Please help - Malware Infection Keeps Returning

  1. 06-08-2011  #1
    JuniorLu
    JuniorLu is offline Junior Member

    Please help - Malware Infection Keeps Returning

    Greetings,

    You helped me with essentially the same issue on another computer a few months ago, and I'm in serious need of help on another machine. After the last time this problem returned on this computer, I shut it down and packed it away while our family moved. As soon as I put it back together, I used MBAM to remove it again as well as it could. However, since it's been a couple months since I saw the malware popup window, I don't recall exactly the wording for this infection. Regardless, here are the scans I've run over the past couple days. I normally use AVG Anti-virus, but I've uninstalled it temporarily because in the past I had been told that it interfered with some of the logging/removal tools. I will reinstall it when you instruct me to.

    Thank you in advance for your help. You all are fantastic! And now, here are the logs:

    >>>> MBAM <<<<
    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7366

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    8/3/2011 6:00:30 PM
    mbam-log-2011-08-03 (18-00-30).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 275875
    Time elapsed: 2 hour(s), 38 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    >>>> GMER <<<<
    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-08-04 21:43:42
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-75JHA0 rev.05.01C05
    Running: dvi5z9wt.exe; Driver: C:\DOCUME~1\JOHNLU~1\LOCALS~1\Temp\kxrciuod.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB984BF80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[320] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Plus 6.1/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    Device \FileSystem\Fastfat \Fat B028CC8A

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 6000 E609a Series@ChangeID 97406593

    ---- EOF - GMER 1.0.15 ----

    >>>> aswMBR <<<<
    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-04 21:44:12
    -----------------------------
    21:44:12.062 OS Version: Windows 5.1.2600 Service Pack 2
    21:44:12.062 Number of processors: 1 586 0x303
    21:44:12.062 ComputerName: DELL-FAMILY UserName: John Lulich
    21:44:12.921 Initialize success
    21:44:45.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    21:44:45.375 Disk 0 Vendor: WDC_WD400BB-75JHA0 05.01C05 Size: 38146MB BusType: 3
    21:44:45.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    21:44:45.390 Disk 1 Vendor: WDC_WD400BB-53DEA0 05.03E05 Size: 38166MB BusType: 3
    21:44:45.468 Disk 0 MBR read successfully
    21:44:45.484 Disk 0 MBR scan
    21:44:45.500 Disk 0 unknown MBR code
    21:44:45.562 Disk 0 scanning sectors +78108030
    21:44:46.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:46:09.953 Service scanning
    21:46:13.609 Modules scanning
    21:47:55.171 Disk 0 trace - called modules:
    21:47:55.281 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    21:47:55.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a413ab8]
    21:47:55.312 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a3fdd98]
    21:47:55.328 Scan finished successfully
    00:00:26.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Lulich\Desktop\MBR.dat"
    00:00:26.390 The log file has been saved successfully to "C:\Documents and Settings\John Lulich\Desktop\aswMBR_0804.txt"


    >>>> DDS (log 1) <<<<
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by John Lulich at 0:19:30 on 2011-08-06
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.837 [GMT -4:00]
    .
    FW: McAfee Personal Firewall Plus *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Page =
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant =
    uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: Game Master 1.1 Toolbar: {7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\game_master_1.1\prxtbGame.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\bh\Ba bylonToolbar.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Game Master 1.1 Toolbar: {7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\game_master_1.1\prxtbGame.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\s wg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\Babyl onToolbarTlbr.dll
    TB: Game Master 1.1 Toolbar: {7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\game_master_1.1\prxtbGame.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Pl ugin.exe -update plugin
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
    mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
    mRun: [AS00_WN311B] c:\program files\netgear\wn311b\utility\WN311B.exe -hide
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [RunNarrator] Narrator.exe
    uPolicies-explorer: NoRecentDocsNetHood = 01000000
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: &Search
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll/cmsidewiki.html
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\john lulich\application data\mozilla\firefox\profiles\ij1ko6fq.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm0176SUS&ptb=NtcMhgxLIyxAGvOkW p2rjQ&ind=2011020717&ptnrS=GRxdm0176SUS&si=&n=77dd bdad&psa=&st=kwd&searchfor=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\john lulich\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\john lulich\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\john lulich\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-6 64160]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFi rewall.sys [2005-1-27 67584]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-23 88176]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-9-23 598856]
    R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2011-8-3 16194]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 135664]
    S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiF iltr.sys [2005-1-27 23888]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\Syna sUSB.sys [2007-11-28 16896]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
    S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-1-27 225401]
    S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-1-27 245760]
    S4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-1-27 131072]
    .
    =============== Created Last 30 ================
    .
    2011-08-03 17:38:30 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
    2011-08-03 1646 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
    2011-08-03 1646 135265 ----a-w- c:\windows\system32\AW32n50.dll
    2011-08-03 1646 102400 ----a-w- c:\windows\system32\ASupplicant.dll
    2011-08-03 1644 -------- d-----w- c:\program files\NETGEAR
    .
    ==================== Find3M ====================
    .
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-23 17:26:36 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    .
    ============= FINISH: 0:20:09.43 ===============


    >>>> DDS (log 2 - the file that it says should be zipped) <<<<
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/2/2005 7:52:10 PM
    System Uptime: 8/3/2011 2:30:42 PM (58 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F8403
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 34 GiB total, 1.788 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 37 GiB total, 15.86 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: RangeMax(tm) NEXT Wireless Adapter WN311B
    Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&1C6 60DD6&0&00F0
    Manufacturer: NETGEAR
    Name: RangeMax(tm) NEXT Wireless Adapter WN311B
    PNP Device ID: PCI\VEN_14E4&DEV_4329&SUBSYS_7D001385&REV_01\4&1C6 60DD6&0&00F0
    Service: BCM43XX
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 6000 E609a
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6000 E609a
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 6000 E609a
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet 6000 E609a
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP284: 4/4/2011 5:25:02 PM - Installed TurboTax 2010 wrapper
    RP285: 4/4/2011 5:36:33 PM - Installed TurboTax 2010 wmiiper
    RP286: 8/3/2011 1243 PM - Installed RangeMax(tm) NEXT Wireless Adapter WN311B
    RP287: 8/3/2011 1:03:58 PM - Installed RangeMax(tm) NEXT Wireless Adapter WN311B
    RP288: 8/3/2011 1:29:33 PM - Removed RangeMax(tm) NEXT Wireless Adapter WN311B
    RP289: 8/3/2011 1:38:28 PM - Installed RangeMax(tm) NEXT Wireless Adapter WN311B
    RP290: 8/3/2011 1:53:29 PM - Unsigned driver install
    .
    ==== Installed Programs ======================
    .
    .
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BBC iPlayer Desktop
    Bonjour
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Game Master 1.1 Toolbar
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HijackThis 2.0.2
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee SiteAdvisor
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Mozilla Firefox (3.6.18)
    My Wal-Mart Digital Photo Center
    QuickTime
    RangeMax(tm) NEXT Wireless Adapter WN311B
    Steam
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wmiiper
    TurboTax 2010 wrapper
    WinPump
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2011 5:50:39 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    8/4/2011 5:34:50 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    8/4/2011 5:28:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    8/3/2011 2:18:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD3-2166-11D1-B1D0-00805FC1270E}
    8/3/2011 2:18:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD8-2166-11D1-B1D0-00805FC1270E}
    8/3/2011 1:20:46 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/3/2011 1:07:40 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    8/3/2011 1:05:22 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/3/2011 1:02:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    8/3/2011 1:02:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/1/2011 7:50:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/1/2011 7:49:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips IntelIde intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    8/1/2011 7:49:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/1/2011 7:49:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/1/2011 7:49:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/1/2011 7:49:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/1/2011 7:49:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/1/2011 6:23:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    .
    ==== End Of File ===========================
  2. 07-08-2011  #2
    broni
    broni is offline Senior Member
    Instead of AVG install one of these:
    - Avast! free antivirus: avast! Free Antivirus - Download Software for Virus Protection
    - Avira free antivirus: Avira AntiVir Personal - Free Antivirus
    You don't want to be without any AV program.

    Then...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. 07-08-2011  #3
    JuniorLu
    JuniorLu is offline Junior Member
    Thank you again for the help. Here are the logs you requested. I'm installing the new anti-virus software now that these scans have completed.

    >>>> COMBOFIX <<<<
    ComboFix 11-08-07.01 - John Lulich 08/07/2011 13:50:33.8.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.826 [GMT -4:00]
    Running from: c:\documents and settings\John Lulich\Desktop\ComboFix.exe
    FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\John Lulich\Application Data\PriceGong
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\John Lulich\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\John Lulich\lame_enc_en.dll
    c:\documents and settings\John Lulich\lametritonus_en.dll
    c:\documents and settings\John Lulich\WINDOWS
    C:\readme.txt
    F:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MYWEBSEARCHSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-03 17:38 . 2008-11-06 20:33 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
    2011-08-03 16:56 . 2007-01-18 14:29 102400 ----a-w- c:\windows\system32\ASupplicant.dll
    2011-08-03 16:56 . 2006-09-18 12:25 135265 ----a-w- c:\windows\system32\AW32n50.dll
    2011-08-03 16:56 . 2002-04-11 21:43 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
    2011-08-03 16:56 . 2011-08-03 16:56 -------- d-----w- c:\program files\NETGEAR
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2011-07-06 23:52 . 2008-12-29 21:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-06 23:52 . 2008-12-29 21:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-23 17:26 . 2011-05-23 17:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2010-04-27_03.20.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
    + 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
    + 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
    + 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3 b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 45416 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Ap plication.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f\Intuit.Spc.Esd.WinClient.Application.U pdate.exe
    + 2011-04-04 21:27 . 2011-04-04 21:27 40296 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Ap plication.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47\Intuit.Spc.Esd.WinClient.Application.C onfigUXv2.exe
    + 2011-08-07 18:04 . 2011-08-07 18:04 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
    + 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
    - 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
    + 2011-03-19 00:23 . 2011-01-20 16:26 43520 c:\windows\system32\sutil32.dll
    + 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
    + 2004-08-10 18:51 . 2011-08-07 18:08 71732 c:\windows\system32\perfc009.dat
    - 2004-08-10 18:51 . 2010-03-19 03:06 71732 c:\windows\system32\perfc009.dat
    + 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll
    + 2006-11-08 02:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
    - 2006-11-08 02:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
    + 2010-10-07 17:23 . 2010-10-07 17:23 75040 c:\windows\system32\jdns_sd.dll
    + 2011-01-20 22:43 . 2010-09-28 20:44 41984 c:\windows\system32\DRVSTORE\usbaapl_DECA0B1148634 48FE4957E5F5676B09528A18C9F\usbaapl.sys
    + 2011-01-20 22:43 . 2010-04-20 01:29 18432 c:\windows\system32\DRVSTORE\netaapl_A0C073C413771 6F9478B8B08B2873A7AB3AECF72\netaapl.sys
    + 2011-01-20 22:50 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF063 6A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
    + 2006-07-14 19:03 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
    + 2010-10-07 17:23 . 2010-10-07 17:23 91424 c:\windows\system32\dnssd.dll
    - 2009-09-23 20:40 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-09-23 20:40 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2007-05-09 21:03 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2007-05-09 21:03 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-10 18:50 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
    + 2004-08-10 18:50 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    - 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbsc mp20_mscorlib.dll
    + 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspn et_wp.exe
    + 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Security.dll
    + 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor sn.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor sn.dll
    + 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ie.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ie.dll
    + 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPe rfMonExt.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPe rfMonExt.dll
    - 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_wp.exe
    + 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_wp.exe
    + 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_filter.dll
    - 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_filter.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfco unter.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorw ks.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_util s.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.ente rpriseservices.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data .dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.conf iguration.install.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dl l
    + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dl l
    + 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.j script.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreade r.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2011-04-04 21:36 . 2011-04-04 21:36 43008 c:\windows\Installer\58deefd.msi
    + 2011-02-08 01:04 . 2011-02-08 01:04 67584 c:\windows\Installer\58de885.msp
    + 2011-04-04 21:25 . 2011-04-04 21:25 25088 c:\windows\Installer\58de85f.msi
    + 2011-05-23 17:24 . 2011-05-23 17:24 21504 c:\windows\Installer\3a8dcb6.msi
    + 2011-05-23 17:24 . 2011-05-23 17:24 28160 c:\windows\Installer\3a8dcb0.msi
    + 2011-08-04 05:45 . 2011-08-04 05:45 22016 c:\windows\Installer\269e50c.msi
    + 2011-04-05 01:08 . 2011-04-05 01:08 20480 c:\windows\Installer\145baf7.msp
    + 2010-05-30 11:21 . 2010-05-30 11:21 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74_1.exe
    + 2011-01-20 22:44 . 2011-01-20 22:44 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74_1.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4C DCBDCF41F6A74.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CD CBDCF41F6A74.exe
    + 2011-05-30 11:02 . 2011-05-30 11:02 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
    + 2011-01-05 22:32 . 2011-01-05 22:32 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-10-20 21:24 . 2010-10-20 21:24 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A 4CDCBDCF41F6A74_1.exe
    + 2011-02-06 22:04 . 2011-02-06 22:04 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
    + 2010-06-14 01:40 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_54b07 b1b\System.Drawing.Design.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 61440 c:\windows\assembly\NativeImages1_v1.1.4322\Custom Marshalers\1.0.5000.0__b03f5f7f11d50a3a_eee8ee70\C ustomMarshalers.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationProvider\ea1b4fbde0e772748c6ac42d627cf684 \UIAutomationProvider.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM \f5ca8192575b862b04fa08ac9d5a55e0\TVM.ni.dll
    + 2011-04-04 21:31 . 2011-04-04 21:31 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM \73ec6c93094cb38d198fb3e5b2096ae6\TVM.ni.dll
    + 2010-07-05 07:08 . 2010-07-05 07:08 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18 \System.Windows.Presentation.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0 \System.Windows.Presentation.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\1464c662c302ea6372a885161b983732 \System.Web.DynamicData.Design.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855 \System.ComponentModel.DataAnnotations.ni.dll
    + 2010-06-14 01:39 . 2010-06-14 01:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFontCac#\e67992626a30603458b0df22841c2423 \PresentationFontCache.ni.exe
    + 2010-07-05 07:05 . 2010-07-05 07:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFontCac#\18729514178d458aa1225dd068718d4e \PresentationFontCache.ni.exe
    + 2010-06-14 01:38 . 2010-06-14 01:38 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c \PresentationCFFRasterizer.ni.dll
    + 2010-07-05 07:05 . 2010-07-05 07:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d \PresentationCFFRasterizer.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Vsa\4a52287444c36c89310856b38ff52fe0\Micros oft.Vsa.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Wte.Inte#\2b967e0259f64f4f456a882701890582 \Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.W asHosting\3.0.0.0__b77a5c561934e089\System.Service Model.WasHosting.dll
    - 2009-09-15 07:08 . 2009-09-15 07:08 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.W asHosting\3.0.0.0__b77a5c561934e089\System.Service Model.WasHosting.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 21864 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Shared UIToolkit\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.M ap.SharedUIToolkit.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 49000 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickB aseClient\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.M ap.QuickBaseClient.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix .XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit .Spc.Map.Metrix.XmlSerializers.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 79208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5 .0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdPar ty.MajesticHTMLParser\5.0.136.0__7ce6deabcb36a8ea\ Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 18792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540 d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remotin g.UpdateServiceWorker.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 46952 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateServicePlugin\3.1.31.0__540d 4816ead86321\Intuit.Spc.Esd.WinClient.Application. UpdateServicePlugin.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 23912 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateService\1.0.0.0__540d4816ead 86321\Intuit.Spc.Esd.WinClient.Application.UpdateS ervice.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 12136 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateService.PluginContract\1.0.0 .0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Appl ication.UpdateService.PluginContract.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 45416 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.Update\3.1.31.0__540d4816ead86321\ Intuit.Spc.Esd.WinClient.Application.Update.exe
    + 2011-04-04 21:27 . 2011-04-04 21:27 40296 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.ConfigUXv2\3.1.31.0__540d4816ead86 321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv 2.exe
    + 2011-04-04 21:27 . 2011-04-04 21:27 54632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .DataAccess.XmlSerializers\3.1.31.0__540d4816ead86 321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializer s.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 70504 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd. Client.Common.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0 __b03f5f7f11d50a3a\System.Security.dll
    + 2010-05-31 07:00 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
    + 2010-05-31 07:00 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange .dll
    + 2010-06-14 01:40 . 2004-08-04 11:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
    + 2010-06-14 01:43 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
    + 2010-06-14 01:43 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980218\spmsg.dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB980195\spmsg.dll
    + 2010-05-03 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
    + 2010-04-26 02:35 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
    + 2010-05-03 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
    + 2010-06-14 01:41 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
    + 2010-06-14 01:41 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979559\spmsg.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979482\spmsg.dll
    + 2010-03-05 14:52 . 2010-03-05 14:52 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
    + 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\$hf_mig$\KB979482\SP3GDR\asycfilt.dll
    + 2010-03-05 14:48 . 2010-03-05 14:48 65536 c:\windows\$hf_mig$\KB979482\SP2QFE\asycfilt.dll
    + 2010-05-17 07:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
    + 2010-05-17 07:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975562\spmsg.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
    + 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    + 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
    + 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
    + 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
    + 2004-08-10 18:51 . 2011-08-07 18:08 442466 c:\windows\system32\perfh009.dat
    - 2004-08-10 18:51 . 2010-03-19 03:06 442466 c:\windows\system32\perfh009.dat
    + 2004-08-10 18:51 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
    + 2006-11-08 02:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
    + 2009-11-07 05:07 . 2009-11-07 05:07 297808 c:\windows\system32\mscoree.dll
    + 2011-01-20 22:53 . 2011-03-26 21:25 170416 c:\windows\system32\mlfcache.dat
    + 2011-04-17 16:04 . 2011-04-17 16:04 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Pl ugin.exe
    + 2011-02-04 23:37 . 2011-02-04 23:37 153376 c:\windows\system32\javaws.exe
    + 2011-02-04 23:37 . 2011-02-04 23:37 145184 c:\windows\system32\javaw.exe
    + 2011-02-04 23:37 . 2011-02-04 23:37 145184 c:\windows\system32\java.exe
    - 2004-08-10 19:02 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
    + 2004-08-10 19:02 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-10 18:51 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-10 18:51 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
    + 2006-07-14 18:51 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
    + 2009-09-15 05:38 . 2011-04-05 17:52 704808 c:\windows\system32\FNTCACHE.DAT
    + 2011-01-20 22:50 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF063 6A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
    + 2010-10-07 17:23 . 2010-10-07 17:23 197920 c:\windows\system32\dnssdX.dll
    + 2010-10-07 17:23 . 2010-10-07 17:23 107808 c:\windows\system32\dns-sd.exe
    + 2004-08-10 18:51 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
    - 2006-10-17 17:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 17:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-05-10 05:23 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
    + 2006-05-10 05:23 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-05-09 21:03 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
    + 2004-08-10 19:02 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
    - 2004-08-10 19:02 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
    - 2009-09-23 20:40 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-09-23 20:40 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-10 19:24 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2006-11-07 08:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2006-11-07 08:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2004-08-10 18:50 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
    - 2004-08-10 18:50 . 2004-08-04 11:00 285696 c:\windows\system32\dllcache\atmfd.dll
    + 2011-02-04 23:37 . 2011-02-04 23:37 472808 c:\windows\system32\deployJava1.dll
    + 2004-08-10 18:50 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
    - 2004-08-10 18:50 . 2004-08-04 11:00 285696 c:\windows\system32\atmfd.dll
    + 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationHostDLL.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    - 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webe ngine.dll
    - 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Security.dll
    + 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Security.dll
    + 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ld.dll
    - 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor ld.dll
    + 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor jit.dll
    - 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor jit.dll
    - 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll
    + 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspne t_isapi.dll
    + 2010-12-26 23:41 . 2010-12-26 23:41 228352 c:\windows\Installer\fa825.msi
    + 2011-04-04 21:31 . 2011-04-04 21:31 115712 c:\windows\Installer\58de878.msi
    + 2011-04-04 21:30 . 2011-04-04 21:30 113152 c:\windows\Installer\58de86e.msi
    + 2011-01-20 22:42 . 2011-01-20 22:42 811008 c:\windows\Installer\35b7d9.msi
    + 2011-08-03 16:56 . 2011-08-03 16:56 331264 c:\windows\Installer\2f1cd.msi
    + 2011-02-04 23:38 . 2011-02-04 23:38 180224 c:\windows\Installer\2ba5463.msi
    + 2011-02-04 23:37 . 2011-02-04 23:37 676352 c:\windows\Installer\2ba545d.msi
    + 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\24af824.msp
    + 2011-01-05 22:32 . 2011-01-05 22:32 381440 c:\windows\Installer\153caa.msi
    + 2011-06-19 11:57 . 2011-06-19 11:57 620032 c:\windows\Installer\12100816.msi
    + 2011-01-20 22:50 . 2011-01-20 22:50 380928 c:\windows\Installer\{881F5DE8-9367-4B81-A325-E91BBC6472F9}\iTunesIco.exe
    + 2010-06-14 01:40 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    + 2010-06-14 01:40 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2010-06-14 01:40 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    + 2010-06-14 01:40 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    + 2010-06-14 01:40 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2010-06-14 01:43 . 2010-06-14 01:43 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_04e04174\Sys tem.Drawing.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_87832 653\System.Drawing.Design.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 118784 c:\windows\assembly\NativeImages1_v1.1.4322\Custom Marshalers\1.0.5000.0__b03f5f7f11d50a3a_8554cfd8\C ustomMarshalers.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\Wsa tConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfi g.ni.exe
    + 2010-07-05 07:06 . 2010-07-05 07:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae \WindowsFormsIntegration.ni.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2 \WindowsFormsIntegration.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClient\4131a3627fec69291dbaed236f30dc65\U IAutomationClient.ni.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClient\3a78043c85333d5af49a0d958912ae4a\U IAutomationClient.ni.dll
    + 2010-06-15 18:32 . 2010-06-15 18:32 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml.Linq\747e84d81d1de2041661f0f71b04734a\Syst em.Xml.Linq.ni.dll
    + 2011-04-04 21:31 . 2011-04-04 21:31 116736 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Inte#\6e0dac68091dfda2701a1982fa0960b7 \System.Windows.Interactivity.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\S ystem.Web.Routing.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.RegularE#\436dde9611932489da3dc8a1be170843 \System.Web.RegularExpressions.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed \System.Web.Extensions.Design.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\Sy stem.Web.Entity.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5 \System.Web.Entity.Design.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68 \System.Web.DynamicData.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72 \System.Web.Abstractions.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\9c56656c88979cf18de6cbcb6587ba8f\ System.Transactions.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4 \System.ServiceProcess.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Security\42b2ffb594dbd5652a576a0dce28722c\Syst em.Security.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19 \System.Runtime.Serialization.Formatters.Soap.ni.d ll
    + 2010-06-14 11:03 . 2010-06-14 11:03 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4 \System.Runtime.Remoting.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Ne t.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\16670b6870746e5a8dc4a73a76a90bed\Sy stem.Management.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management.I#\e6bd59fec415e273c173170c6508180a \System.Management.Instrumentation.ni.dll
    + 2010-06-14 11:01 . 2010-06-14 11:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System .IO.Log.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47 \System.IdentityModel.Selectors.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771 \System.EnterpriseServices.Wrapper.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771 \System.EnterpriseServices.ni.dll
    + 2010-06-14 01:41 . 2010-06-14 01:41 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818 \System.Drawing.Design.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8 \System.DirectoryServices.Protocols.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\277619716d9136216065bea970365c65 \System.DirectoryServices.AccountManagement.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Service#\90b67e13866b176ae6cbdb23144f724d \System.Data.Services.Client.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Service#\131a477d41a8669b15696128b94c2636 \System.Data.Services.Design.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea \System.Data.Entity.Design.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb \System.Data.DataSetExtensions.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\631b3eba1ba5bd3c3f027f34011cadeb \System.Configuration.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84 \System.Configuration.Install.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.AddIn\849916c5cb3ff7763d15a3976766c2f6\System. AddIn.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMS vcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost. ni.exe
    + 2010-06-14 11:02 . 2010-06-14 11:02 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMD iagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiag nostics.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\Ser viceModelReg\5c8f5ca36498f43980d64820d8186c8a\Serv iceModelReg.ni.exe
    + 2010-06-14 01:40 . 2010-06-14 01:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\ae733e4062edba3a33bb0a632bef66bf \PresentationFramework.Royale.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\a10c2c7e38291c3ada631ad13e762818 \PresentationFramework.Aero.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\7579c76fa81eb309d3170b62467be58d \PresentationFramework.Luna.ni.dll
    + 2010-06-14 01:39 . 2010-06-14 01:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\3ffad524016f0aba7b11a8aa33301a65 \PresentationFramework.Aero.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\3bef0992fb684e71dbfab5c0a99316af \PresentationFramework.Classic.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\2f6687d394813d760496f60acf046384 \PresentationFramework.Royale.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\201968d038a23a4688310fed1eeaddaa \PresentationFramework.Classic.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d \PresentationFramework.Luna.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSB uild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.e xe
    + 2010-06-14 11:02 . 2010-06-14 11:02 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de \Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359 \Microsoft.Build.Utilities.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Uti#\2fa81d363cb1496be2427d848a867409 \Microsoft.Build.Utilities.v3.5.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c \Microsoft.Build.Engine.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830 \Microsoft.Build.Conversion.v3.5.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log 4net\0d1d7db780983cb87a5a57df91d5b638\log4net.ni.d ll
    + 2010-07-05 07:08 . 2010-07-05 07:08 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Wte.Serv#\f2c67cbe366423483f1c49e8763f5437 \Intuit.Ctg.Wte.Service.Interface.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Wte.Serv#\ee4b28ccc0ab28595776250c9387a2b5 \Intuit.Ctg.Wte.Service.Interface.ni.dll
    + 2011-04-04 21:31 . 2011-04-04 21:31 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Wte.Serv#\b5b6287859eea760e4bffeab08420532 \Intuit.Ctg.Wte.Service.Interface.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inf ragistics2.Share#\177cc2a7203c7ffdb17a15d26b4f5f66 \Infragistics2.Shared.v8.2.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\Com SvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcC onfig.ni.exe
    + 2010-06-14 11:02 . 2010-06-14 11:02 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\Asp NetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetM MCExt.ni.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
    - 2009-10-19 07:08 . 2009-10-19 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization\3.0.0.0__b77a5c561934e089\System.Runtime.S erialization.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\ 3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0 __b77a5c561934e089\SMdiagnostics.dll
    - 2009-09-15 07:07 . 2009-09-15 07:07 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0 __b77a5c561934e089\SMdiagnostics.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    - 2009-10-19 07:08 . 2009-10-19 07:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
    - 2009-10-19 07:08 . 2009-10-19 07:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 409960 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Window sFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Int uit.Spc.Map.WindowsFirewallUtilities.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 114024 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search \5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search .dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 476520 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Report er\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Repo rter.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 226664 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Report er.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intu it.Spc.Map.Reporter.XmlSerializers.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 214376 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickB aseClient.XmlSerializers\5.0.136.0__7ce6deabcb36a8 ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.d ll
    + 2011-04-04 21:27 . 2011-04-04 21:27 122728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix \5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix .dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 181608 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdPar ty.SharpZipLib\5.0.136.0__7ce6deabcb36a8ea\Intuit. Spc.Map.3rdParty.SharpZipLib.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 402792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdPar ty.Lucene\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.M ap.3rdParty.Lucene.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 357736 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UX\3.1.31.0__540d4816ead86321\Intu it.Spc.Esd.WinClient.Application.UX.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 421224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc. Esd.WinClient.Api.Net.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 269672 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3 .1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 206184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.X mlSerializers\3.1.26.0__540d4816ead86321\Intuit.Sp c.Esd.Core.XmlSerializers.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 120168 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc. Esd.Client.DataAccess.dll
    + 2011-04-04 21:27 . 2011-04-04 21:27 121704 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.S pc.Esd.Client.BusinessLogic.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
    + 2010-05-31 07:00 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi .dll
    + 2010-05-31 07:00 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst .exe
    + 2010-06-14 01:43 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\spuninst\updspapi .dll
    + 2010-06-14 01:43 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst\spuninst .exe
    + 2010-06-14 01:43 . 2004-08-04 11:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\spuninst\updspapi .dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst\spuninst .exe
    + 2010-05-03 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi .dll
    + 2010-05-03 07:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst .exe
    + 2010-06-14 01:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\spuninst\updspapi .dll
    + 2010-06-14 01:41 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst\spuninst .exe
    + 2010-06-14 01:40 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979482$\spuninst\updspapi .dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979482$\spuninst\spuninst .exe
    + 2010-06-14 01:31 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB979332_WM9L$\spuninst\upd spapi.dll
    + 2010-06-14 01:31 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB979332_WM9L$\spuninst\spu ninst.exe
    + 2010-06-14 01:40 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\upds papi.dll
    + 2010-06-14 01:40 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spun inst.exe
    + 2010-05-17 07:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi .dll
    + 2010-05-17 07:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst .exe
    + 2010-05-17 07:01 . 2008-04-11 18:50 683520 c:\windows\$NtUninstallKB978542$\inetcomm.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\spuninst\updspapi .dll
    + 2010-06-14 01:40 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst\spuninst .exe
    + 2010-06-14 01:41 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
    + 2010-06-14 01:41 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
    + 2010-06-14 01:40 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
    + 2010-06-10 19:25 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
    + 2010-06-10 19:25 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
    + 2010-06-10 19:24 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
    + 2010-06-14 01:43 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
    + 2010-06-14 01:43 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980218\update\update.exe
    + 2010-06-14 01:43 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980218\spuninst.exe
    + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
    + 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\$hf_mig$\KB980218\SP3GDR\atmfd.dll
    + 2010-04-20 05:42 . 2010-04-20 05:42 285824 c:\windows\$hf_mig$\KB980218\SP2QFE\atmfd.dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
    + 2010-06-14 01:43 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB980195\update\update.exe
    + 2010-06-14 01:43 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB980195\spuninst.exe
    + 2010-05-03 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
    + 2010-05-03 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
    + 2010-05-03 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
    + 2010-06-14 01:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
    + 2010-06-14 01:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979559\update\update.exe
    + 2010-06-14 01:41 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979559\spuninst.exe
    + 2010-06-14 01:40 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979482\update\update.exe
    + 2010-06-14 01:40 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979482\spuninst.exe
    + 2010-05-17 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
    + 2010-05-17 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
    + 2010-05-17 07:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
    + 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
    + 2010-01-29 15:01 . 2010-01-29 15:01 691712 c:\windows\$hf_mig$\KB978542\SP3GDR\inetcomm.dll
    + 2010-01-29 14:45 . 2010-01-29 14:45 683520 c:\windows\$hf_mig$\KB978542\SP2QFE\inetcomm.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
    + 2010-06-14 01:40 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975562\update\update.exe
    + 2010-06-14 01:40 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975562\spuninst.exe
    + 2007-11-07 06:19 . 2007-11-07 06:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
    + 2007-11-07 06:19 . 2007-11-07 06:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
    + 2004-08-10 18:51 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
    + 2004-08-10 18:51 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
    - 2004-08-10 18:51 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
    - 2004-08-10 18:51 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
    + 2004-08-10 18:51 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
    + 2004-08-10 18:51 . 2010-02-16 13:19 2181376 c:\windows\system32\ntoskrnl.exe
    + 2004-08-04 04:59 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe
    + 2004-08-10 18:51 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
    + 2009-07-18 03:21 . 2011-04-17 16:04 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2006-10-17 16:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
    - 2006-10-17 16:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
    + 2007-06-13 07:35 . 2003-06-20 17:28 1777664 c:\windows\system32\GdiPlus.dll
    + 2011-01-20 22:43 . 2010-09-28 20:44 4184352 c:\windows\system32\DRVSTORE\usbaapl_DECA0B1148634 48FE4957E5F5676B09528A18C9F\usbaaplrc.dll
    + 2011-01-20 22:43 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_A0C073C413771 6F9478B8B08B2873A7AB3AECF72\wdfcoinstaller01009.dl l
    + 2004-08-10 18:51 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
    + 2004-08-10 18:51 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
    + 2004-08-10 18:51 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
    - 2004-08-10 18:51 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
    - 2004-08-10 18:51 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
    + 2004-08-10 18:51 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
    + 2004-08-10 18:51 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2006-12-19 12:55 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2004-08-04 04:59 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2006-12-19 14:15 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2006-11-08 05:06 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
    + 2004-08-10 18:51 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
    + 2007-05-09 21:03 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
    - 2007-05-09 21:03 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
    + 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
    - 2010-03-14 22:18 . 2009-11-03 17:07 1970176 c:\windows\system32\d3dx9.dll
    + 2010-03-14 22:18 . 2009-11-03 18:07 1970176 c:\windows\system32\d3dx9.dll
    + 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    - 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Web.dll
    + 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.Web.dll
    + 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Syst em.dll
    + 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Web.dll
    - 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.Web.dll
    + 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.dll
    - 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Syste m.dll
    + 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor wks.dll
    - 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor wks.dll
    + 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor svr.dll
    + 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor lib.dll
    - 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscor lib.dll
    - 2010-01-01 21:15 . 2010-04-25 17:42 3817984 c:\windows\Installer\f80f1.msi
    + 2010-01-01 21:15 . 2011-08-03 17:46 3817984 c:\windows\Installer\f80f1.msi
    + 2011-05-30 11:02 . 2011-05-30 11:02 1529344 c:\windows\Installer\d23d730.msi
    + 2011-03-22 05:48 . 2011-03-22 05:48 6420480 c:\windows\Installer\58deef7.msp
    + 2011-03-22 05:46 . 2011-03-22 05:46 8997888 c:\windows\Installer\58dee6d.msp
    + 2011-03-15 03:58 . 2011-03-15 03:58 1558016 c:\windows\Installer\58de8aa.msp
    + 2011-04-04 21:27 . 2011-04-04 21:27 3258368 c:\windows\Installer\58de86a.msi
    + 2011-02-06 22:04 . 2011-02-06 22:04 1094144 c:\windows\Installer\4952871.msi
    + 2011-01-20 22:50 . 2011-01-20 22:50 6248448 c:\windows\Installer\35bb9f.msi
    + 2011-01-20 22:46 . 2011-01-20 22:46 9472000 c:\windows\Installer\35bad5.msi
    + 2011-01-20 22:44 . 2011-01-20 22:44 1554944 c:\windows\Installer\35b835.msi
    + 2011-01-20 22:43 . 2011-01-20 22:43 3085312 c:\windows\Installer\35b7e7.msi
    + 2011-01-20 22:43 . 2011-01-20 22:43 1984000 c:\windows\Installer\35b7e1.msi
    + 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\2a56cfcf.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\24af831.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\24af830.msp
    + 2011-04-07 02:25 . 2011-04-07 02:25 3211264 c:\windows\Installer\145bb46.msp
    + 2011-04-05 01:06 . 2011-04-05 01:06 1221632 c:\windows\Installer\145baef.msp
    + 2011-04-14 00:17 . 2011-04-14 00:17 1981760 c:\windows\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe
    + 2010-06-14 01:40 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    + 2010-06-14 01:40 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    + 2005-03-02 00:59 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2005-03-02 00:34 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2005-03-02 00:34 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2005-03-02 00:57 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2010-06-14 01:43 . 2010-06-14 01:43 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System \1.0.5000.0__b77a5c561934e089_a7df7f89\System.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System \1.0.5000.0__b77a5c561934e089_9b8306dd\System.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System .Xml\1.0.5000.0__b77a5c561934e089_859024cf\System. Xml.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System .Xml\1.0.5000.0__b77a5c561934e089_4baff607\System. Xml.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_481c9b 8e\System.Windows.Forms.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System .Windows.Forms\1.0.5000.0__b77a5c561934e089_4369ab 5d\System.Windows.Forms.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System .Drawing\1.0.5000.0__b03f5f7f11d50a3a_f78624d7\Sys tem.Drawing.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_988d859e\Syst em.Design.dll
    + 2010-06-14 10:58 . 2010-06-14 10:58 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System .Design\1.0.5000.0__b03f5f7f11d50a3a_0521ea92\Syst em.Design.dll
    + 2010-06-14 10:59 . 2010-06-14 10:59 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_b580e467\mscorlib. dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_013aa10c\mscorlib. dll
    + 2010-06-14 01:38 . 2010-06-14 01:38 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\f231461883859922a040002dddfb7b12\WindowsB ase.ni.dll
    + 2010-07-05 07:05 . 2010-07-05 07:05 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsB ase.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClients#\d8549ce90b26cdc3071224ab6f020189 \UIAutomationClientsideProviders.ni.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIA utomationClients#\48b66876f72f472db62de48ae4369406 \UIAutomationClientsideProviders.ni.dll
    + 2011-04-04 21:31 . 2011-04-04 21:31 3353600 c:\windows\assembly\NativeImages_v2.0.50727_32\tta x\efe72767e75518e450ea03519a576f72\ttax.ni.dll
    + 2010-07-05 07:08 . 2010-07-05 07:08 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\tta x\6399ee51705d16350bb41d8be71a945a\ttax.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\tta x\628773e1d2583be210e3211cd1d15ffc\ttax.ni.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 7946240 c:\windows\assembly\NativeImages_v2.0.50727_32\Tem p\ZAPE9C.tmp\System.dll
    + 2010-06-14 01:38 . 2010-06-14 01:38 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem\37217abe2c5164e59aba251860f4c79e\System.ni.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\563a54b98adb70fae862974042298348\System.Xm l.ni.dll
    + 2010-06-15 18:32 . 2010-06-15 18:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559 \System.WorkflowServices.ni.dll
    + 2010-06-15 18:32 . 2010-06-15 18:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Run#\6dacae37d337004345518976fb57099e \System.Workflow.Runtime.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd \System.Workflow.Activities.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\8ef8d556899a4a10b7f288a80925489f\ System.Web.Services.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\Sy stem.Web.Mobile.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb \System.Web.Extensions.ni.dll
    + 2010-06-14 01:41 . 2010-06-14 01:41 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Speech\2d6a5dbee4506bf643b853e41668afa3\System .Speech.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b \System.ServiceModel.Web.ni.dll
    + 2010-06-14 11:01 . 2010-06-14 11:01 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95 \System.Runtime.Serialization.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\af217ef58e5558991f331d482c2bdba6\Syst em.Printing.ni.dll
    + 2010-06-14 01:41 . 2010-06-14 01:41 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Printing\161b423dc4e86e569af019e838d39de5\Syst em.Printing.ni.dll
    + 2010-06-14 11:01 . 2010-06-14 11:01 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1 \System.IdentityModel.ni.dll
    + 2010-06-14 01:41 . 2010-06-14 01:41 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\f3440ea00eb3c40dc073b2fe03843638\Syste m.Drawing.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0 \System.DirectoryServices.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Deployment\b81efadfee7702624b713c6d86f7e369\Sy stem.Deployment.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\50130ef751b98a4a11bd4ab73af7cab5\System.D ata.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\S ystem.Data.SqlXml.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Services\5e6311aff5ada83d0f854922fa62faf6 \System.Data.Services.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff \System.Data.OracleClient.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\Sys tem.Data.Linq.ni.dll
    + 2010-06-15 18:31 . 2010-06-15 18:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.Entity\6abf820d8ec57a0561c3367727d274df\S ystem.Data.Entity.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Core\e98726349766935ec0e9b980f19a046a\System.C ore.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\fc373f0a8dbd173c63b6b95551b1c673\Reach Framework.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Rea chFramework\57abb757c1f38586390dcc63bf056322\Reach Framework.ni.dll
    + 2010-06-14 01:40 . 2010-06-14 01:40 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\Prese ntationUI.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationUI\0095ba60255d4addaf5b8ebee697a027\Prese ntationUI.ni.dll
    + 2010-06-14 01:38 . 2010-06-14 01:38 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80 \PresentationBuildTasks.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\935b855860088a86bb65d37a19f059cc \Microsoft.VisualBasic.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Transacti#\7a266de493d30eed21cb60ebe300be53 \Microsoft.Transactions.Bridge.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Mi crosoft.JScript.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef \Microsoft.Build.Tasks.v3.5.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Tas#\3815de5b052187b5d9375681a6784255 \Microsoft.Build.Tasks.ni.dll
    + 2010-06-14 11:05 . 2010-06-14 11:05 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224 \Microsoft.Build.Engine.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Map\e339b9f03b9ddde085e58a17991830b8\Intui t.Ctg.Map.ni.dll
    + 2010-07-05 07:08 . 2010-07-05 07:08 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Map\46438daef51377a6499ed66e4fc9bd5e\Intui t.Ctg.Map.ni.dll
    + 2011-04-04 21:31 . 2011-04-04 21:31 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Int uit.Ctg.Map\059cebdddf2126ba965832396603a1ce\Intui t.Ctg.Map.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Inf ragistics2.Win.M#\14b1fba4c3f1f9126f5bf2d093c7878c \Infragistics2.Win.Misc.v8.2.ni.dll
    + 2010-07-05 07:04 . 2010-07-05 07:04 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__ 31bf3856ad364e35\WindowsBase.dll
    + 2010-07-05 07:03 . 2010-07-05 07:03 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
    + 2010-07-05 07:03 . 2010-07-05 07:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-06-14 01:37 . 2010-06-14 01:37 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3 .0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
    + 2010-07-05 07:04 . 2010-07-05 07:04 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework \3.0.0.0__31bf3856ad364e35\PresentationFramework.d ll
    + 2010-07-05 07:02 . 2010-07-05 07:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
    + 2010-07-05 07:04 . 2010-07-05 07:04 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
    - 2009-09-15 07:08 . 2009-09-15 07:08 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0. 0__31bf3856ad364e35\PresentationCore.dll
    - 2009-10-19 07:08 . 2009-10-19 07:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
    + 2010-07-05 07:02 . 2010-07-05 07:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
    - 2009-10-19 07:02 . 2009-10-19 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c5 61934e089\System.dll
    + 2010-06-14 01:43 . 2010-06-14 01:43 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c5 61934e089\System.dll
    - 2009-10-19 07:02 . 2009-10-19 07:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2010-06-14 01:42 . 2010-06-14 01:42 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03 f5f7f11d50a3a\System.Web.dll
    + 2010-05-03 07:02 . 2009-08-04 14:00 2180352 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
    + 2010-05-03 07:02 . 2009-08-04 13:13 2015744 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
    + 2010-05-03 07:02 . 2009-08-04 13:13 2057728 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
    + 2010-05-03 07:02 . 2009-08-04 13:58 2136064 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
    + 2010-06-14 01:41 . 2009-08-14 12:19 1850112 c:\windows\$NtUninstallKB979559$\win32k.sys
    + 2010-06-14 01:31 . 2002-12-11 23:38 1491456 c:\windows\$NtUninstallKB979332_WM9L$\wmenceng.dll
    + 2010-06-14 01:40 . 2009-05-20 08:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
    + 2010-05-17 07:01 . 2007-05-16 15:12 1314816 c:\windows\$NtUninstallKB978542$\msoe.dll
    + 2010-06-14 01:40 . 2009-11-27 17:33 1291264 c:\windows\$NtUninstallKB975562$\quartz.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
    + 2010-06-10 19:24 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
    + 2010-04-26 02:35 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    + 2010-04-26 02:35 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
    + 2010-04-26 02:35 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    + 2010-04-26 02:35 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
    + 2010-02-17 13:10 . 2010-02-17 13:10 2189952 c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
    + 2010-04-26 02:35 . 2010-02-16 13:25 2024448 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrpamp.exe
    + 2010-04-26 02:35 . 2010-02-16 13:25 2066816 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
    + 2010-04-26 02:35 . 2010-02-16 14:08 2146304 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlmp.exe
    + 2010-04-26 02:35 . 2010-02-16 17:37 2186880 c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
    + 2010-04-26 02:35 . 2010-02-16 16:57 2021888 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrpamp.exe
    + 2010-02-17 15:57 . 2010-02-17 15:57 2063744 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
    + 2010-04-26 02:35 . 2010-02-16 17:35 2143744 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlmp.exe
    + 2010-05-02 06:34 . 2010-05-02 06:34 1860352 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
    + 2010-05-02 05:22 . 2010-05-02 05:22 1851264 c:\windows\$hf_mig$\KB979559\SP3GDR\win32k.sys
    + 2010-05-02 07:09 . 2010-05-02 07:09 1859968 c:\windows\$hf_mig$\KB979559\SP2QFE\win32k.sys
    + 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
    + 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\$hf_mig$\KB978542\SP3GDR\msoe.dll
    + 2010-01-29 14:45 . 2010-01-29 14:45 1315840 c:\windows\$hf_mig$\KB978542\SP2QFE\msoe.dll
    + 2010-02-05 18:29 . 2010-02-05 18:29 1291776 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
    + 2010-02-05 18:27 . 2010-02-05 18:27 1291776 c:\windows\$hf_mig$\KB975562\SP3GDR\quartz.dll
    + 2010-02-05 18:14 . 2010-02-05 18:14 1291776 c:\windows\$hf_mig$\KB975562\SP2QFE\quartz.dll
    + 2006-11-08 02:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
    + 2007-05-09 21:03 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
    + 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M979906\M979906Uninstall.msp
    + 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\2a56cfdc.msp
    + 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\24af85f.msp
    + 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\24af840.msp
    + 2010-06-14 01:40 . 2010-02-25 15:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    + 2010-06-14 01:41 . 2010-06-14 01:42 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2 \System.Windows.Forms.ni.dll
    + 2010-06-14 11:03 . 2010-06-14 11:03 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\d987cf1de4ba688da92e212a374232c2\System.We b.ni.dll
    + 2010-06-14 11:02 . 2010-06-14 11:02 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\ System.ServiceModel.ni.dll
    + 2010-06-14 01:41 . 2010-06-14 01:41 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Design\f352c5cb50bee105e4c873ca050f9f46\System .Design.ni.dll
    + 2010-06-14 01:39 . 2010-06-14 01:39 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a \PresentationFramework.ni.dll
    + 2010-07-05 07:06 . 2010-07-05 07:06 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\560662ada034afb6ec78a152bd9a47b5 \PresentationFramework.ni.dll
    + 2010-06-14 01:38 . 2010-06-14 01:38 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\ba8f917fd89d7afa8885c2a326379f03\Pre sentationCore.ni.dll
    + 2010-07-05 07:05 . 2010-07-05 07:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\Pre sentationCore.ni.dll
    + 2010-06-14 11:04 . 2010-06-14 11:04 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Inf ragistics2.Win.v#\11d673bb82cafa0715d9f61eddf63dfb \Infragistics2.Win.v8.2.ni.dll
    + 2010-05-06 20:06 . 2010-05-06 20:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-28 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpda te.exe" [2005-03-07 180224]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent .exe" [2005-03-07 278528]
    "AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2008-09-17 3002368]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoRecentDocsNetHood"= 01000000
    .
    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk
    backup=c:\windows\pss\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^John Lulich^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=c:\documents and settings\John Lulich\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^John Lulich^Start Menu^Programs^Startup^dmaupd32.exe]
    path=c:\documents and settings\John Lulich\Start Menu\Programs\Startup\dmaupd32.exe
    backup=c:\windows\pss\dmaupd32.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^John Lulich^Start Menu^Programs^Startup^MEMonitor.lnk]
    path=c:\documents and settings\John Lulich\Start Menu\Programs\Startup\MEMonitor.lnk
    backup=c:\windows\pss\MEMonitor.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-01-21 21:24 136176 ----atw- c:\documents and settings\John Lulich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 02:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-08-20 14:54 150016 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    2005-03-07 20:05 278528 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    2005-03-07 20:07 180224 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    2005-04-05 18:41 950272 ----a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    2005-03-23 21:33 126976 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-03-23 20:47 1111040 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
    2004-10-31 17:21 408576 ----a-w- c:\dell\PREODM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\searchbar]
    2007-03-15 02:50 3584 ----a-w- c:\windows\system32\vnmispoisn_downloader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-28 01:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2005-05-05 03:01 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    2005-03-19 00:28 196608 ----a-w- c:\progra~1\McAfee.com\VSO\mcvsshld.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    2005-03-02 23:19 143360 ----a-w- c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    2007-11-26 18:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MskService"=2 (0x2)
    "mcupdmgr.exe"=3 (0x3)
    "iPodService"=3 (0x3)
    "MCVSRte"=2 (0x2)
    "McShield"=3 (0x3)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "AntipPro2009_100"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "IntuitUpdateService"=2 (0x2)
    "ACDaemon"=2 (0x2)
    "stisvc"=3 (0x3)
    "Schedule"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/6/2009 9:56 PM 64160]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/23/2009 8:31 PM 88176]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [9/23/2009 9:12 PM 598856]
    R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [8/3/2011 12:56 PM 16194]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/22/2010 1:32 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/22/2010 1:32 PM 135664]
    S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiF iltr.sys [1/27/2005 8:52 PM 23888]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\Syna sUSB.sys [11/28/2007 5:56 AM 16896]
    S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc526 9bbc27e92.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 17:31]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1463360678-2404167404-3119206577-1006Core1cc208617428566.job
    - c:\documents and settings\John Lulich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 21:24]
    .
    2011-08-07 c:\windows\Tasks\McAfee.com Update Check (DELL-FAMILY-John Lulich).job
    - c:\progra~1\mcafee.com\agent\mcupdate.exe [2005-01-28 20:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm0176SUS&ptb=NtcMhgxLIyxAGvOkW p2rjQ&ind=2011020717&ptnrS=GRxdm0176SUS&si=&n=77dd bdad&psa=&st=kwd&searchfor=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\Game_Master_1.1\prxtbGame.dll
    BHO-{7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\Game_Master_1.1\prxtbGame.dll
    Toolbar-{7846ae31-bea2-438a-8f5e-2d899361656c} - c:\program files\Game_Master_1.1\prxtbGame.dll
    WebBrowser-{7846AE31-BEA2-438A-8F5E-2D899361656C} - c:\program files\Game_Master_1.1\prxtbGame.dll
    MSConfigStartUp-3317478323 - c:\documents and settings\John Lulich\Local Settings\Application Data\iae.exe
    MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\Babyl onToolbarsrv.exe
    MSConfigStartUp-SansaDispatch - c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
    MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
    AddRemove-Game_Master_1.1 Toolbar - c:\program files\Game_Master_1.1\uninstall.exe
    .
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-08-07 14:05
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1908)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    .
    ************************************************** ************************
    .
    Completion time: 2011-08-07 14:15:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-07 18:15
    ComboFix2.txt 2010-05-01 05:44
    ComboFix3.txt 2010-04-30 04:28
    ComboFix4.txt 2010-04-29 11:38
    ComboFix5.txt 2011-08-07 17:47
    .
    Pre-Run: 1,826,828,288 bytes free
    Post-Run: 3,140,673,536 bytes free
    .
    - - End Of File - - 6ECBBF391375F6EF7F1EB11E0F7874E8


    >>>> RKILL <<<<
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 08/07/2011 at 14:16:55.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 08/07/2011 at 14:17:05.
  4. 07-08-2011  #4
    broni
    broni is offline Senior Member
    Good

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. 07-08-2011  #5
    JuniorLu
    JuniorLu is offline Junior Member
    Thank you again for your help. It is very much appreciated! The computer is working well at the moment. I ran the OTL scan, and here are the logs you requested:

    >>>> OTL.txt <<<<
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    >>>> Extras.txt <<<<
    OTL Extras logfile created on: 8/7/2011 2:32:40 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Lulich\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 57.06% Memory free
    5.11 Gb Paging File | 4.78 Gb Available in Paging File | 93.54% Paging File free
    Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.44 Gb Total Space | 2.72 Gb Free Space | 7.89% Space Free | Partition Type: NTFS
    Drive F: | 37.27 Gb Total Space | 15.81 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

    Computer Name: DELL-FAMILY | User Name: John Lulich | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
    Directory [UnzipThemAll] -- "C:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm. exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdow nloadgui -- ()
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
    "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager -- (Intuit, Inc.)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager -- (Intuit, Inc.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm. exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
    "{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax(tm) NEXT Wireless Adapter WN311B
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{503F62C9-99C2-376A-9B74-AB03E7CDB980}" = Google Talk Plugin
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD 723A6DA9D.1" = BBC iPlayer Desktop
    "conduitEngine" = Conduit Engine
    "HijackThis" = HijackThis 2.0.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
    "TurboTax 2010" = TurboTax 2010

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
    "{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}" = My Wal-Mart Digital Photo Center
    "WinPump" = WinPump

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/5/2011 3:37:57 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/5/2011 3:38:00 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/5/2011 4:16:05 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application audacity.exe, version 0.0.0.0, faulting module
    audacity.exe, version 0.0.0.0, fault address 0x00095f61.

    Error - 6/5/2011 4:16:19 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application audacity.exe, version 0.0.0.0, faulting module
    audacity.exe, version 0.0.0.0, fault address 0x00095f61.

    Error - 6/5/2011 5:52:14 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
    winword.exe, version 9.0.0.2717, fault address 0x0064e6c7.

    Error - 6/10/2011 8:30:35 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/10/2011 8:30:37 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/10/2011 8:30:40 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
    module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

    Error - 6/30/2011 10:48:39 AM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/30/2011 4:59:11 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ Application Events ]
    Error - 6/5/2011 3:37:57 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/5/2011 3:38:00 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/5/2011 4:16:05 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application audacity.exe, version 0.0.0.0, faulting module
    audacity.exe, version 0.0.0.0, fault address 0x00095f61.

    Error - 6/5/2011 4:16:19 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application audacity.exe, version 0.0.0.0, faulting module
    audacity.exe, version 0.0.0.0, fault address 0x00095f61.

    Error - 6/5/2011 5:52:14 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
    winword.exe, version 9.0.0.2717, fault address 0x0064e6c7.

    Error - 6/10/2011 8:30:35 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/10/2011 8:30:37 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/10/2011 8:30:40 PM | Computer Name = DELL-FAMILY | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
    module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

    Error - 6/30/2011 10:48:39 AM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/30/2011 4:59:11 PM | Computer Name = DELL-FAMILY | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 8/4/2011 5:36:30 PM | Computer Name = DELL-FAMILY | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/4/2011 5:50:39 PM | Computer Name = DELL-FAMILY | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/4/2011 5:50:39 PM | Computer Name = DELL-FAMILY | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 8/4/2011 9:43:28 PM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/5/2011 12:00:19 AM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/6/2011 1211 AM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/6/2011 1236 AM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/6/2011 12:28:47 AM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 8/7/2011 2:04:32 PM | Computer Name = DELL-FAMILY | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Beep

    Error - 8/7/2011 2:05:02 PM | Computer Name = DELL-FAMILY | Source = DCOM | ID = 10010
    Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
    with DCOM within the required timeout.


    < End of report >
  6. 07-08-2011  #6
    broni
    broni is offline Senior Member
    Good but I still need OTL.txt log.
    What you did, you reposted my scropt.
    Extras.txt log is fine.
  7. 07-08-2011  #7
    JuniorLu
    JuniorLu is offline Junior Member
    Sorry! My mistake...here is the OTL log.

    OTL logfile created on: 8/7/2011 2:32:40 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Lulich\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 57.06% Memory free
    5.11 Gb Paging File | 4.78 Gb Available in Paging File | 93.54% Paging File free
    Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.44 Gb Total Space | 2.72 Gb Free Space | 7.89% Space Free | Partition Type: NTFS
    Drive F: | 37.27 Gb Total Space | 15.81 Gb Free Space | 42.43% Space Free | Partition Type: NTFS

    Computer Name: DELL-FAMILY | User Name: John Lulich | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/07 14:31:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Lulich\Desktop\OTL.exe
    PRC - [2011/07/04 07:59:59 | 003,485,480 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
    PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/06/26 11:09:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/09/17 17:17:50 | 003,002,368 | ---- | M] (Foxconn Corporation) -- C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
    PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/11/14 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/08/07 14:31:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Lulich\Desktop\OTL.exe
    MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2003/11/14 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
    MOD - [2003/11/14 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/07/03 10:49:06 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
    SRV - [2008/10/16 19:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
    SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
    SRV - [2005/04/05 17:56:16 | 000,956,928 | ---- | M] (McAfee Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
    SRV - [2005/04/05 14:40:06 | 000,552,960 | ---- | M] (McAfee Corporation) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
    SRV - [2005/03/18 20:27:58 | 000,131,072 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
    SRV - [2005/03/07 16:05:56 | 000,245,760 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
    SRV - [2003/03/26 16:51:00 | 000,225,401 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2008/11/06 16:33:38 | 001,286,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN311B.sys -- (BCM43XX)
    DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/05/04 17:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2005/06/15 10:55:53 | 000,004,096 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2005/04/05 12:49:14 | 000,067,584 | ---- | M] (McAfee Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
    DRV - [2004/09/17 17:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2003/11/07 10:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
    DRV - [2003/11/07 10:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
    DRV - [2002/11/25 12:46:00 | 000,016,896 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynasUSB.sys -- (SynasUSB)
    DRV - [2002/09/20 16:51:00 | 000,023,888 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NaiFiltr.sys -- (NaiFiltr)
    DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
    DRV - [2001/04/09 13:03:00 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm0176SUS&ptb=NtcMhgxLIyxAGvOkW p2rjQ&ind=2011020717&ptnrS=GRxdm0176SUS&si=&n=77dd bdad&psa=&st=kwd&searchfor="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\John Lulich\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\John Lulich\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Lulich\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Lulich\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/05 23:12:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 17:36:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 07:24:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 11:09:30 | 000,000,000 | ---D | M]

    [2009/01/10 21:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Extensions
    [2011/08/06 00:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\ext ensions
    [2009/09/20 21:13:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/06/20 23:10:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\ext ensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2010/02/28 11:54:48 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\askcom.xml
    [2009/12/07 18:59:52 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\dictionarycom.xml
    [2011/02/07 20:29:58 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\mywebsearch.xml
    [2008/10/30 21:53:08 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\wikipedia-en.xml
    [2009/12/11 17:23:24 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\youtube-video-search.xml
    [2011/08/06 00:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/04 19:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/04 19:37:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/05/25 17:36:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2008/07/13 17:28:11 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
    [2011/02/04 19:37:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/08/07 14:04:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\s wg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
    O3 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [AS00_WN311B] C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (Foxconn Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
    O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
    O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
    O7 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5 017F567343CA.dll (Google Inc.)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\John Lulich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Lulich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/07 14:31:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Lulich\Desktop\OTL.exe
    [2011/08/07 14:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/08/07 14:26:10 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/08/07 14:26:09 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/08/07 14:25:59 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/08/07 14:25:58 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/08/07 14:25:57 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/08/07 14:25:56 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/08/07 14:25:56 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/08/07 14:25:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/08/07 14:25:14 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/08/07 14:25:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/08/07 14:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/08/07 14:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/08/07 13:47:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/08/07 13:47:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/08/07 13:47:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/08/07 13:47:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/08/07 13:42:11 | 004,166,457 | R--- | C] (Swearware) -- C:\Documents and Settings\John Lulich\Desktop\ComboFix.exe
    [2011/08/04 17:23:08 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\John Lulich\Desktop\dds.scr
    [2011/08/04 17:22:56 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John Lulich\Desktop\aswMBR.exe
    [2011/08/03 14:30:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John Lulich\Recent
    [2011/08/03 12:56:46 | 000,135,265 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\AW32n50.dll
    [2011/08/03 12:56:46 | 000,016,194 | ---- | C] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\System32\AWINDIS5.SYS
    [2011/08/03 12:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
    [2011/08/03 12:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN311B Smart Wizard
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/07 14:31:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Lulich\Desktop\OTL.exe
    [2011/08/07 14:26:13 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/08/07 14:25:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/08/07 14:08:41 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/07 14:08:40 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/07 14:04:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/08/07 13:45:10 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\rkill.com
    [2011/08/07 13:44:27 | 056,727,728 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\setup_av_free.exe
    [2011/08/07 13:42:19 | 004,166,457 | R--- | M] (Swearware) -- C:\Documents and Settings\John Lulich\Desktop\ComboFix.exe
    [2011/08/06 00:38:08 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\Shortcut to Network Connections.lnk
    [2011/08/06 00:22:33 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\Shortcut to Wireless Network Connection.lnk
    [2011/08/05 00:00:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\MBR.dat
    [2011/08/04 17:23:41 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John Lulich\Desktop\aswMBR.exe
    [2011/08/04 17:23:04 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\John Lulich\Desktop\dds.scr
    [2011/08/04 17:22:27 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\dvi5z9wt.exe
    [2011/08/04 01:45:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc526 9bbc27e92.job
    [2011/08/03 13:38:29 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WN311B Smart Wizard.lnk
    [2011/08/03 12:54:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/07 14:26:13 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/08/07 13:47:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/08/07 13:47:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/08/07 13:47:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/08/07 13:47:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/08/07 13:47:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/08/07 13:45:11 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\rkill.com
    [2011/08/07 13:41:55 | 056,727,728 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\setup_av_free.exe
    [2011/08/06 00:38:08 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\Shortcut to Network Connections.lnk
    [2011/08/06 00:22:33 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\Shortcut to Wireless Network Connection.lnk
    [2011/08/05 00:00:26 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\MBR.dat
    [2011/08/04 17:22:29 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\John Lulich\Desktop\dvi5z9wt.exe
    [2011/08/04 01:45:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc526 9bbc27e92.job
    [2011/08/03 13:38:29 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WN311B Smart Wizard.lnk
    [2011/08/03 12:56:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ASupplicant.dll
    [2011/07/05 17:49:01 | 000,011,394 | -HS- | C] () -- C:\Documents and Settings\John Lulich\Local Settings\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj
    [2011/07/05 17:49:01 | 000,011,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj
    [2011/06/19 14:13:14 | 000,012,646 | -HS- | C] () -- C:\Documents and Settings\John Lulich\Local Settings\Application Data\uo6g70ger150gv8y5a8ec20r263037
    [2011/06/19 14:13:14 | 000,012,646 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uo6g70ger150gv8y5a8ec20r263037
    [2011/04/05 12:21:53 | 001,383,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/03/18 20:23:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\sutil32.dll
    [2011/01/20 18:53:54 | 000,170,416 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/11/30 20:18:13 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
    [2010/10/30 15:08:14 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\John Lulich\Application Data\boot.bat
    [2010/03/14 18:18:23 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
    [2010/02/23 20:19:19 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009/10/23 18:17:02 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\John Lulich\Application Data\FixVTS.ini
    [2009/10/09 19:22:46 | 000,176,220 | R--- | C] () -- C:\WINDOWS\hpwins24.dat
    [2009/10/09 19:22:45 | 000,001,879 | R--- | C] () -- C:\WINDOWS\hpwmdl24.dat
    [2009/09/21 21:18:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/09/15 01:38:04 | 000,704,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/08/06 22:18:31 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/11/11 23:07:45 | 000,127,782 | R--- | C] () -- C:\WINDOWS\hpgins24.dat
    [2008/11/11 23:07:45 | 000,000,308 | R--- | C] () -- C:\WINDOWS\hpgmdl24.dat
    [2008/05/09 17:50:17 | 000,000,493 | R--- | C] () -- C:\WINDOWS\EReg077.dat
    [2008/05/09 17:49:03 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SETUP32.INI
    [2008/04/12 17:25:35 | 000,000,000 | R--- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/02/07 15:23:06 | 000,000,000 | R--- | C] () -- C:\WINDOWS\ka.ini
    [2007/11/14 22:13:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
    [2007/08/08 01:32:39 | 000,000,000 | R--- | C] () -- C:\WINDOWS\iPlayer.INI
    [2007/06/04 00:02:35 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2007/06/04 00:02:35 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2007/06/03 05:32:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John Lulich\Application Data\$_hpcst$.hpc
    [2007/03/14 22:50:06 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\vnmispoisn_downloader.exe
    [2007/02/10 02:19:42 | 000,000,312 | R--- | C] () -- C:\WINDOWS\maketorrent.ini
    [2006/06/04 23:29:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/03/15 22:46:38 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
    [2006/03/15 22:46:38 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
    [2006/02/20 11:07:19 | 000,005,920 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypinfo.bin
    [2006/02/20 11:06:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
    [2005/11/16 18:07:00 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
    [2005/11/16 18:07:00 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
    [2005/11/16 18:07:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
    [2005/11/16 18:07:00 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
    [2005/11/08 19:09:42 | 000,000,082 | R--- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2005/11/08 19:07:18 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2005/11/08 19:07:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
    [2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
    [2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
    [2005/07/20 19:29:06 | 000,000,306 | R--- | C] () -- C:\WINDOWS\QTW.INI
    [2005/07/20 19:28:09 | 000,042,483 | R--- | C] () -- C:\WINDOWS\ICCCODES.DAT
    [2005/05/11 03:00:25 | 024,689,600 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
    [2005/04/20 20:38:52 | 000,129,024 | R--- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2005/04/06 21:07:24 | 000,000,048 | R--- | C] () -- C:\WINDOWS\PerWin.ini
    [2005/03/25 21:17:01 | 000,000,116 | R--- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2005/02/22 08:41:17 | 000,000,122 | R--- | C] () -- C:\WINDOWS\mdm.ini
    [2005/02/10 01:54:36 | 000,000,769 | R--- | C] () -- C:\WINDOWS\I_VIEW32.INI
    [2005/02/09 23:24:49 | 000,178,688 | ---- | C] () -- C:\Documents and Settings\John Lulich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/02/05 01:28:45 | 000,000,186 | R--- | C] () -- C:\WINDOWS\KPCMS.INI
    [2005/02/05 01:28:25 | 000,040,129 | R--- | C] () -- C:\WINDOWS\iccsigs.dat
    [2005/02/05 01:28:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2005/02/03 21:53:59 | 000,001,125 | R--- | C] () -- C:\WINDOWS\winamp.ini
    [2005/02/02 21:13:56 | 000,000,376 | R--- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/01/27 20:55:38 | 000,000,061 | R--- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/01/27 20:52:33 | 000,023,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
    [2005/01/27 20:48:59 | 000,001,567 | R--- | C] () -- C:\WINDOWS\wininit.ini
    [2005/01/27 20:29:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2005/01/27 20:29:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/01/27 20:27:44 | 000,000,524 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 15:12:05 | 000,000,882 | R--- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 15:07:31 | 000,002,048 | R-S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 14:57:52 | 000,004,161 | R--- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 14:51:20 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 14:51:20 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 14:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
    [2002/01/25 08:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
    [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
    [2002/01/25 08:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
    [2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
    [2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2011/08/07 14:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/09/23 20:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/01/20 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/08/06 21:51:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    [2005/12/01 22:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\.BitTornado
    [2010/03/25 18:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\4shared Desktop
    [2010/01/22 14:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Anvil Studio
    [2011/05/23 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73D DBBD723A6DA9D.1
    [2007/10/03 19:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\BitTorrent
    [2010/03/21 10:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\fofix
    [2010/03/21 11:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\fretsonfire
    [2009/01/05 00:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\FrostWire
    [2009/01/18 23:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Image Zone Express
    [2007/03/14 22:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Kazaa Lite
    [2005/02/06 16:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Leadertech
    [2010/03/21 09:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\LEGO Company
    [2007/01/11 23:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Printer Info Cache
    [2010/02/08 01:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\RipIt4Me
    [2009/09/02 10:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Skinux
    [2006/11/06 21:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Snapfish
    [2007/11/28 06:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Steinberg
    [2010/10/31 15:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Toolbar4
    [2007/02/10 03:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\uTorrent
    [2007/07/25 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Wal-Mart Digital Photo Manager
    [2007/07/25 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\Wal-Mart Digital Photo Viewer
    [2011/03/17 17:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Lulich\Application Data\WinPump
    [2009/10/23 22:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/08/07 14:03:44 | 000,113,116 | ---- | M] () -- C:\aaw7boot.log
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/04/25 17:17:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/06/19 20:28:04 | 000,000,281 | -HS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2011/08/07 14:15:42 | 000,115,755 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/01/27 20:32:24 | 000,003,717 | RH-- | M] () -- C:\dell.sdr
    [2001/09/13 17:43:10 | 007,980,198 | ---- | M] () -- C:\Dreamweaver 4 Bible.exe
    [2001/09/13 10:27:02 | 044,619,007 | ---- | M] (Macromedia) -- C:\Dreamweaver Fireworks Studio 4.exe
    [2001/09/19 08:31:26 | 000,184,950 | ---- | M] () -- C:\Dreamweaver Fireworks Studio Serial.bmp
    [2005/03/25 13:35:53 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/06/23 21:00:04 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2006/09/28 19:35:13 | 000,000,509 | -H-- | M] () -- C:\mIRC Shortcut.lnk
    [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2006/12/09 15:09:59 | 000,001,044 | ---- | M] () -- C:\net_save.dna
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [1997/04/08 09:27:18 | 000,490,096 | ---- | M] (Microsoft Corporation) -- C:\oadist.exe
    [2011/08/07 14:03:45 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/07 15:36:24 | 000,000,000 | ---- | M] () -- C:\regdump.arm9.txt
    [2011/08/07 14:17:05 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2007/08/11 03:11:44 | 000,511,488 | ---- | M] () -- C:\seminar.doc
    [2010/02/06 20:26:43 | 000,001,531 | ---- | M] () -- C:\SMax.log
    [2008/10/15 23:18:53 | 000,125,124 | ---- | M] () -- C:\Undo DELL-FAMILY 20081015 231853.Reg
    [2009/08/02 12:21:11 | 000,012,138 | ---- | M] () -- C:\virus report

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 15:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
    [2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082 .dll
    [2008/12/16 18:17:56 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp6en .dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2004/05/18 17:26:04 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Mail.url
    [2004/05/18 17:13:06 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo!.url

    < %APPDATA%\Microsoft\*.* >
    [2011/08/03 15:07:28 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2004/08/10 15:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/02/02 20:53:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/04 17:23:41 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John Lulich\Desktop\aswMBR.exe
    [2011/08/07 13:42:19 | 004,166,457 | R--- | M] (Swearware) -- C:\Documents and Settings\John Lulich\Desktop\ComboFix.exe
    [2011/08/04 17:22:27 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\dvi5z9wt.exe
    [2011/08/07 14:31:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Lulich\Desktop\OTL.exe
    [2011/08/07 13:44:27 | 056,727,728 | ---- | M] () -- C:\Documents and Settings\John Lulich\Desktop\setup_av_free.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/02/02 20:53:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\John Lulich\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/08/07 14:28:21 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\John Lulich\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/04 07:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 12:24:37 | 001,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2010/04/14 19:14:58 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
  8. 07-08-2011  #8
    broni
    broni is offline Senior Member
    1. Update your Java version here: Verify Java Version

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.


    ================================================== =========

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm0176SUS&ptb=NtcMhgxLIyxAGvOkWp2rjQ&ind=2011020717&ptnrS=GRxdm0176SUS&si=&n=77dd bdad&psa=&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
[2011/02/07 20:29:58 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\searchplugins\mywebsearch.xml
[2008/07/13 17:28:11 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O15 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/07/05 17:49:01 | 000,011,394 | -HS- | C] () -- C:\Documents and Settings\John Lulich\Local Settings\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj
[2011/07/05 17:49:01 | 000,011,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj
[2011/06/19 14:13:14 | 000,012,646 | -HS- | C] () -- C:\Documents and Settings\John Lulich\Local Settings\Application Data\uo6g70ger150gv8y5a8ec20r263037
[2011/06/19 14:13:14 | 000,012,646 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uo6g70ger150gv8y5a8ec20r263037
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files
C:\Program Files\MyWebSearch


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ================================================== =

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.



    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  9. 09-08-2011  #9
    JuniorLu
    JuniorLu is offline Junior Member
    Thank you again for your continued help! Java appeared to update successfully, and here are the remaining log files that you requested:

    >>>> JavaRa <<<<
    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Mon Aug 08 21:11:55 2011

    Found and removed: C:\Program Files\Java\j2re1.4.2_03

    Found and removed: C:\Program Files\Java\jre1.6.0_02

    Found and removed: C:\Documents and Settings\John Lulich\Application Data\Sun\Java\jre1.6.0_22

    Found and removed: C:\Documents and Settings\John Lulich\Application Data\Sun\Java\jre1.6.0_24

    Found and removed: C:\WINDOWS\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

    ------------------------------------

    Finished reporting.



    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Mon Aug 08 21:13:18 2011

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.142_03

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.4.2_03

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.4.2.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installe r\Folders\\C:\Program Files\Java\jre1.6.0_02\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.



    >>>> OTL <<<<
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD3 2-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    HKU\S-1-5-21-1463360678-2404167404-3119206577-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm0176SUS&ptb=NtcMhgxLIyxAGvOkW p2rjQ&ind=2011020717&ptnrS=GRxdm0176SUS&si=&n=77dd bdad&psa=&st=kwd&searchfor=" removed from keyword.URL
    Prefs.js: "127.0.0.1" removed from network.proxy.http
    Prefs.js: 50370 removed from network.proxy.http_port
    Prefs.js: 0 removed from network.proxy.type
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple. com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.c om/nsJSRealPlayerPlugin;version=\ deleted successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
    C:\Documents and Settings\John Lulich\Application Data\Mozilla\Firefox\Profiles\ij1ko6fq.default\sea rchplugins\mywebsearch.xml moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD73 8-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9888981 1-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1463360678-2404167404-3119206577-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\Documents and Settings\John Lulich\Local Settings\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj moved successfully.
    C:\Documents and Settings\All Users\Application Data\oho45670jhtln10456ryx7n76ua8ewi4y71308qj moved successfully.
    C:\Documents and Settings\John Lulich\Local Settings\Application Data\uo6g70ger150gv8y5a8ec20r263037 moved successfully.
    C:\Documents and Settings\All Users\Application Data\uo6g70ger150gv8y5a8ec20r263037 moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files\MyWebSearch not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33237 bytes
    ->Flash cache emptied: 56466 bytes

    User: John Lulich
    ->Temp folder emptied: 16205348 bytes
    ->Temporary Internet Files folder emptied: 949565 bytes
    ->Java cache emptied: 29912927 bytes
    ->FireFox cache emptied: 47261310 bytes
    ->Flash cache emptied: 296268 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 163974 bytes
    ->Flash cache emptied: 1197 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16167 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 78991 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 91.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: John Lulich
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 08082011_211617

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

    Registry entries deleted on Reboot...


    >>>> SecurityCheck <<<<
    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.2.159.1
    Mozilla Firefox (3.6.18)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````


    >>>> ESET <<<<
    C:\Program Files\Qoobox\Quarantine\C\WINDOWS\system32\_twext_ .exe.zip a variant of Win32/Kryptik.AOK trojan deleted - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nddeolsv.d ll.vir Win32/PSW.Papras.AW trojan cleaned by deleting - quarantined
    C:\WINDOWS\pss\dmaupd32.exeStartup a variant of Win32/Kryptik.AEX trojan cleaned by deleting - quarantined
  10. 10-08-2011  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Your computer is clean

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:


    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.


    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 3 installation!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): Secunia Personal Software Inspector (PSI) - Introduction. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

    13. Please, let me know, how your computer is doing.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« Looks like i got Google redirect virus | pls help , upload freezes everytime :( »