Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started out as Windows 2012 fake Av


  • This topic is locked This topic is locked
19 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 13 February 2012 - 04:55 PM

Working on a system that was reported to have recieved the Windows 2012 fake AV according to my customer. Here is a list of what was used and removed so far:

Emsisoft Emergency Scan -
Trace.Registry.TryMedia (x2)
Trace.Registry.Gamevance (x1)
Trace.Registry.Track4.com (x1)

Spybot Search & Destroy -
W3;IQ5.fraud C:\WINDOWS\System32\AI_recyclebin (x1)

Malwarebytes -
AdwareMyWebSearch Reg. HKEY_CurrentUser (x4)
TrojanDropper C:\WINDOWS\Sytem32\fsquirt.exe (x3)

Eset Online Scanner -
Win32/PSW.OnlineGames.NNU Trojan (x1)



Windows XP SP3 System 32 bit OS

After cleaning out what I was able to locate the system still appears to be extremely slow and very hesitant. Also will not completely defrag even in "safemode".

Defogger was used and I am posting the .dds txt file here with the attach file zipped as required.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Owner at 16:34:04 on 2012-02-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.444 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [PhilipsSongbirdLauncher] c:\program files\philips\philips songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
uRun: [ihanotify] c:\program files\verizon\fios\ihs\IHANotify.exe BalloonCount=1446 RunNotify=fios BalloonMsg=init
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{454AC772-26D8-47D6-B92C-D1C35F73A063} : DhcpNameServer = 192.168.2.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-3 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-3 44768]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-4-12 689392]
R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart product drivers\UCService.exe [2010-7-15 844688]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-1-7 27064]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-7-15 1662352]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-7 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-7 136176]
S4 mp3_downloadmanager_service;mp3_downloadmanager_service;c:\program files\verizon wireless\mp3_downloadmanager_service.exe [2009-12-17 139776]
.
=============== Created Last 30 ================
.
2012-02-09 16:44:55 -------- d-sha-r- C:\cmdcons
2012-02-09 16:44:06 98816 ----a-w- c:\windows\sed.exe
2012-02-09 16:44:06 518144 ----a-w- c:\windows\SWREG.exe
2012-02-09 16:44:06 256000 ----a-w- c:\windows\PEV.exe
2012-02-09 16:44:06 208896 ----a-w- c:\windows\MBR.exe
2012-02-06 18:26:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 18:26:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-06 03:53:57 -------- d-----w- c:\program files\Sophos
.
==================== Find3M ====================
.
2012-01-07 20:38:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2010-08-04 22:44:01 336 ----a-w- c:\program files\temp995.bat
.
============= FINISH: 16:35:48.54 ===============

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 18 February 2012 - 06:45 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 18 February 2012 - 10:58 PM

As requested here are the logs you requested:

OTL logfile created on: 2/18/2012 3:52:16 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 46.48% Memory free
2.69 Gb Paging File | 2.16 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.68 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

Computer Name: MULLINS-8EACEF7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 15:50:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/02/01 04:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/12/28 10:44:02 | 000,237,568 | ---- | M] (COLLABERA) -- C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe
PRC - [2010/09/11 18:01:14 | 000,346,624 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/15 15:48:22 | 000,844,688 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
PRC - [2010/07/15 15:47:42 | 005,350,288 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 13:38:48 | 001,707,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021801\algo.dll
MOD - [2012/02/13 09:37:44 | 001,691,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021301\algo.dll
MOD - [2012/01/03 15:27:55 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_59fdce8f\mscorlib.dll
MOD - [2012/01/03 15:27:17 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ad7b6c15\system.drawing.dll
MOD - [2012/01/03 15:26:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f26922e6\system.xml.dll
MOD - [2012/01/03 15:26:00 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/03 15:25:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/03 15:25:55 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/01/03 15:25:48 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b34237cf\system.windows.forms.dll
MOD - [2012/01/03 15:25:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/01/03 15:25:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/01/03 15:25:38 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/01/03 15:25:36 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/03 15:25:33 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/01/03 15:25:28 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/01/03 15:25:19 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/01/03 15:25:15 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 15:24:11 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_de97a6fb\system.dll
MOD - [2012/01/03 15:20:08 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/03 15:20:04 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/10/14 02:20:30 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/14 02:19:58 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/14 02:19:28 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:18:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:16:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:16:23 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:16:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 02:13:57 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:13:18 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/03/18 11:32:16 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/18 11:32:15 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/18 11:32:14 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/18 11:32:14 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/18 11:32:14 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/18 11:32:14 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/18 11:32:14 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/18 11:32:14 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/18 11:32:13 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/18 11:32:13 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/18 11:32:13 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/25 13:08:28 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/09/11 18:01:14 | 000,346,624 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
MOD - [2010/06/15 13:43:24 | 000,565,248 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll
MOD - [2010/05/02 02:01:51 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/05/02 02:01:49 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/04/30 13:53:07 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010/04/30 13:53:07 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2010/04/30 13:53:02 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2010/04/30 13:52:22 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/04/30 13:51:49 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/04/30 13:51:49 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2010/04/30 13:51:48 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/04/30 13:51:48 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/04/30 13:51:47 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/04/30 13:51:47 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/04/30 13:51:46 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/04/30 13:51:46 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2010/04/30 13:51:46 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/04/30 13:51:46 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/04/30 13:51:45 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2010/04/30 13:51:45 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/04/30 13:51:45 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2010/04/30 13:51:44 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/04/30 13:50:14 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2010/04/30 13:50:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/04/30 13:50:12 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2010/04/30 13:50:12 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2010/04/30 13:50:12 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/04/30 13:50:12 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2010/04/30 13:46:37 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2010/02/05 14:37:18 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/06 07:22:10 | 002,011,648 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll
MOD - [2009/09/29 04:43:02 | 007,462,912 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll
MOD - [2009/09/29 04:32:20 | 000,877,056 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll
MOD - [2009/02/04 15:19:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2005/10/25 01:24:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\DELS3L3.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/15 15:48:48 | 001,662,352 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2010/07/15 15:48:22 | 000,844,688 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe -- (SMART Display Controller)
SRV - [2010/07/15 15:47:42 | 005,350,288 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/11/18 17:59:54 | 000,139,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Verizon Wireless\mp3_downloadmanager_service.exe -- (mp3_downloadmanager_service)
SRV - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/10/06 15:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/20 17:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 17:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 17:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 17:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.8.1615
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.7.1
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:3.2.0.2202
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:3.2.0.2200
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:3.2.0.2226
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:3.2.0.2207
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:3.2.0.2203
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.7.1

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll File not found


[2012/01/07 11:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/11 18:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/01/07 11:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 20:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/04/01 12:50:10 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/08/07 20:50:05 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
[2010/10/16 12:53:03 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2010/10/16 12:52:53 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2010/10/16 12:53:03 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2010/10/16 12:53:02 | 000,000,000 | ---D | M] (Philips Skin) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2010/10/16 12:53:02 | 000,000,000 | ---D | M] (Philips UI) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011/12/01 09:00:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/02/13 16:23:26 | 000,440,549 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15168 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [PhilipsSongbirdLauncher] C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454AC772-26D8-47D6-B92C-D1C35F73A063}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/03 12:54:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "vToolbarUpdater"
MsConfig - Services: "dlcf_device"
MsConfig - Services: "avg9wd"
MsConfig - Services: "AVG Security Toolbar Service"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^V CAST Media Monitor.lnk - C:\Program Files\V CAST Media Manager\MEMonitor.exe - (Smith Micro, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 15:50:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/18 15:42:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/13 16:33:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/13 16:19:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/09 18:52:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/09 16:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/09 11:44:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 11:44:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 11:44:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 11:44:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 11:44:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/06 14:42:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/06 13:26:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/06 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/05 22:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

========== Files - Modified Within 30 Days ==========

[2012/02/18 16:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 15:50:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/18 15:46:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 15:38:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 15:37:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/13 16:38:14 | 000,004,271 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/02/13 16:33:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/13 16:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/13 16:31:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/13 16:23:26 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 17:23:48 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/02/09 14:54:44 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120213-162326.backup
[2012/02/09 11:59:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/09 11:33:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 11:25:55 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2012/02/06 15:01:26 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/02/06 13:02:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/06 12:32:14 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-145444.backup
[2012/01/26 23:45:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job

========== Files Created - No Company Name ==========

[2012/02/13 16:38:14 | 000,004,271 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/02/13 16:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/13 16:31:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/09 11:45:02 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/02/09 11:44:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 11:44:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 11:44:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 11:44:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 11:44:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 11:44:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 11:33:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 19:21:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/31 19:05:44 | 000,016,186 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\iby133xj4sns01ic6q784r6siovox6gw0cgqd
[2011/12/31 19:05:44 | 000,016,186 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iby133xj4sns01ic6q784r6siovox6gw0cgqd
[2011/07/04 08:39:53 | 000,000,086 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2011/05/18 03:25:08 | 000,293,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/11 18:16:24 | 000,067,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/04 17:43:48 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2010/05/21 07:51:38 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/03 13:53:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/04/30 13:17:56 | 000,104,255 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/04/30 13:17:56 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/04/17 11:41:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/04/15 02:05:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/16 07:07:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/12 07:10:33 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/03/12 07:10:32 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/06 16:36:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2012/01/03 16:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/03 14:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 08:18:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/12/19 08:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2011/08/11 01:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/04/12 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/04/01 12:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2011/03/18 10:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/01/28 15:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/01/07 11:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/13 12:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/09 18:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/07 17:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/06/24 19:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/17 14:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
[2010/03/31 13:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/02/19 17:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2009/06/21 18:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Maple
[2009/03/31 15:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/12/21 15:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\myfreezetoolbar
[2010/03/16 07:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2010/09/11 18:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips
[2010/09/11 18:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philips-Songbird
[2011/04/01 12:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SMART Technologies
[2011/01/07 12:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SMART Technologies Inc
[2010/03/22 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2008/12/26 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2011/02/25 11:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Songbird2
[2009/03/29 11:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2011/07/13 14:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2012/01/02 21:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2011/03/18 09:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2010/03/10 08:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestGen
[2009/12/19 08:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Titanium Gears
[2012/01/26 23:45:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/09/03 12:54:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/02/09 11:25:55 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2012/02/09 17:23:48 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/09 16:28:12 | 000,011,794 | ---- | M] () -- C:\ComboFix.txt
[2008/09/03 12:54:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/02/13 21:38:54 | 000,010,730 | ---- | M] () -- C:\dlcf.log
[2003/12/08 12:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2008/09/03 12:54:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/03 12:54:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 09:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 14:03:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/18 15:37:55 | 1811,939,328 | -HS- | M] () -- C:\pagefile.sys
[2010/03/08 09:59:36 | 022,484,168 | ---- | M] () -- C:\R146531.exe
[2012/02/06 12:46:40 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2012/02/05 22:26:55 | 000,051,090 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_05.02.2012_19.16.18_log.txt
[2010/03/10 08:37:15 | 010,034,139 | ---- | M] () -- C:\tgsetup744.exe
[2010/02/26 20:28:18 | 003,952,640 | ---- | M] () -- C:\w_delaware_ind_2009_01.exe
[2010/02/26 20:29:40 | 085,098,496 | ---- | M] () -- C:\w_form_1040_2009_11.exe
[2010/02/26 20:28:36 | 004,689,920 | ---- | M] () -- C:\w_maryland_ind_2009_02a.exe
[2010/02/26 20:28:49 | 004,685,824 | ---- | M] () -- C:\w_new_jersey_ind_2009_02a.exe
[2010/02/26 20:29:32 | 005,361,664 | ---- | M] () -- C:\w_pennsylvania_ind_2009_03a.exe
[2011/03/18 11:23:47 | 116,421,952 | ---- | M] () -- C:\w_turbotax_1040_bsc_2010.140.0101.exe
[2011/11/02 19:02:10 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/14 04:06:40 | 000,019,968 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\BuEProNT.dll
[2006/09/17 20:57:22 | 000,019,456 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\DELS3pc.dll
[2006/10/20 04:39:34 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/03 08:19:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/09/03 08:19:36 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/09/03 08:19:36 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >
[2010/08/04 17:44:01 | 000,000,336 | ---- | M] () -- C:\Program Files\temp995.bat

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< End of report >


OTL Extras logfile created on: 2/18/2012 3:52:16 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 46.48% Memory free
2.69 Gb Paging File | 2.16 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.68 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

Computer Name: MULLINS-8EACEF7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service -- (SMART Technologies ULC)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\dlcfcoms.exe" = C:\WINDOWS\system32\dlcfcoms.exe:*:Disabled:Dell 725 Server -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 30
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{333B0B76-FC96-4C51-9AF6-B6EFA15ACE99}" = SMART Product Drivers
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{47E6A509-37B7-4440-A252-7031E9A898D7}" = SMART Notebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5389A026-79C3-4D20-8E9F-94F8BD4F87EE}" = TurboTax 2010 wdeiper
"{5658CE44-2822-45C9-A5C0-F93AB4682BBF}" = Document eSort Components
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0524B49-9798-4EFB-A392-06C18BEC7432}" = Vz In Home Agent
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C88C7B73-2193-4869-80DB-D77DAEA86EA1}" = H&R Block Delaware 2010
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"4249-7808-9389-3199" = Verizon Wireless Download Manager 2.1.0-SNAPSHOT-r8122
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler (remove only)
"Dell Laser Printer 1110" = Dell Laser Printer 1110 Software Uninstall
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Philips Songbird" = Philips Songbird
"PROR" = Microsoft Office Professional 2007 Trial
"ProSeries 2010" = ProSeries 2010
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18
"TeamViewer 7" = TeamViewer 7
"TurboTax 2010" = TurboTax 2010
"Verizon Help and Support" = Verizon Help and Support Tool
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 5:37:36 PM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2012 5:37:36 PM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2012 9:47:30 AM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2012 9:47:30 AM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2012 9:09:51 PM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2012 9:09:51 PM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2012 9:51:50 PM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2012 10:24:28 AM | Computer Name = MULLINS-8EACEF7 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2012 4:02:34 PM | Computer Name = MULLINS-8EACEF7 | Source = MsiInstaller | ID = 11704
Description = Product: HiJackThis -- Error 1704. An installation for SUPERAntiSpyware
Free Edition is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 2/9/2012 5:46:01 PM | Computer Name = MULLINS-8EACEF7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 2/9/2012 12:44:03 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/9/2012 12:44:03 PM | Computer Name = MULLINS-8EACEF7 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/9/2012 12:44:04 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 2/9/2012 12:53:14 PM | Computer Name = MULLINS-8EACEF7 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/9/2012 12:53:15 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/9/2012 12:53:15 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/9/2012 12:54:11 PM | Computer Name = MULLINS-8EACEF7 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/9/2012 12:54:11 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/9/2012 12:54:11 PM | Computer Name = MULLINS-8EACEF7 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/9/2012 12:55:43 PM | Computer Name = MULLINS-8EACEF7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Attached Files

  • Attached File  ark.zip   9.13KB   1 downloads


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 February 2012 - 11:29 AM

Hello, sh4rkbyt3.

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


Please attach C:\COmbofix.txt to your reply.



Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    MsConfig - StartUpReg: swg - hkey= - key= - File not found
    :files
    C:\Documents and Settings\Owner\Local Settings\Application Data\iby133xj4sns01ic6q784r6siovox6gw0cgqd
    C:\Documents and Settings\All Users\Application Data\iby133xj4sns01ic6q784r6siovox6gw0cgqd
    C:\Program Files\temp995.bat
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=-
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 February 2012 - 05:20 PM

ok did as you said. The Combofix log isn't fresh though, it was ran before I contacted Bleeping but I'll post it anyway. If you'd prefer a fresh run/scan, just let me know.

ComboFix 12-02-09.04 - Owner 02/09/2012 16:20:38.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.831 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\9709609.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 16:38 . 2012-02-09 16:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-06 18:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 18:26 . 2012-02-09 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-06 03:53 . 2012-02-06 17:57 -------- d-----w- c:\program files\Sophos
2012-02-06 00:10 . 2012-02-06 00:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-02-06 00:09 . 2012-02-06 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 20:38 . 2012-01-07 20:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2012-01-03 22:00 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2012-01-03 22:00 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2012-01-03 22:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2012-01-03 22:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2012-01-03 22:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2012-01-03 22:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2012-01-03 22:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2012-01-03 22:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2012-01-03 22:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2012-01-03 22:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 14:03 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
2010-08-04 22:44 . 2010-08-04 22:43 336 ----a-w- c:\program files\temp995.bat
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-09_16.51.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 17:56 . 2012-02-09 17:56 22016 c:\windows\Installer\200ecd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsSongbirdLauncher"="c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe" [2010-09-11 346624]
"ihanotify"="c:\program files\Verizon\FiOS\ihs\IHANotify.exe" [2010-12-28 237568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater"=2 (0x2)
"dlcf_device"=2 (0x2)
"avg9wd"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/3/2012 5:00 PM 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/3/2012 5:00 PM 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/3/2012 5:00 PM 20568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2012 3:40 PM 136176]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 4:06 PM 290832]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [4/12/2011 9:21 PM 689392]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [7/15/2010 3:48 PM 844688]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 4:54 AM 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 4:54 AM 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2012 3:40 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/7/2012 11:18 AM 27064]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [7/15/2010 3:48 PM 1662352]
S4 mp3_downloadmanager_service;mp3_downloadmanager_service;c:\program files\Verizon Wireless\mp3_downloadmanager_service.exe [12/17/2009 2:08 PM 139776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-27 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2012-01-24 18:15]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 20:40]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx?LOBCode=C&PromoTCode=MVZ00&PromoSrcCode=V&POEId=VU1SP&CMP=DMC-MVZ00
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 16:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-09 16:28:11
ComboFix-quarantined-files.txt 2012-02-09 21:28
ComboFix2.txt 2012-02-09 17:19
ComboFix3.txt 2012-02-09 16:54
ComboFix4.txt 2012-01-03 01:01
.
Pre-Run: 23,679,909,888 bytes free
Post-Run: 23,671,930,880 bytes free
.
- - End Of File - - 7E13EE16210613353BA7D620C3999F50

Here is the OTL log after your script was run:

OTL logfile created on: 2/19/2012 1:25:12 PM - Run 2
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 39.70% Memory free
2.69 Gb Paging File | 2.09 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.21 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: MULLINS-8EACEF7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 15:50:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/02/01 04:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/12/28 10:44:02 | 000,237,568 | ---- | M] (COLLABERA) -- C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe
PRC - [2010/09/11 18:01:14 | 000,346,624 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/15 15:48:22 | 000,844,688 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
PRC - [2010/07/15 15:47:42 | 005,350,288 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 13:02:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/19 13:02:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/19 13:01:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/19 12:54:22 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/19 01:33:56 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021900\algo.dll
MOD - [2012/02/18 22:37:26 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/02/18 22:37:23 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/18 22:37:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/02/18 22:37:18 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/02/18 22:37:15 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/02/18 22:37:15 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/18 22:37:13 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/02/18 22:37:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/18 22:37:10 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/02/18 22:37:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/02/18 22:36:57 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 15:27:55 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_59fdce8f\mscorlib.dll
MOD - [2012/01/03 15:27:17 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ad7b6c15\system.drawing.dll
MOD - [2012/01/03 15:26:20 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f26922e6\system.xml.dll
MOD - [2012/01/03 15:25:48 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b34237cf\system.windows.forms.dll
MOD - [2012/01/03 15:24:11 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_de97a6fb\system.dll
MOD - [2012/01/03 15:20:08 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/03 15:20:04 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/10/14 02:13:18 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/03/18 11:32:16 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/18 11:32:15 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/18 11:32:14 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/18 11:32:14 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/18 11:32:14 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/18 11:32:14 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/18 11:32:14 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/18 11:32:14 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/18 11:32:13 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/03/18 11:32:13 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/18 11:32:13 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/25 13:08:28 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/09/11 18:01:14 | 000,346,624 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
MOD - [2010/06/15 13:43:24 | 000,565,248 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll
MOD - [2010/05/02 02:01:51 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/05/02 02:01:49 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/04/30 13:53:07 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2010/04/30 13:53:07 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2010/04/30 13:53:02 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2010/04/30 13:52:22 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/04/30 13:51:49 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/04/30 13:51:49 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2010/04/30 13:51:48 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/04/30 13:51:48 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/04/30 13:51:47 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/04/30 13:51:47 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/04/30 13:51:46 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/04/30 13:51:46 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2010/04/30 13:51:46 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/04/30 13:51:46 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/04/30 13:51:45 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2010/04/30 13:51:45 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/04/30 13:51:45 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2010/04/30 13:51:44 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/04/30 13:50:14 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2010/04/30 13:50:13 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/04/30 13:50:12 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2010/04/30 13:50:12 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2010/04/30 13:50:12 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/04/30 13:50:12 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2010/04/30 13:46:37 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2010/02/05 14:37:18 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/06 07:22:10 | 002,011,648 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll
MOD - [2009/09/29 04:43:02 | 007,462,912 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll
MOD - [2009/09/29 04:32:20 | 000,877,056 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll
MOD - [2009/02/04 15:19:47 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2005/10/25 01:24:22 | 000,020,594 | ---- | M] () -- C:\WINDOWS\system32\DELS3L3.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/15 15:48:48 | 001,662,352 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2010/07/15 15:48:22 | 000,844,688 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe -- (SMART Display Controller)
SRV - [2010/07/15 15:47:42 | 005,350,288 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/11/18 17:59:54 | 000,139,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Verizon Wireless\mp3_downloadmanager_service.exe -- (mp3_downloadmanager_service)
SRV - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/10/06 15:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/20 17:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 17:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 17:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 17:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.8.1615
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.7.1
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:3.2.0.2202
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:3.2.0.2200
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:3.2.0.2226
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:3.2.0.2207
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:3.2.0.2203
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.7.1

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll File not found


[2012/01/07 11:12:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/11 18:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2012/01/07 11:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 20:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/04/01 12:50:10 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/08/07 20:50:05 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
[2010/10/16 12:53:03 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2010/10/16 12:52:53 | 000,000,000 | ---D | M] (Philips Branding) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2010/10/16 12:53:03 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2010/10/16 12:53:02 | 000,000,000 | ---D | M] (Philips Skin) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2010/10/16 12:53:02 | 000,000,000 | ---D | M] (Philips UI) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\PHILIPS-SONGBIRD\PROFILES\60ADAAYY.DEFAULT\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2011/02/25 11:25:00 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011/12/01 09:00:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/02/13 16:23:26 | 000,440,549 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15168 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [PhilipsSongbirdLauncher] C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - HKU\S-1-5-21-682003330-1500820517-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454AC772-26D8-47D6-B92C-D1C35F73A063}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/03 12:54:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 13:27:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/19 13:05:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/19 13:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/19 13:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/19 13:02:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/02/18 15:50:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/13 16:33:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/09 18:52:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/09 16:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/09 11:44:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 11:44:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 11:44:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 11:44:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 11:44:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/06 14:42:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/02/06 13:26:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/06 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/05 22:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

========== Files - Modified Within 30 Days ==========

[2012/02/19 13:19:50 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/19 13:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/19 13:03:49 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/19 13:03:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2012/02/19 13:03:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/02/19 13:02:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/02/19 13:00:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 12:52:27 | 000,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 22:37:47 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/18 22:37:47 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/18 16:09:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rq8whkqd.exe
[2012/02/18 15:50:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/18 15:38:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/13 16:38:14 | 000,004,271 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/02/13 16:33:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/02/13 16:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/13 16:31:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/13 16:23:26 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 17:23:48 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/02/09 14:54:44 | 000,440,549 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120213-162326.backup
[2012/02/09 11:59:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/09 11:33:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 11:25:55 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2012/02/06 15:01:26 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/02/06 13:02:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/06 12:32:14 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-145444.backup
[2012/01/26 23:45:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job

========== Files Created - No Company Name ==========

[2012/02/19 13:03:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/19 13:03:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2012/02/19 13:03:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/02/18 16:09:43 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rq8whkqd.exe
[2012/02/18 15:42:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 15:42:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/13 16:38:14 | 000,004,271 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/02/13 16:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/02/13 16:31:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/02/09 11:45:02 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/02/09 11:44:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 11:44:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 11:44:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 11:44:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 11:44:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 11:44:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 11:33:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 19:21:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/04 08:39:53 | 000,000,086 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2011/05/18 03:25:08 | 000,293,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/11 18:16:24 | 000,067,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/21 07:51:38 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/03 13:53:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/04/30 13:17:56 | 000,104,255 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/04/30 13:17:56 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/04/17 11:41:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/04/15 02:05:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/16 07:07:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/12 07:10:33 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/03/12 07:10:32 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/06 16:36:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\wininit.ini

< End of report >

The last run using theEset Online Scan reported no threats found and gave me no opportunity to save the logfile?

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 08:29 AM

Hello, sh4rkbyt3.

It's an old log, but I'm trying to see what we're dealing with so we can best attack it. So, I need the original run from this issue. Please attach C:\Qoobox\ComboFix3.txt in your reply.

Nothing is really standing out as malware, but we can take a deeper look depending on what that Combofix log shows.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 12:33 PM

No problem etavares, I've .zip'd it and attached it as you requested.

#8 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 12:34 PM

Ok that didn't work out so well. Here's the log:

ComboFix 12-02-09.04 - Administrator 02/09/2012 11:46:51.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.725 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\gkjtgiktgi.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 16:38 . 2012-02-09 16:38 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-06 18:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 18:26 . 2012-02-09 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-06 03:53 . 2012-02-06 17:57 -------- d-----w- c:\program files\Sophos
2012-02-06 00:10 . 2012-02-06 00:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-02-06 00:09 . 2012-02-06 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 20:38 . 2012-01-07 20:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2012-01-03 22:00 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2012-01-03 22:00 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2012-01-03 22:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2012-01-03 22:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2012-01-03 22:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2012-01-03 22:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2012-01-03 22:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2012-01-03 22:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2012-01-03 22:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2012-01-03 22:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 14:03 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
2010-08-04 22:44 . 2010-08-04 22:43 336 ----a-w- c:\program files\temp995.bat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-03_00.49.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-03-31 18:27 . 2009-02-27 08:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-03-31 18:27 . 2009-02-27 08:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
- 2004-08-12 14:03 . 2011-11-07 22:13 72274 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2012-01-03 20:26 72274 c:\windows\system32\perfc009.dat
+ 2010-03-31 18:28 . 2009-02-27 08:42 31640 c:\windows\system32\msonpmon.dll
+ 2004-08-12 13:59 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-12 13:59 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2012-01-07 16:18 . 2009-12-30 15:20 27064 c:\windows\system32\drivers\revoflt.sys
+ 2004-08-12 14:03 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
- 2004-08-12 13:59 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-12 13:59 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2008-09-07 19:58 . 2011-12-01 14:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-07 21:00 . 2012-01-10 03:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 19:58 . 2012-01-10 03:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-07 19:58 . 2011-12-01 14:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-07 21:00 . 2012-01-10 03:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-07 19:58 . 2011-12-01 14:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 16:07 . 2011-12-25 16:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 04:49 . 2011-12-25 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 04:49 . 2011-12-25 04:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2012-01-07 20:50 . 2012-01-07 20:50 22016 c:\windows\Installer\d312e.msi
+ 2012-01-07 20:40 . 2012-01-07 20:40 24064 c:\windows\Installer\d3129.msi
- 2010-03-31 18:28 . 2011-12-16 08:12 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-03-31 18:28 . 2011-12-16 08:12 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-31 18:28 . 2011-12-16 08:12 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 19:24 . 2009-02-26 19:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 19:24 . 2009-02-26 19:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2011-05-31 21:31 . 2011-05-31 21:31 32128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VPREVIEW.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2011-07-20 10:17 . 2011-07-20 10:17 33152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETLANG.EXE
+ 2011-07-27 09:53 . 2011-07-27 09:53 39464 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFIEBAR.DLL
+ 2009-02-27 00:21 . 2009-02-27 00:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 43352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLRPC.DLL
+ 2011-07-27 10:17 . 2011-07-27 10:17 22432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISCTRL.DLL
+ 2011-07-27 10:25 . 2011-07-27 10:25 53728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFRHD.DLL
+ 2011-07-27 09:53 . 2011-07-27 09:53 64872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NAME.DLL
+ 2009-02-26 22:07 . 2009-02-26 22:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 22:07 . 2009-02-26 22:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-27 00:21 . 2009-02-27 00:21 25968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOEURO.DLL
+ 2011-07-27 09:34 . 2011-07-27 09:34 13712 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCFU.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 20352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MLSHEXT.DLL
+ 2011-05-31 21:26 . 2011-05-31 21:26 88448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\METCONV.DLL
+ 2011-07-27 22:49 . 2011-07-27 22:49 56696 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_XPS.DLL
+ 2011-07-27 22:49 . 2011-07-27 22:49 95608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_PDF.DLL
+ 2009-02-26 22:07 . 2009-02-26 22:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 55168 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACERCLR.DLL
+ 2009-02-26 16:18 . 2009-02-26 16:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODTXT.DLL
+ 2009-02-26 16:18 . 2009-02-26 16:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODPDX.DLL
+ 2009-02-26 16:18 . 2009-02-26 16:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODEXL.DLL
+ 2009-02-26 16:18 . 2009-02-26 16:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODDBS.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 47024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEERR.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 55240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNFLT.EXE
+ 2010-01-18 22:08 . 2010-01-18 22:08 35648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2012-01-03 20:24 . 2012-01-03 20:24 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_100d63f7\System.Drawing.Design.dll
+ 2012-01-03 20:24 . 2012-01-03 20:24 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ec6efb5b\CustomMarshalers.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-14 07:01 . 2011-10-14 07:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 20:20 . 2012-01-03 20:20 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 20:07 . 2012-01-03 20:07 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-01-03 20:07 . 2012-01-03 20:07 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-01-21 08:08 . 2010-01-21 08:08 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-01-03 20:14 . 2012-01-03 20:14 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2004-08-12 14:09 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-12 14:09 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2010-03-31 18:27 . 2009-02-27 08:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-03-31 18:27 . 2009-02-27 08:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
- 2004-08-12 14:03 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-12 14:03 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2004-08-12 14:03 . 2012-01-03 20:26 444016 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2011-11-07 22:13 444016 c:\windows\system32\perfh009.dat
+ 2012-01-07 20:38 . 2012-01-07 20:38 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-01-07 20:38 . 2012-01-07 20:38 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2012-01-03 01:01 . 2011-11-10 10:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-03 01:01 . 2011-11-10 10:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-03 01:01 . 2011-11-10 10:54 149280 c:\windows\system32\java.exe
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
- 2004-08-12 14:03 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-12 14:03 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2012-01-03 01:01 . 2011-11-10 10:54 472808 c:\windows\system32\deployJava1.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 03:53 . 2011-12-25 03:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 04:49 . 2011-12-25 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2012-01-03 22:00 . 2012-01-03 22:00 219648 c:\windows\Installer\ef76f.msi
+ 2012-01-03 01:02 . 2012-01-03 01:02 203776 c:\windows\Installer\98cb1.msi
+ 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\1732d6.msp
- 2010-03-31 18:28 . 2011-12-16 08:12 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-03-31 18:28 . 2011-12-16 08:12 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-03-31 18:28 . 2011-12-16 08:12 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-03-31 18:28 . 2011-12-16 08:12 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2012-01-03 20:01 . 2012-01-03 20:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-01-21 08:05 . 2010-01-21 08:05 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2000-05-24 02:45 . 2000-05-24 02:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2011-09-16 01:41 . 2011-09-16 01:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-08 00:51 . 2007-06-08 00:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2011-07-27 09:58 . 2011-07-27 09:58 439160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETUP.EXE
+ 2011-07-27 09:54 . 2011-07-27 09:54 503184 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SELFCERT.EXE
+ 2011-05-27 02:13 . 2011-05-27 02:13 368520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PPSLAX.DLL
+ 2011-07-27 09:36 . 2011-07-27 09:36 481640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PORTCONN.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2011-07-27 10:17 . 2011-07-27 10:17 284560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISGRAPH.DLL
+ 2011-07-27 10:16 . 2011-07-27 10:16 997768 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISAPP.DLL
+ 2011-07-27 10:16 . 2011-07-27 10:16 273792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OIS.EXE
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 231864 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ODEPLOY.EXE
+ 2011-07-20 10:22 . 2011-07-20 10:22 538968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORES.DLL
+ 2011-07-20 10:22 . 2011-07-20 10:22 144728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORE.EXE
+ 2011-07-20 10:22 . 2011-07-20 10:22 832360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORDB.EXE
+ 2000-05-24 02:45 . 2000-05-24 02:45 118784 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2009-02-26 03:02 . 2009-02-26 03:02 504176 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSOAP30.DLL
+ 2011-07-27 11:10 . 2011-07-27 11:10 670560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSQRY32.EXE
+ 2011-05-31 22:19 . 2011-05-31 22:19 732000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSPROOF6.DLL
+ 2009-02-26 02:46 . 2009-02-26 02:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-27 09:53 . 2011-07-27 09:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2011-07-27 09:34 . 2011-07-27 09:34 160632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCF.DLL
+ 2011-06-23 14:54 . 2011-06-23 14:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2011-07-20 10:22 . 2011-07-20 10:22 828264 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MEDCAT.DLL
+ 2011-07-27 22:49 . 2011-07-27 22:49 177536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IETAG.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2009-02-26 17:09 . 2009-02-26 17:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-07-27 10:13 . 2011-07-27 10:13 434080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DWTRIG20.EXE
+ 2011-07-27 10:13 . 2011-07-27 10:13 439128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DWDCW20.DLL
+ 2011-07-27 09:53 . 2011-07-27 09:53 105872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DSSM.EXE
+ 2011-07-27 09:53 . 2011-07-27 09:53 188800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CONTACTPICKER.DLL
+ 2011-07-27 11:13 . 2011-07-27 11:13 204664 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CLVIEW.EXE
+ 2011-07-27 11:20 . 2011-07-27 11:20 400216 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CDLMSO.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 370608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEXBE.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 223152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACETXT.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 550840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEREP.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 288688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER3X.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 255920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER2X.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 391096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEPDE.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 378808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEOLEDB.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 278912 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODBC.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 206776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACELTS.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 632752 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCL.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 337848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCH.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 186304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEES.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 571320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEDAO.DLL
+ 2011-07-27 09:41 . 2011-07-27 09:41 763848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNF.DLL
+ 2006-10-27 20:35 . 2006-10-27 20:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2012-01-03 20:27 . 2012-01-03 20:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ad7b6c15\System.Drawing.dll
+ 2012-01-03 20:32 . 2012-01-03 20:32 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_42f81284\System.Drawing.Design.dll
+ 2012-01-03 20:32 . 2012-01-03 20:32 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4614edf7\CustomMarshalers.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-03 21:33 . 2012-01-03 21:33 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-08-11 06:46 . 2011-10-14 07:11 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-08-11 06:46 . 2011-10-14 07:11 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-01-21 08:08 . 2010-01-21 08:08 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-01-03 20:07 . 2012-01-03 20:07 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-01-03 20:06 . 2012-01-03 20:07 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-12 14:03 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2011-07-07 07:28 . 2011-07-07 07:28 1193320 c:\windows\system32\FM20.DLL
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 16:07 . 2011-12-25 16:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 16:06 . 2011-12-25 16:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 16:06 . 2011-12-25 16:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 03:54 . 2011-12-25 03:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 03:53 . 2011-12-25 03:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 16:06 . 2011-12-25 16:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\1732f8.msp
+ 2011-09-15 23:40 . 2011-09-15 23:40 7959552 c:\windows\Installer\1732cf.msp
+ 2011-09-15 23:35 . 2011-09-15 23:35 1411072 c:\windows\Installer\173021.msp
+ 2011-12-09 00:24 . 2011-12-09 00:24 4989952 c:\windows\Installer\14b1bc48.msp
- 2010-03-31 18:28 . 2011-12-16 08:12 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-03-31 18:28 . 2012-01-03 20:08 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-18 22:11 . 2011-12-16 08:12 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-18 22:11 . 2012-01-11 20:53 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 03:10 . 2009-10-10 03:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2006-10-27 00:25 . 2006-10-27 00:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-17 14:49 . 2011-08-17 14:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-20 13:12 . 2011-07-20 13:12 3750776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWER.DLL
+ 2011-06-29 12:02 . 2011-06-29 12:02 1846656 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWDWG.DLL
+ 2009-10-10 03:10 . 2009-10-10 03:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-27 23:15 . 2011-07-27 23:15 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\STSLIST.DLL
+ 2011-07-27 09:59 . 2011-07-27 09:59 6540136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OSETUP.DLL
+ 2011-07-07 07:58 . 2011-07-07 07:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 10:51 . 2011-07-27 10:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-08-03 05:14 . 2011-08-03 05:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2011-07-20 10:31 . 2011-07-20 10:31 1523632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NLSD0000.DLL
+ 2011-05-27 00:28 . 2011-05-27 00:28 6637952 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORES.DLL
+ 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-06-22 13:16 . 2011-06-22 13:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2011-07-07 07:28 . 2011-07-07 07:28 1193320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FM20.DLL
+ 2011-08-03 23:27 . 2011-08-03 23:27 1415072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECORE.DLL
+ 2012-01-03 20:24 . 2012-01-03 20:24 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_de97a6fb\System.dll
+ 2012-01-03 20:32 . 2012-01-03 20:32 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_32cc7679\System.dll
+ 2012-01-03 20:26 . 2012-01-03 20:26 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f26922e6\System.Xml.dll
+ 2012-01-03 20:33 . 2012-01-03 20:33 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4a43582c\System.Xml.dll
+ 2012-01-03 20:33 . 2012-01-03 20:33 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f996213d\System.Windows.Forms.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b34237cf\System.Windows.Forms.dll
+ 2012-01-03 20:33 . 2012-01-03 20:33 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_775f00f0\System.Drawing.dll
+ 2012-01-03 20:26 . 2012-01-03 20:26 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b583e9c9\System.Design.dll
+ 2012-01-03 20:33 . 2012-01-03 20:33 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_051d1baf\System.Design.dll
+ 2012-01-03 20:34 . 2012-01-03 20:34 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b3fe976b\mscorlib.dll
+ 2012-01-03 20:27 . 2012-01-03 20:27 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_59fdce8f\mscorlib.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-03 21:33 . 2012-01-03 21:33 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-03 21:35 . 2012-01-03 21:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 1554944 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\7af7d9fe19608a8c502202973ae269bc\Intuit.Ctg.Map.ni.dll
+ 2011-06-16 07:20 . 2012-01-03 20:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-16 07:20 . 2011-10-14 07:12 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 07:20 . 2011-10-14 07:12 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-08 07:00 . 2010-10-08 07:00 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-03 20:17 . 2012-01-03 20:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-14 07:11 . 2011-10-14 07:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-03 20:25 . 2012-01-03 20:25 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-16 07:20 . 2011-10-14 07:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-16 07:20 . 2012-01-03 20:25 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 07:01 . 2011-10-14 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-03 20:20 . 2012-01-03 20:20 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-03 20:20 . 2012-01-03 20:20 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-03 20:20 . 2012-01-03 20:20 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-03 20:07 . 2012-01-03 20:07 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-09-07 18:52 . 2012-01-11 20:54 52128560 c:\windows\system32\MRT.exe
+ 2011-12-26 22:02 . 2011-12-26 22:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 14:02 . 2011-12-26 14:02 19677184 c:\windows\Installer\1732ef.msp
+ 2011-09-15 23:39 . 2011-09-15 23:39 11163136 c:\windows\Installer\1732c6.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 10838528 c:\windows\Installer\1732bb.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 16691712 c:\windows\Installer\17303c.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 34428416 c:\windows\Installer\173022.msp
+ 2011-09-16 01:42 . 2011-09-16 01:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-17 15:01 . 2011-08-17 15:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-01-03 21:34 . 2012-01-03 21:34 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-03 21:34 . 2012-01-03 21:34 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-03 20:28 . 2012-01-03 20:28 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2011-09-15 23:34 . 2011-09-15 23:34 428804608 c:\windows\Installer\1731e7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2012-01-24 18:15 2716992 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater"=2 (0x2)
"dlcf_device"=2 (0x2)
"avg9wd"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/3/2012 5:00 PM 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/3/2012 5:00 PM 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/3/2012 5:00 PM 20568]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 4:06 PM 290832]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [4/12/2011 9:21 PM 689392]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [7/15/2010 3:48 PM 844688]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 4:54 AM 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 4:54 AM 185640]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/7/2012 11:18 AM 27064]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [7/15/2010 3:48 PM 1662352]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2012 3:40 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2012 3:40 PM 136176]
S4 mp3_downloadmanager_service;mp3_downloadmanager_service;c:\program files\Verizon Wireless\mp3_downloadmanager_service.exe [12/17/2009 2:08 PM 139776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-27 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2012-01-24 18:15]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 20:40]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 11:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-1500820517-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,c2,39,b4,a5,46,09,43,8f,c9,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,c2,39,b4,a5,46,09,43,8f,c9,32,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,c2,39,b4,a5,46,09,43,8f,c9,32,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-09 11:54:09
ComboFix-quarantined-files.txt 2012-02-09 16:54
ComboFix2.txt 2012-01-03 01:01
.
Pre-Run: 23,321,571,328 bytes free
Post-Run: 23,319,642,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8FA30A3FBF7F9F66124F6B1589E1BF83

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 03:23 PM

OK, nothing stands out in any of the logs. You said it was slow...when and how is it slow? Booting up? Web surfing, etc.?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 07:26 PM

Booting up mostly but it could be due to it being an old single core processor setup? Just want to make sure it's cleaned up for now
more than anything.

I'm spoiled with a 6 core proccy so maybe I'm forgetting the lack of speed factor lol.

#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 07:56 PM

I'm following up with defragger and have shut down System Restore to create a fresh/clean backup on restart. Ok finished, I'm now showing 3 blocks (pink, red, pink) in that order in defraggler and the only file showing up as not defragged is the pagefile.sys?

#12 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2012 - 08:35 PM

I've tried using the Microsoft Fix It as well as changing the the dword value in regedit HKEY_LOCALMACHINE to enable Clear PageSystem file on shutdown but it repeatedly comes up with the same byte value in defrag?

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 21 February 2012 - 06:44 AM

You can't defrag the pagefile. If you want to defrag it, you'll need to disable the pagefile, reboot and defrag, then reenable the pagefile. Or, you can install PageDefrag by Microsoft Sysinternals. Once you install this, it will degrag your page file and registry hives on every boot. The first time it may take a while, after that, it only takes a few minutes. If you want to do the manual approach, let me know and I'll provide instructions.

Also, time to cleanup...please press the "Clean Up" button in OTL.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 21 February 2012 - 05:08 PM

Thank you etavares for your help. I'll leave the pagefile.sys alone for now since it won't do any damage to anything. Did the clean up in OTL and removed all the unnecessary apps.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 21 February 2012 - 06:50 PM

No problem. I did have a typo..it only takes a few SECONDS on boot, not minutes with the PageDefrag.

There are some unneeded startup apps we can disable and a few other tweaks we can do to improve boot time. Let me know if you want to work on that.

PS> Please also let me know if you want to be conservative, moderate or aggressive in what we disable to improve boot time. We can always start on one end and work the other way if needed.

Edited by etavares, 21 February 2012 - 06:51 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users