\windows\$hf_mig$\KB971032\SP2QFE\mqbkup.exe
+ 2011-03-16 08:01 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-16 08:01 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2010-08-22 03:40 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2010-08-22 03:40 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2010-08-19 14:37 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2010-08-20 04:28 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2010-08-20 04:28 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2010-08-19 14:34 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2010-08-19 14:34 . 2011-11-10 02:58 369152 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2010-08-19 14:38 . 2011-11-10 02:58 893440 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2010-08-19 14:38 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2011-01-30 09:13 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB961118\update\update.exe
+ 2011-01-30 09:13 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB961118\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-06-12 12:03 . 2011-11-10 02:57 228352 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2011-11-10 02:57 223744 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-06-12 12:31 . 2011-11-10 02:57 228352 c:\windows\$hf_mig$\KB960859\SP3GDR\tlntsess.exe
+ 2009-06-12 12:31 . 2011-11-10 02:57 223744 c:\windows\$hf_mig$\KB960859\SP3GDR\telnet.exe
+ 2009-06-12 11:49 . 2011-11-10 02:57 228352 c:\windows\$hf_mig$\KB960859\SP2QFE\tlntsess.exe
+ 2009-06-12 11:49 . 2011-11-10 02:57 223744 c:\windows\$hf_mig$\KB960859\SP2QFE\telnet.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB959426\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB959426\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 856576 c:\windows\$hf_mig$\KB958470\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 353792 c:\windows\$hf_mig$\KB958470\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB956744\spuninst.exe
+ 2010-08-20 04:27 . 2011-11-10 02:57 893440 c:\windows\$hf_mig$\KB956572\update\update.exe
+ 2010-08-20 04:27 . 2011-11-10 02:57 369152 c:\windows\$hf_mig$\KB956572\spuninst.exe
+ 2010-08-19 13:36 . 2011-11-10 02:57 375296 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe
+ 2010-08-19 13:36 . 2011-11-10 02:57 258048 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
+ 2010-08-19 13:36 . 2011-11-10 02:57 375296 c:\windows\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe
+ 2010-08-19 13:36 . 2011-11-10 02:57 258048 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
+ 2010-08-20 04:29 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-08-20 04:29 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-08-19 14:36 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2010-08-19 14:36 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2010-08-19 14:38 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2010-08-19 14:38 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2010-08-20 04:26 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2010-08-20 04:26 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2011-03-04 09:15 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2008-05-08 11:24 . 2011-11-10 02:56 303104 c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-07 09:07 . 2011-11-10 02:56 282624 c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2010-08-19 14:37 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2010-08-19 14:37 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB951376-v2\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
+ 2010-08-20 04:28 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2010-08-20 04:28 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2010-08-20 04:25 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2010-08-20 04:25 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2010-08-19 14:38 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2010-08-19 14:38 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2010-08-20 04:31 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2010-08-19 14:35 . 2011-11-10 02:56 856576 c:\windows\$hf_mig$\KB944338-v2\update\update.exe
+ 2010-08-19 14:35 . 2011-11-10 02:56 353792 c:\windows\$hf_mig$\KB944338-v2\spuninst.exe
+ 2010-09-18 14:08 . 2011-11-10 02:56 856576 c:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe
+ 2010-09-18 14:08 . 2011-11-10 02:56 353792 c:\windows\$hf_mig$\KB938127-v2-IE7\spuninst.exe
+ 2011-01-30 09:07 . 2011-11-10 02:56 856576 c:\windows\$hf_mig$\KB925720\update\update.exe
+ 2011-01-30 09:07 . 2011-11-10 02:56 353792 c:\windows\$hf_mig$\KB925720\spuninst.exe
+ 2006-10-04 10:40 . 2011-11-10 02:56 197632 c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2006-10-04 10:40 . 2011-11-10 02:56 363008 c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 10:40 . 2011-11-10 02:56 201216 c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40 . 2011-11-10 02:56 220160 c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2010-08-19 14:34 . 2011-11-10 02:56 893440 c:\windows\$hf_mig$\KB923561\update\update.exe
+ 2010-08-19 14:34 . 2011-11-10 02:56 369152 c:\windows\$hf_mig$\KB923561\spuninst.exe
+ 2010-08-19 13:30 . 2011-11-10 02:56 363008 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe
+ 2010-08-19 13:30 . 2011-11-10 02:56 363008 c:\windows\$hf_mig$\KB923561\SP3GDR\wordpad.exe
+ 2010-08-19 13:30 . 2011-11-10 02:56 363008 c:\windows\$hf_mig$\KB923561\SP2QFE\wordpad.exe
+ 2010-09-17 12:43 . 2011-11-10 02:55 856576 c:\windows\$hf_mig$\KB915865\update\update.exe
+ 2010-09-17 12:43 . 2011-11-10 02:55 353792 c:\windows\$hf_mig$\KB915865\spuninst.exe
+ 2005-12-27 19:28 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB901214\update\update.exe
+ 2005-12-27 19:28 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB901214\spuninst.exe
+ 2005-12-27 19:28 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB899591\update\update.exe
+ 2005-12-27 19:28 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-12-27 19:28 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB899591\spuninst.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB899588\update\update.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB899588\update\arpidfix.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB899588\spuninst.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB899587\update\update.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB899587\spuninst.exe
+ 2010-08-19 13:25 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB898461\update\update.exe
+ 2010-08-19 13:25 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB898461\spuninst.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB896727\update\update.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB896727\update\arpidfix.exe
+ 2005-12-27 19:27 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB896727\spuninst.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 165888 c:\windows\$hf_mig$\KB896727\SP2QFE\iedw.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB896428\update\update.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB896428\spuninst.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 223232 c:\windows\$hf_mig$\KB896428\SP2QFE\telnet.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB896423\update\update.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB896423\spuninst.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 205312 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB896422\update\update.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB896422\spuninst.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB896358\update\update.exe
+ 2005-12-27 19:26 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB896358\spuninst.exe
+ 2005-12-27 19:25 . 2011-11-10 02:55 158208 c:\windows\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-12-27 19:24 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB894391\update\update.exe
+ 2005-12-27 19:24 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB894391\spuninst.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB893756\update\update.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 178176 c:\windows\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB893756\spuninst.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB893086\update\update.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB893086\spuninst.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB893066\update\update.exe
+ 2005-12-27 19:23 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB893066\spuninst.exe
+ 2005-12-27 19:22 . 2011-11-10 02:55 802304 c:\windows\$hf_mig$\KB891781\update\update.exe
+ 2005-12-27 19:22 . 2011-11-10 02:55 317440 c:\windows\$hf_mig$\KB891781\spuninst.exe
+ 2005-12-27 19:22 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB890859\update\update.exe
+ 2005-12-27 19:22 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB890859\spuninst.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 802304 c:\windows\$hf_mig$\KB890175\update\update.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 317440 c:\windows\$hf_mig$\KB890175\spuninst.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 802304 c:\windows\$hf_mig$\KB890047\update\update.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 317440 c:\windows\$hf_mig$\KB890047\spuninst.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 858624 c:\windows\$hf_mig$\KB890046\update\update.exe
+ 2005-12-27 19:21 . 2011-11-10 02:55 350208 c:\windows\$hf_mig$\KB890046\spuninst.exe
+ 2005-12-27 19:21 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB888302\update\update.exe
+ 2005-12-27 19:21 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB888302\spuninst.exe
+ 2005-12-27 19:20 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB888113\update\update.exe
+ 2005-12-27 19:20 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB888113\spuninst.exe
+ 2005-12-27 19:20 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB887472\update\update.exe
+ 2005-12-27 19:20 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB887472\spuninst.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB886185\update\update.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB886185\spuninst.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB885836\update\update.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB885836\spuninst.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB885835\update\update.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB885835\spuninst.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB885250\update\update.exe
+ 2005-12-27 19:19 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB885250\spuninst.exe
+ 2005-12-27 19:18 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB873339\update\update.exe
+ 2005-12-27 19:18 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB873339\spuninst.exe
+ 2005-12-27 19:18 . 2011-11-10 02:54 802304 c:\windows\$hf_mig$\KB873333\update\update.exe
+ 2005-12-27 19:18 . 2011-11-10 02:54 317440 c:\windows\$hf_mig$\KB873333\spuninst.exe
+ 2011-07-14 08:01 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-14 08:01 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-06-16 08:02 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2544893\update\update.exe
+ 2011-06-16 08:02 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2544893\spuninst.exe
+ 2011-06-16 08:06 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2544521-IE7\update\update.exe
+ 2011-06-16 08:06 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2544521-IE7\spuninst.exe
+ 2011-06-29 08:01 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-06-29 08:01 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-06-16 08:02 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2536276\update\update.exe
+ 2011-06-16 08:02 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2536276\spuninst.exe
+ 2011-06-16 08:03 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2535512\update\update.exe
+ 2011-06-16 08:03 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2535512\spuninst.exe
+ 2011-06-16 08:11 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2530548-IE7\update\update.exe
+ 2011-06-16 08:11 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2530548-IE7\spuninst.exe
+ 2011-04-21 10:34 . 2011-11-10 02:54 775168 c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
+ 2011-04-25 11:35 . 2011-11-10 02:54 161280 c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\ieudinit.exe
+ 2011-04-25 11:35 . 2011-11-10 02:54 218112 c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\ie4uinit.exe
+ 2011-03-24 08:01 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-24 08:01 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-04-16 19:14 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2511455\update\update.exe
+ 2011-04-16 19:14 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2511455\spuninst.exe
+ 2011-04-16 19:21 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2510581\update\update.exe
+ 2011-04-16 19:21 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2510581\spuninst.exe
+ 2011-04-16 19:07 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2509553\update\update.exe
+ 2011-04-16 19:07 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2509553\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2508429\update\update.exe
+ 2011-04-16 19:16 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2508429\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2508272\update\update.exe
+ 2011-04-16 19:16 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2508272\spuninst.exe
+ 2011-07-14 08:05 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-14 08:05 . 2011-11-10 02:54 369152 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 02:54 893440 c:\windows\$hf_mig$\KB2507618\update\update.exe
+ 2011-04-16 19:16 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2507618\spuninst.exe
+ 2011-04-16 19:21 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2506223\update\update.exe
+ 2011-04-16 19:21 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2506223\spuninst.exe
+ 2011-04-16 19:14 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2506212\update\update.exe
+ 2011-04-16 19:14 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2506212\spuninst.exe
+ 2011-06-16 08:05 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2503665\update\update.exe
+ 2011-06-16 08:05 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2503665\spuninst.exe
+ 2011-04-16 19:16 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2503658\update\update.exe
+ 2011-04-16 19:16 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2503658\spuninst.exe
+ 2011-04-16 19:20 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2497640-IE7\update\update.exe
+ 2011-04-16 19:20 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2497640-IE7\spuninst.exe
+ 2011-02-14 11:36 . 2011-11-10 02:53 775168 c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
+ 2011-02-17 11:43 . 2011-11-10 02:53 161280 c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\ieudinit.exe
+ 2011-02-17 11:43 . 2011-11-10 02:53 218112 c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\ie4uinit.exe
+ 2011-04-16 19:23 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2485663\update\update.exe
+ 2011-04-16 19:23 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2485663\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-03-04 09:15 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-03-04 09:07 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2482017-IE7\update\update.exe
+ 2011-03-04 09:07 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2482017-IE7\spuninst.exe
+ 2010-12-20 10:49 . 2011-11-10 02:53 775168 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
+ 2010-12-20 12:47 . 2011-11-10 02:53 161280 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\ieudinit.exe
+ 2010-12-20 12:47 . 2011-11-10 02:53 218112 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\ie4uinit.exe
+ 2011-03-09 09:01 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-09 09:01 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-11-10 02:53 825344 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-03-09 09:04 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-09 09:04 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-03-04 09:16 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-03-04 09:16 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-03-04 09:01 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2011-03-04 09:03 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-03-04 09:03 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-06-16 08:05 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2476490\update\update.exe
+ 2011-06-16 08:05 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2476490\spuninst.exe
+ 2011-03-04 09:15 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2011-03-04 09:15 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2011-03-04 09:14 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2011-03-04 09:01 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-03-03 23:24 . 2011-11-10 02:53 193024 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-03-04 09:03 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-03-04 09:03 . 2011-11-10 02:53 369152 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2011-03-04 09:01 . 2011-11-10 02:53 893440 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2010-08-22 04:22 . 2011-11-10 00:59 1893668 c:\windows\system32\Restore\rstrlog.dat
- 2011-02-20 04:03 . 2011-02-20 04:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 4397384 c:\windows\system32\mfc100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4397384 c:\windows\system32\mfc100.dll
- 2010-05-02 05:22 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2010-05-02 05:22 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 00:12 . 2011-11-10 03:15 1181184 c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 1445888 c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2010-08-19 13:54 . 2011-11-10 03:15 1032192 c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 00:12 . 2011-11-10 03:15 1179648 c:\windows\ServicePackFiles\i386\conf.exe
+ 2005-12-27 19:57 . 2011-11-10 03:14 1138688 c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
+ 2011-04-14 21:26 . 2011-11-10 03:14 1122304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
+ 2008-07-30 05:40 . 2011-11-10 03:13 1859072 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 05:40 . 2011-11-10 03:13 1686528 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-25 17:17 . 2011-11-10 03:13 1310720 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2011-07-08 19:59 . 2011-07-08 19:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 21:55 . 2010-09-23 21:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-07-08 19:59 . 2011-07-08 19:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 21:55 . 2010-09-23 21:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-09-23 08:26 . 2010-09-23 08:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 18:02 . 2011-07-07 18:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-07-07 18:02 . 2011-07-07 18:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-09-23 21:55 . 2010-09-23 21:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-07-08 19:59 . 2011-07-08 19:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-11-03 19:31 . 2011-11-03 19:31 5525504 c:\windows\Installer\cc46f3.msp
+ 2011-05-02 06:06 . 2011-05-02 06:06 2705920 c:\windows\Installer\102c823.msp
+ 2011-07-26 14:17 . 2011-07-26 14:17 6824960 c:\windows\Installer\102c80c.msp
+ 2011-06-29 03:27 . 2011-06-29 03:27 4028928 c:\windows\Installer\102543a.msp
+ 2011-11-10 11:48 . 2011-11-10 11:48 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_dc2b478c\System.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_20cc1153\System.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e17a0f4a\System.Xml.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e053fcb9\System.Xml.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6c72f2c7\System.Windows.Forms.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6958f2df\System.Windows.Forms.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cdd5d8db\System.Drawing.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f5e09e4c\System.Design.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a026e1af\System.Design.dll
+ 2011-11-10 11:48 . 2011-11-10 11:48 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9aa5f8a4\mscorlib.dll
+ 2011-11-10 11:49 . 2011-11-10 11:49 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_441b6d24\mscorlib.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-28 08:06 . 2011-06-28 08:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-10 12:57 . 2011-11-10 12:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-28 08:05 . 2011-06-28 08:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-10 11:47 . 2011-11-10 11:47 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-03-04 09:02 . 2011-03-04 09:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-03-04 09:02 . 2011-03-04 09:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-11-10 11:47 . 2011-11-10 11:47 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-03-04 09:02 . 2011-11-10 03:06 3706368 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2011-03-03 16:16 . 2011-11-10 03:05 3702784 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2011-03-03 23:26 . 2011-11-10 03:01 3706368 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-19 13:37 . 2011-11-10 02:59 3706368 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2010-08-19 13:37 . 2011-11-10 02:59 3706368 c:\windows\$hf_mig$\KB975561\SP3GDR\moviemk.exe
+ 2010-08-19 13:37 . 2011-11-10 02:59 3702784 c:\windows\$hf_mig$\KB975561\SP2QFE\moviemk.exe
+ 2005-12-27 19:20 . 2011-11-10 02:54 1841664 c:\windows\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2010-08-19 14:38 . 2011-10-28 04:04 50295240 c:\windows\system32\MRT.exe
+ 2011-07-13 04:49 . 2011-07-13 04:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
+ 2011-07-12 21:50 . 2011-07-12 21:50 17555968 c:\windows\Installer\cc46f2.msp
+ 2011-11-10 12:52 . 2011-11-10 12:52 20333568 c:\windows\Installer\102c822.msp
+ 2011-07-26 22:33 . 2011-07-26 22:33 10984448 c:\windows\Installer\102c817.msp
+ 2011-07-12 02:43 . 2011-07-12 02:43 11641344 c:\windows\Installer\102c80f.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2011-11-10 299008]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlnfw32]
itlnfw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlntfy]
itlnfw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 17:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ZB]
itlnfw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 16:12 13594624 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-30 14:12 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\fpupdate.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\brendanjames\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Zachtronics Industries\\Infiniminer\\InfiniminerServer.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57681:TCP"= 57681:TCP:Pando Media Booster
"57681:UDP"= 57681:UDP:Pando Media Booster
.
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
S2 FdRedir;FdRedir;\??\c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys --> c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 smihlp;SMI helper driver;\??\c:\program files\Protector Suite QL\smihlp.sys --> c:\program files\Protector Suite QL\smihlp.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\25.tmp --> c:\windows\system32\25.tmp [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"c:\program files\Zune\WMZuneComm.exe" --> c:\program files\Zune\WMZuneComm.exe [?]
S3 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [2/24/2011 11:31 AM 25952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-07-14 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2009-06-26 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
uInternet Connection Wizard,ShellNext = https://safe-cart.com/qiwang/.perfect-uninstaller/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
txtfile=%windir%\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-Call of Duty Game of the Year Edition - c:\progra~1\CALLOF~1\Uninstall\Unwise.exe
AddRemove-{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} - c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 10:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\25.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
@DACL=(02 0000)
"DLLName"="avgrsstx.dll"
"Startup"="AvgStartup"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
@DACL=(02 0000)
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
"Event"=dword:00000000
"InstallEvent"="1.9.0040.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
.
- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\WININET.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-11-10 10:38:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 16:38
ComboFix2.txt 2011-11-09 14:00
ComboFix3.txt 2011-11-09 05:19
.
Pre-Run: 63,250,808,832 bytes free
Post-Run: 63,239,360,512 bytes free
.
- - End Of File - - 1332434BC2B15358E05E5B0F3E0BC0D7

#6 coastermill

coastermill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 20 November 2011 - 01:04 PM

here was my last malwarebytes log.

Attached Files



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 PM

Posted 20 November 2011 - 07:48 PM

Hi coastermill,

I'm afraid I have bad news:

Expiro is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. It is file infector and capable of stealing your credit card details.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
  • Understanding virus names
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:[list]
  • When should I re-format? How should I reinstall?
  • Where to draw the line? When to recommend a format and reinstall?

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 coastermill

coastermill
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 21 November 2011 - 11:57 AM

ok, that is what i need to know. thank you very much for your help and advice. i greatly appreciate it.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 PM

Posted 21 November 2011 - 06:59 PM

You're most welcome and sorry I couldn't help more.

If you have no further questions, I'll clsoe this topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 PM

Posted 03 December 2011 - 09:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users